183 matches found
EUVD-2007-3836
Malware in sbrugna...
EUVD-2021-15292
Malware in sbrugna...
EUVD-2004-0421
Malware in sbrugna...
EUVD-2005-3121
Malware in sbrugna...
EUVD-2016-8342
Malware in sbrugna...
EUVD-2023-23936
Malicious code in bioql PyPI...
EUVD-2022-36792
Malicious code in bioql PyPI...
CVE-2025-9474
A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach...
CVE-2025-47794
CVE-2025-47794 affects Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1, and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1. An attacker on a multi-user system may read temporary files from Nextcloud running under a different user account ...
CVE-2025-47794 Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud...
Splashtop Software Updater Security Vulnerability
Splashtop Software Updater is a software update application for Splashtop products from Splashtop USA. Splashtop Software Updater 1.5.6.21 and prior versions are affected by a security vulnerability that originates from allowing a local, unprivileged attacker to elevate system-level privileges an...
PT-2023-6694
Name of the Vulnerable Software and Affected Versions Bitrix24 version 22.0.300 Description An issue exists in the bitrix/modules/crm/lib/order/import/instagram.php component of Bitrix24 that allows remote authenticated attackers to execute arbitrary code. This is due to insecure temporary file...
jenkins -- multiple vulnerabilities
Jenkins Security Advisory: Description High SECURITY-3037 / CVE-2023-27898 XSS vulnerability in plugin manager Medium SECURITY-3030 / CVE-2023-24998 upstream issue, CVE-2023-27900 MultipartFormDataParser, CVE-2023-27901 StaplerRequest DoS vulnerability in bundled Apache Commons FileUpload library...
Privilege escalation
Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This...
Insecure Temporary Files
org.jboss.resteasy, resteasy-jaxrs-all is vulnerable to Insecure Temporary Files. The vulnerablity is due to using insecure file creation function File.createTempFile while creating temporary files. This can lead to attacker read/modify/write temporary files resulting in sensitive information...
Duplicate Advisory: Insecure Temporary File in RESTEasy
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2c6g-pfx3-w7h8. This link is maintained to preserve external references. Original Description In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround...
SUSE CVE-2015-5228
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path...
SUSE CVE-2016-8641
A privilege escalation vulnerability was found in nagios 4.2.x that occurs in daemon-init.in when creating necessary files and insecurely changing the ownership afterwards. It's possible for the local attacker to create symbolic links before the files are to be created and possibly escalating the...
Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils
Impact org.apache.nifi.authentication.single.user.writer.StandardLoginCredentialsWriter contains a local information disclosure vulnerability due to writing credentials username and password to a file that is readable by all other users on unix-like systems. On unix-like systems, the system's...
CVE-2022-33753
CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges...