Lucene search
K

76 matches found

UbuntuCve
UbuntuCve
added 2017/08/25 6:29 p.m.29 views

CVE-2015-5701

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700...

6.1CVSS6.8AI score0.00419EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.25 views

Fedora 23 : kdelibs3-3.5.10-71.fc23 (2015-6e50918d8e)

Security fix for CVE-2015-7543 in kdelibs3 the KDE 3 compatibility version of kdelibs: A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication IPC. This update fixes the temporary...

7CVSS6.8AI score0.00245EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.25 views

Fedora 22 : kdelibs3-3.5.10-71.fc22 (2015-2f4b92ed2e)

Security fix for CVE-2015-7543 in kdelibs3 the KDE 3 compatibility version of kdelibs: A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication IPC. This update fixes the temporary...

7CVSS6.8AI score0.00245EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2015/12/11 12:0 a.m.24 views

Debian DLA-367-1 : kdelibs security update

It has been reported that kdelibs uses the insecure mktemp function to create the temporary directory it uses to host user-specific sockets. It is thus possible for another user to hijack this temporary directory and gain socket accesses it should not have. In Debian 6 'Squeeze', this issue has...

7CVSS6.8AI score0.00245EPSS
Exploits1References3
Debian
Debian
added 2015/12/10 12:0 p.m.61 views

[SECURITY] [DLA 367-1] kdelibs security update

Package : kdelibs Version : 3.5.10.dfsg.1-5+deb6u1 CVE ID : CVE-2015-7543 It has been reported that kdelibs uses the insecure mktemp function to create the temporary directory it uses to host user-specific sockets. It is thus possible for another user to hijack this temporary directory and gain...

7CVSS7AI score0.00245EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/11/24 12:0 a.m.14 views

SUSE SLED12 / SLES12 Security Update : dracut (SUSE-SU-2015:2065-1)

The dracut package was updated to fix the following security and non-security issues : - CVE-2015-0794: Use mktemp instead of hard-coded filenames, possible vulnerability bsc935338. - Always install mdraid modules bsc935993. - Add notice when dracut failed to install modules bsc952491. - Always...

3.6CVSS5.5AI score0.00349EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2015/11/19 12:0 a.m.18 views

openSUSE Security Update : dracut (openSUSE-2015-765)

The dracut package was updated to fix the following security and non security issues : - CVE-2015-0794: Use mktemp instead of hardcoded filenames, possible vulnerability bnc935338. - Always install mdraid modules boo935993. - Add notice when dracut failed to install modules bsc952491. %NASLMINLEV...

3.6CVSS5.4AI score0.00349EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/09/12 12:0 a.m.24 views

FreeBSD : security/ossec-hids-* -- root escalation via temp files (36858e78-3963-11e4-ad84-000c29f6ae42)

OSSEC reports : This correction will create the temp file for the hosts deny file in /var/ossec and will use mktemp where available to create NON-predictable temp file name. In cases where mktemp is not available we have written a BAD version of mktemp, but should be a little better then just...

7.2CVSS5.5AI score0.02497EPSS
Exploits3References3
FreeBSD
FreeBSD
added 2014/09/09 12:0 a.m.30 views

security/ossec-hids-* -- root escalation via temp files

OSSEC reports: This correction will create the temp file for the hosts deny file in /var/ossec and will use mktemp where available to create NON-predictable temp file name. In cases where mktemp is not available we have written a BAD version of mktemp, but should be a little better then just...

7.2CVSS6.4AI score0.02497EPSS
Exploits3References1
OSV
OSV
added 2014/03/11 7:37 p.m.2 views

DEBIAN-CVE-2014-1839

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...

4.4CVSS6.2AI score0.00355EPSS
Exploits0References1
Prion
Prion
added 2014/03/11 7:37 p.m.22 views

Code injection

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...

4.4CVSS6.6AI score0.00355EPSS
Exploits0References5Affected Software2
PyPA
PyPA
added 2014/03/11 7:37 p.m.7 views

PYSEC-2014-84

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...

4.4CVSS6.7AI score0.00355EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2014/03/03 12:0 a.m.3 views

PT-2014-4323 · Logilab +1 · Logilab-Common +1

Name of the Vulnerable Software and Affected Versions: logilab-common versions prior to 0.61.0 Description: The Execute class in shellutils in logilab-common uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. Recommendations: For...

6.3CVSS6.7AI score0.00355EPSS
Exploits0References22
OSV
OSV
added 2014/01/28 12:55 a.m.2 views

DEBIAN-CVE-2014-1639

syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename...

3.3CVSS6.7AI score0.00354EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2014/01/28 12:55 a.m.24 views

CVE-2014-1639

syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename...

3.3CVSS6AI score0.00354EPSS
Exploits0References5
Cvelist
Cvelist
added 2014/01/28 12:0 a.m.28 views

CVE-2014-1639

syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename...

6.1AI score0.00354EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2013/11/19 12:0 a.m.15 views

Fedora 20 : prboom-plus-2.5.1.3-3.fc20 (2013-20940)

-------- prboom-plus-2.5.1.3-3 replaces mktemp with mkstemp to satisfy rpmlint Doom is a classic 3D shoot-em-up game. PrBoom+ is a Doom source port developed from the original PrBoom project by Andrey Budko. The target of the project is to extend the original port with features that are necessary...

5.5AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/09/06 12:0 a.m.22 views

Mandrake Linux Security Advisory : ghostscript (MDKSA-2000:074)

The ghostscript package uses mktemp instead of mkstemp to create temporary files. It also uses improper LDRUNPATH values, which causes it to search for libraries in the current directory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

4.6CVSS5.4AI score0.00405EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2011/11/02 12:0 a.m.20 views

caml-light -- insecure use of temporary files

caml-light uses mktemp insecurely, and also does unsafe things in /tmp during make install...

9.8CVSS9.2AI score0.01831EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2011/09/26 12:0 a.m.30 views

Fedora 14 : foomatic-4.0.8-3.fc14 (2011-11205)

This package fixes CVE-2011-2924 by using mktemp when creating a debug log file in debug mode. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possibl...

5.5CVSS7.1AI score0.00434EPSS
Exploits0References4
Rows per page
Query Builder