CVE-2019-7667

Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login...

EUVD-2014-3493

Malware in sbrugna...

SUSE CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

CVE-2025-61659

CVE-2025-61659 affects bash-git-prompt versions 2.6.1 through 2.7.1. The root cause is insecure handling of a temporary file in /tmp, using a filename with a predictable pattern (/tmp/git-index-private$$). This can enable unsafe operations due to filename predictability. OpenSUSE/SUSE advisories ...

PT-2025-39840

Name of the Vulnerable Software and Affected Versions bash-git-prompt versions 2.6.1 through 2.7.1 Description The software uses the /tmp/git-index-private$$ file in a manner that results in a predictable filename. Recommendations Update to a version later than 2.7.1...

FreeBSD : py-suds -- vulnerable to symlink attacks (b31f7029-817c-4c1f-b7d3-252de5283393)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b31f7029-817c-4c1f-b7d3-252de5283393 advisory. - cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and...

SUSE CVE-2009-1297

iscsidiscovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise SLE 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name...

SUSE CVE-2013-0162

The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

SUSE CVE-2013-6493

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

SUSE CVE-2014-2906

The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...

Improper Control of Generation of Code in HawtJNI

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

GHSA-9GCF-PQ99-RJW3 RPLY Predictable Tmpfile Names Allows Cache Spoofing

The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...

GHSA-PCQV-C46V-2P4V Ansible Arbitrary File Overwrite Vulnerability

lib/ansible/playbook/init.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/...

GHSA-8MVW-22R7-W6FQ ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name

The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name

The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

CVE-2012-2666

golang/go in 1.0.2 fixes all.bash on shared machines. dotest in src/pkg/debug/gosym/pclntabtest.go creates a temporary file with predicable name and executes it as shell script...

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

Mail.ru: Possible access to the car's photo and registration by its ID on [fleet.city-mobil.ru]

Car / driver's license photo cropped with built-in photo editor of fleet.city-mobil.ru could get a predictable name...

Arbitrary Files Overwrite

The Simple Protocol for Independent Computing Environments SPICE is vulnerable to Arbitrary Files Overwrite. It was found that the SPICE Firefox plug-in used a predictable name for its log file. A local attacker could use this flaw to conduct a symbolic link attack, allowing them to overwrite...

CVE-2014-2906

The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...