Astra Linux - уязвимость в guava-libraries

There is a vulnerability related to the creation of temporary directories in all versions of Guava. An attacker with access to the system can potentially access data stored in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on Unix-like systems...

EUVD-2022-7293

Malicious code in bioql PyPI...

Information Disclosure

htsjdk is vulnerable to information disclosure. The vulnerability exists in createTempDir function of IOUtil.java because the information in this directory is visible to other local users which allows an attacker to view sensitive files and hijack the directories to manipulate contents escalating...

samtools htsjdk license issue vulnerability

htsjdk is a samtools open source a Java API for high-throughput sequencing data HTS format . An authorization issue exists in htsjdk 3.0.1 and earlier versions com.github.samtools.The vulnerability is due to the createTempDir function in util/IOUtil, which creates a temporary file in a directory...

HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it...

CVE-2022-21126

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it...

UBUNTU-CVE-2022-21126

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it...

CVE-2022-21126

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it...

Directory Hijacking

com.manydesigns:portofino-microservice-launcher is vulnerable to directory hijacking. A local authenticated attacker is able to create temporary files inside unauthorized directories through createTempDir function of the file WarFileLauncher.java, resulting in disclosure of sensitive information...

CVE-2022-3952

Summary: CVE-2022-3952 affects ManyDesigns Portofino 5.3.2. The vulnerability is in WarFileLauncher.java:createTempDir, which allows creation of a temporary file in a directory with insecure permissions. This could lead to disclosure of sensitive data. A fix is available in Portofino 5.3.3; patch...

CVE-2022-3952 ManyDesigns Portofino WarFileLauncher.java createTempDir temp file

A vulnerability has been found in ManyDesigns Portofino 5.3.2 and classified as problematic. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to...

ManyDesigns Portofino 安全漏洞

ManyDesigns Portofino is a low-code tool from ManyDesigns Italy. It is used to build model-driven REST APIs and web applications. A security vulnerability exists in ManyDesigns Portofino 5.3.2, which originates in an unknown section of the WarFileLauncher.java file, and can be exploited by an...

CVE-2022-27772

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that...

Google Guava 访问控制错误漏洞

Google Guava is a U.S. Google Google company , including graphics libraries , function types , I / O and string processing , etc. of the core Java library . An Access Control Error vulnerability exists in Guava prior to version 30.0, which stems from a temporary directory creation vulnerability i...