Lucene search
K

26 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-41991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user's PATH,...

4.7CVSS6AI score0.00105EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 6:44 p.m.9 views

CVE-2026-41991

A flaw was found in the gzexe utility of GNU gzip. When the mktemp utility is not available, gzexe creates temporary files with predictable names based on the process ID. A local attacker can exploit this by pre-creating a symbolic link to an arbitrary file at the predicted temporary file path...

6CVSS5.9AI score0.00105EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 12:16 p.m.11 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS0.00105EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 12:16 p.m.4 views

UBUNTU-CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 10:15 a.m.5 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS5.9AI score0.00105EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/29 10:15 a.m.7 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00105EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/29 10:15 a.m.57 views

CVE-2026-41991 Predictable Temporary File in GNU gzip

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS0.00105EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 10:15 a.m.35 views

CVE-2026-41991

CVE-2026-41991 affects GNU gzip’s gzexe utility, where insecure temporary file handling creates a TOCTOU vulnerability. If mktemp is unavailable in PATH, gzexe constructs a PID-based temporary path without exclusive access or existence checks. A local attacker can pre-create the predicted path as...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/29 10:15 a.m.8 views

EUVD-2026-40068

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS5.9AI score0.00105EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/29 10:15 a.m.4 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.15 views

PT-2026-53255

Name of the Vulnerable Software and Affected Versions GNU gzip affected versions not specified Description The gzexe utility handles temporary files insecurely. If the mktemp utility is missing from the user's PATH, gzexe generates a temporary file path using only the process ID PID. Because this...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-1313

Malware in sbrugna...

2.1CVSS6.1AI score0.00402EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2004-0602

Malware in sbrugna...

10CVSS6.2AI score0.03126EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.6 views

SUSE CVE-2004-0970

The 1 gzexe, 2 zdiff, and 3 znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367...

2.1CVSS6.6AI score0.00365EPSS
Exploits0References3
OSV
OSV
added 2005/02/09 5:0 a.m.2 views

DEBIAN-CVE-2004-0970

The 1 gzexe, 2 zdiff, and 3 znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367...

2.1CVSS6.6AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 2004/12/06 5:0 a.m.29 views

CVE-2004-0603

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332...

10CVSS6.9AI score0.03126EPSS
Exploits0References4
CVE
CVE
added 2004/10/20 4:0 a.m.73 views

CVE-2004-0970

CVE-2004-0970 concerns the gzip package: the (1) gzexe, (2) zdiff, and (3) znew scripts are able to overwrite files via a symlink attack on temporary files, enabling local users to modify files. This vulnerability is described as a local-privilege-impact issue (I:P) with a low base score (2.1) an...

2.1CVSS5.8AI score0.00365EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.25 views

GLSA-200406-18 : gzip: Insecure creation of temporary files

The remote host is affected by the vulnerability described in GLSA-200406-18 gzip: Insecure creation of temporary files The script gzexe included with gzip contains a bug in the code that handles tempfile creation. If the creation of a temp file fails when using gzexe fails instead of bailing out...

10CVSS5.7AI score0.03126EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2004/06/30 4:0 a.m.64 views

CVE-2004-0603

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332...

10CVSS6.7AI score0.03126EPSS
Exploits0
CVE
CVE
added 2004/06/30 4:0 a.m.60 views

CVE-2004-0603

CVE-2004-0603 relates to gzip (gzexe) in versions 1.3.3 and earlier. The vulnerability arises when temporary file creation fails: gzexe will continue execution instead of exiting, potentially allowing remote attackers or local users to run arbitrary commands. The issue is documented in various ad...

10CVSS6.9AI score0.03126EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder