Lucene search
K

78 matches found

EUVD
EUVD
added 2026/07/06 7:50 p.m.8 views

EUVD-2026-24971

mktemp: empty TMPDIR creates temp files in CWD instead of /tmp...

3.3CVSS5.9AI score0.00133EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-41991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user's PATH,...

4.7CVSS6AI score0.00105EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 6:44 p.m.9 views

CVE-2026-41991

A flaw was found in the gzexe utility of GNU gzip. When the mktemp utility is not available, gzexe creates temporary files with predictable names based on the process ID. A local attacker can exploit this by pre-creating a symbolic link to an arbitrary file at the predicted temporary file path...

6CVSS5.9AI score0.00105EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/29 10:15 a.m.5 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS5.9AI score0.00105EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 10:15 a.m.36 views

CVE-2026-41991

CVE-2026-41991 affects GNU gzip’s gzexe utility, where insecure temporary file handling creates a TOCTOU vulnerability. If mktemp is unavailable in PATH, gzexe constructs a PID-based temporary path without exclusive access or existence checks. A local attacker can pre-create the predicted path as...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/29 10:15 a.m.4 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 9:16 p.m.18 views

CVE-2026-49134

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS0.0027EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:53 p.m.12 views

CVE-2026-49134

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References5
OSV
OSV
added 2026/06/01 6:53 p.m.3 views

CVE-2026-49134 CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.2AI score0.0027EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references. Original Description The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/22 6:31 p.m.17 views

GHSA-2CXP-XQ3C-MJXX Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references. Original Description The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 5:16 p.m.7 views

CVE-2026-35342

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS0.00133EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/22 5:16 p.m.15 views

CVE-2026-35342

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 5:16 p.m.6 views

UBUNTU-CVE-2026-35342

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 4:7 p.m.5 views

CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS5.7AI score0.00133EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 4:7 p.m.31 views

CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS0.00133EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/22 4:7 p.m.7 views

CVE-2026-35342

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS5.3AI score0.00133EPSS
Exploits0
OSV
OSV
added 2026/04/22 4:7 p.m.3 views

CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS5.9AI score0.00133EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.13 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability arises from the fact that the mktemp utility fails to properly handle the empty TMPDIR environment variable. Unlike GNU mktemp,...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34478

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description The mktemp utility fails to properly handle an empty TMPDIR environment variable. While other implementations fall back to /tmp when TMPDIR is an empty string, this implementation...

3.3CVSS6AI score0.00133EPSS
Exploits0References14
Rows per page
Query Builder