CVE-2025-13044

CVE-2025-13044 affects IBM Concert Software (versions 1.0.0–2.2.0). The vulnerability arises from the creation of temporary files with predictable names, enabling local users to overwrite arbitrary files via a symlink attack. The resulting impact is local file overwrite (CWE-340) with a base scor...

openSUSE 16 Security Update : bash-git-prompt (openSUSE-SU-2025:20130-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:20130-1 advisory. - CVE-2025-61659: Fixed an issue where predictable files in /tmp were used for a copy of the git index bsc1247489 Tenable has extracted the preceding...

pycode‑browser 安全漏洞

pycode-browser is a Python learning tool from pycode-browser open source. A security vulnerability exists in pycode-browser versions prior to 1.0 that stems from temporary files being predictable...

PT-2024-36558 · Colpack +1 · Colpack +1

Name of the Vulnerable Software and Affected Versions: ColPack versions 1.0.10 through 9a7293a Description: The issue is related to the creation of predictable temporary files in ColPack, located under /tmp with names derived from an unseeded Random Number Generator RNG. This can lead to...

RHEL 5 : sos (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - sos: Usage of predictable temporary files allows privilege escalation CVE-2015-7529 Note that Nessus has not tested...

Mageia: Security Advisory (MGASA-2024-0159)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hyprland 安全漏洞

Hyprland is a wlroots-based dynamic tiling Wayland composition application open-sourced by Hypr Development. A security vulnerability exists in Hyprland version 0.39.1 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary assembly code by writing predictable...

PT-2021-15594 · Mcafee · Endpoint Security For Linux Threat Prevention/Firewall

Name of the Vulnerable Software and Affected Versions: Endpoint Security for Linux Threat Prevention and Firewall ENSL TP/FW affected versions not specified Description: A local user can exploit a time of check to time of use TOCTOU race condition during the installation process to perform a...

Arbitrary File Write in cli

Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...

CVE-2015-4037

The slirpsmb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service instantiation failure by creating /tmp/qemu-smb.- files before the program...

DSA-3284-1 qemu - security update

Bulletin has no description...

Debian: Security Advisory (DSA-2670-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be...

[SECURITY] [DSA 2453-1] gajim security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2453-1 [email protected] http://www.debian.org/security/ Nico Golde April 16, 2012 http://www.debian.org/security/faq -...

Debian DSA-2453-1 : gajim - several vulnerabilities

Several vulnerabilities have been discovered in Gajim, a feature-rich Jabber client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2012-1987 Gajim is not properly sanitizing input before passing it to shell commands. An attacker can use this flaw to...

CVE-2011-4114

The parmktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE:...

SuSE 11 Security Update : open-iscsi (SAT Patch Number 1240)

The iscsidiscovery tool created predictable temporary files which potentially allowed attackers to overwrite system files. CVE-2009-1297 Also some non-security bugs have been fixed : - synchronize startup settings - fix daemon segfault with CHAP %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

SuSE 10 Security Update : open-iscsi (ZYPP Patch Number 6455)

The iscsidiscovery tool created predictable temporary files which potentially allowed attackers to overwrite system files. CVE-2009-1297 Also several non-security bugs have been fixed : - don't fail init script if discovery fails - print correct ipconfig mask for dhcp - synchronize startup settin...

PDFjam: Multiple vulnerabilities

Background PDFjam is a small collection of shell scripts to edit PDF documents, including pdfnup, pdfjoin and pdf90. Description Martin Vaeth reported multiple untrusted search path vulnerabilities CVE-2008-5843. Marcus Meissner of the SUSE Security Team reported that temporary files are created...

DEBIAN-CVE-2005-3111

The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack...