121 matches found
SUSE CVE-2011-4328
plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions world readable for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information...
SUSE CVE-2020-10870
Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service...
systemd bug fix and enhancement update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...
DEBIAN-CVE-2020-10870
Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service...
CVE-2020-10870
Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service...
Denial of service
Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service...
Code injection
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files...
CVE-2010-3440
Removed by vendor...
CVE-2010-3440
CVE-2010-3440 affects Babiloo, specifically version 2.0.9 prior to 2.0.11. The flaw arises when downloading and unpacking dictionary files: the program creates temporary files with predictable names, enabling a local attacker to overwrite arbitrary files on the host. Impact is local, with potenti...
CVE-2010-3440
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files...
EulerOS Virtualization 2.5.4 : rpm (EulerOS-SA-2019-1210)
According to the version of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a...
EulerOS 2.0 SP3 : rpm (EulerOS-SA-2019-1043)
According to the version of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files...
Privilege Escalation Via Symlink Attack
sosreport is vulnerable to privilege escalation via symlink attack. It is possible because they use predictable names for temporary directory creation and handling under /tmp, and set the permission to 700. Therefore, the local attackers can create their own file, hijack the information in the fi...
EulerOS 2.0 SP5 : rpm (EulerOS-SA-2019-1011)
According to the version of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files...
Privilege escalation
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to...
CVE-2017-7501
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to...
CVE-2017-7501
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to...
CVE-2017-7501
It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to...
Privilege Escalation Via Symlink Attack
sosreport is vulnerable to privilege escalation via symlink attack. It is possible because they use predictable names for temporary directory creation and handling under /tmp, and set the permission to 700. Therefore, the local attackers can create their own file, hijack the information in the fi...
CVE-2017-7501
It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which coul...