2 matches found
CVE-2023-43783
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configuration...
CVE-2023-43783
Cadence up to 0.9.2 (2023-08-21) is affected by two insecure-temp-file issues: /tmp/.cadence-aloop-daemon.x and /tmp/cadence-wineasio.reg. A local attacker can create the file before Cadence starts, enabling a symlink attack to overwrite files, and, in some kernels, inject code into the Wine regi...