Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...

Design/Logic Flaw

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...

Vulnerable postgresql component found in SANnav RPM package

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or PreparedStatemet.setByteaint, InputStream will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which...

Temporary File Information Disclosure vulnerability in MPXJ

Impact On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other user on the system can read the contents of this file. When MPXJ is reading a type of schedule file...

CVE-2022-24823

CVE-2021-21290 contains an incomplete fix, and this addresses the issue found in netty. When using multipart decoders in netty, local information disclosure can occur via the local system temporary directory if temporary storing of uploads on the disk is enabled. Mitigation As a workaround, speci...

GHSA-Q4HM-FWC9-HMV6 Insecure temporary file used in com.squareup:connect

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

Insecure temporary file used in com.squareup:connect

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

CVE-2021-21290

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's...

CVE-2021-23331

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

CVE-2021-23331 Insecure Temporary File

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

EulerOS 2.0 SP2 : ant (EulerOS-SA-2020-2327)

According to the version of the ant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several...

FreeBSD : Apache Ant leaks sensitive information via the java.io.tmpdir (6d5f1b0b-b865-48d5-935b-3fb6ebb425fc)

Apache reports : Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory bac...

CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

Apache Ant leaks sensitive information via the java.io.tmpdir

Apache reports: Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back...

Atlassian Confluence AppFusions Doxygen 1.3.0 Path Traversal

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: AppFusions Doxygen for Atlassian Confluence Vendor URL: www.appfusions.com Type: Path Traversal CWE-22 Date found: 2016-06-23 Date published: - CVSSv3 Score: 6.3...