Lucene search
K

56 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:15 p.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Multiple Vulnerabilities.

Summary spring-boot-3.5.13.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-40973, CVE-2026-40975, CVE-2026-40977. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the directory used by...

8.2CVSS5.5AI score0.00312EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 5:18 p.m.7 views

CVE-2026-2817 Spring Data Geode Insecure Temporary Directory Usage

Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of...

4.8CVSS5.5AI score0.00097EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 5:18 p.m.25 views

CVE-2026-2817 Spring Data Geode Insecure Temporary Directory Usage

Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of...

4.8CVSS0.00097EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

Spring Data Geode 安全漏洞

Spring Data Geode is a software developed by Spring for configuring, operating, and accessing distributed data management systems. There is a security vulnerability in Spring Data Geode, which stems from the use of an insecure directory during the snapshot import process. Archives are stored in a...

4.8CVSS5.8AI score0.00097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/22 3:13 p.m.7 views

CVE-2025-71176

A flaw was found in pytest. This vulnerability allows local users to exploit insecure temporary directory handling, specifically the reliance on predictable directory names in /tmp/pytest-of-user. An attacker can leverage this to cause a denial of service DoS or potentially gain elevated privileg...

6.8CVSS5.2AI score0.0014EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/10 3:26 p.m.8 views

CVE-2025-32919

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 EOL...

8.8CVSS6.9AI score0.00249EPSS
Exploits1References1
NVD
NVD
added 2025/10/09 3:16 p.m.27 views

CVE-2025-32919

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 EOL...

8.8CVSS0.00249EPSS
Exploits1References3
OSV
OSV
added 2025/10/09 3:16 p.m.5 views

CVE-2025-32919

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 EOL...

7.8CVSS6.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/09 3:1 p.m.8 views

CVE-2025-32919 Privilege Escalation in Windows License plugin for Checkmk Windows Agent

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 EOL...

8.8CVSS6.5AI score0.00249EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/09 3:1 p.m.14 views

EUVD-2025-33350

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 EOL...

8.8CVSS6.4AI score0.00249EPSS
Exploits1References2
CVE
CVE
added 2025/10/09 3:1 p.m.13 views

CVE-2025-32919

CVE-2025-32919 is due to use of an insecure temporary directory in the Windows License plugin of the Checkmk Windows Agent, enabling local privilege escalation. Affected versions: Checkmk 2.4.0 before 2.4.0p13, 2.3.0 before 2.3.0p38, 2.2.0 before 2.2.0p46, and all 2.1.0 (EOL). Root cause: insecur...

8.8CVSS6.5AI score0.00249EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/10/09 3:1 p.m.25 views

CVE-2025-32919 Privilege Escalation in Windows License plugin for Checkmk Windows Agent

Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all versions of 2.1.0 EOL...

8.8CVSS0.00249EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/09 12:0 a.m.4 views

PT-2025-41388

Name of the Vulnerable Software and Affected Versions Checkmk versions 2.1.0 Checkmk versions 2.2.0 through 2.2.0p45 Checkmk versions 2.3.0 through 2.3.0p37 Checkmk versions 2.4.0 through 2.4.0p12 Description The Windows License plugin for the Checkmk Windows Agent contains a flaw related to the...

8.8CVSS6.7AI score0.00249EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 a.m.6 views

CVE-2011-4119

caml-light = 0.75 uses mktemp insecurely, and also does unsafe things in /tmp during make install...

9.8CVSS6.9AI score0.01831EPSS
Exploits1References1
OSV
OSV
added 2025/01/02 4:15 p.m.3 views

CVE-2024-9950

A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory...

7.8CVSS5.8AI score0.00302EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/02 12:0 a.m.5 views

ForeScout SecureConnector 安全漏洞

ForeScout SecureConnector is a network security software from ForeScout, Inc. that authenticates machines attempting to join a network. A security vulnerability exists in ForeScout SecureConnector version 11.3.07.0109, which stems from an insecure temporary directory causing an unauthenticated us...

8.5CVSS6.8AI score0.00302EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.28 views

RHEL 6 : guava (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - guava: insecure temporary directory creation CVE-2023-2976 Note that Nessus has not tested for this issue but has...

7.1CVSS7.3AI score0.00248EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.35 views

RHEL 8 : guava (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - guava: insecure temporary directory creation CVE-2023-2976 Note that Nessus has not tested for this issue but has...

7.1CVSS6.4AI score0.00248EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.32 views

RHEL 7 : guava (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - guava: local information disclosure via temporary directory created with unsafe permissions CVE-2020-8908...

7.3AI score0.00964EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.70 views

RHEL 8 : jenkins and jenkins-2-plugins (RHSA-2024:0777)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0777 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

9.8CVSS7.6AI score0.99999EPSS
Exploits61References66
Rows per page
Query Builder