Local privilege escalation to root due to insecure tmp file usage

...

ALPINE-CVE-2020-8032

A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions...

CVE-2020-8032 Local privilege escalation to root due to insecure tmp file usage

A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions...

openSUSE 安全漏洞

openSUSE is a set of Linux-based free operating system and open source community project of the German SUSE company. A security vulnerability exists in openSUSE Factory 2.1.27-4.2 and prior versions, which stems from an insecure temporary file vulnerability that can be exploited by an attacker to...

RHEL 8 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0423 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Debian: Security Advisory (DLA-2555-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-8030

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...

CVE-2020-8027

A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE...

CVE-2020-8030

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...

CVE-2020-8027

CVE-2020-8027 affects openldap2 on SLES15-LTSS, SLES15 for SAP, openSUSE Leap 15.1/15.2, with insecure temporary file handling due to openldap_update_modules_path.sh starting daemons and using fixed paths in /tmp. Affected openldap2 versions are prior to 2.4.46-9.37.1 (SLES), prior to 2.4.46-9.37...

CVE-2020-8030 skuba: Insecure /tmp usage when joining node to cluster

A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform 4.5 allows local attackers to leak the bootstrapToken or modify the configuration file before it is processed, leading to arbitrary modifications of the machine/cluster...

CVE-2020-8030

CVE-2020-8030 affects SUSE CaaS Platform 4.5, specifically the scuba/skuba join workflow that uses insecure temporary files in /tmp. The root cause is insecure handling of temporary files, enabling a local attacker to leak the bootstrapToken or modify the configuration file before it is processed...

CVE-2021-23331 Insecure Temporary File

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

Insecure Temporary File

Overview com.squareup:connect is a stack of middleware that is executed in order in each request. Affected versions of this package are vulnerable to Insecure Temporary File. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like system...

GLSA-202011-18 : Apache Ant: Insecure temporary file

The remote host is affected by the vulnerability described in GLSA-202011-18 Apache Ant: Insecure temporary file A previous fix for a security vulnerability involving insecure temporary files has been found to be incomplete. Impact : A local attacker could perform symlink attacks to overwrite...

openSUSE: Security Advisory for ant (openSUSE-SU-2020:1022-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ansible -- Insecure Temporary File

NVD reports: An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running becomeuser from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems...

CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities...

CVE-2013-4280

CVE-2013-4280 affects RedHat vsdm 4.9.6 with an insecure temporary file vulnerability. The vulnerability’s impact is limited to integrity (I:H) with no confidentiality or availability impact per CVSS. It is a local-attack, low-complexity issue without required user interaction. Connected Nessus d...

CVE-2013-0180

Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds...