EUVD-2012-2638

Malware in sbrugna...

EUVD-2008-1688

Malware in sbrugna...

SUSE CVE-2012-2652

The bdrvopen function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file...

SUSE CVE-2022-23563

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

GHSA-VQJ2-4V8M-8VRQ Insecure Temporary File in mlflow

mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function tempfile.mktemp is deprecated and mkstemp should be used instead...

Insecure Temporary File in mlflow

mlflow prior to 1.23.1 contains an insecure temporary file. The insecure function tempfile.mktemp is deprecated and mkstemp should be used instead...

PT-2022-13398 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow versions prior to 1.23.1 Description: The issue is related to an insecure temporary file in the GitHub repository mlflow/mlflow. The tempfile.mktemp function is deprecated and should be replaced with mkstemp. Recommendations: For...

Insecure temporary file in Tensorflow

Impact In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in mktemp and the actual creation of the file by a...

CVE-2022-23563

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

Stack overflow

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

CVE-2022-23563 Insecure temporary file in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

Insecure Temporary File in mlflow/mlflow

Description mlflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

Insecure Temporary File in horovod/horovod

Description horovod package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

Insecure Temporary File in tensorflow/tensorflow

Description tensorflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

ansible: secrets readable after ansible-vault edit

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

CVE-2020-1740

A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...

Mageia: Security Advisory (MGASA-2015-0352)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated util-linux packages fix CVE-2015-5224

Updated util-linux packages fix security vulnerability: The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker...

Fedora 20 : prboom-plus-2.5.1.3-3.fc20 (2013-20940)

-------- prboom-plus-2.5.1.3-3 replaces mktemp with mkstemp to satisfy rpmlint Doom is a classic 3D shoot-em-up game. PrBoom+ is a Doom source port developed from the original PrBoom project by Andrey Budko. The target of the project is to extend the original port with features that are necessary...

Fedora 19 : prboom-plus-2.5.1.3-3.fc19 (2013-20988)

-------- prboom-plus-2.5.1.3-3 replaces mktemp with mkstemp to satisfy rpmlint Doom is a classic 3D shoot-em-up game. PrBoom+ is a Doom source port developed from the original PrBoom project by Andrey Budko. The target of the project is to extend the original port with features that are necessary...