Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016647 advisory. As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them...

7.5CVSS6.8AI score0.08235EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 4: storm (TSSA-2024:1013)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1013 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

5.5CVSS5.8AI score0.00346EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 p.m.3 views

CVE-2021-28100

Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process...

5.5CVSS6.1AI score0.00259EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/03/29 11:44 a.m.5 views

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

5.5CVSS5.8AI score0.00819EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/29 11:43 a.m.2 views

apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider

A flaw was found in Apache James's Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions...

5.5CVSS7.1AI score0.00271EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.5 views

SUSE CVE-2016-3100

kinit in KDE Frameworks before 5.23.0 uses weak permissions 644 for /tmp/xauth-xxx-y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file...

8.4CVSS6.9AI score0.00399EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/06 12:0 a.m.1 views

Apache James 信息泄露漏洞

Apache James is an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java from the Apache Foundation in the U.S. An authorization issue vulnerability exists in Apache James, which stems from a vulnerability in the MIME4J TempFileStorageProvider using improperl...

5.5CVSS6.4AI score0.00271EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2022/11/30 12:0 a.m.8 views

The vulnerability in the Hawk2 web interface of SUSE Linux Enterprise Server and OpenSUSE Leap allows a malicious individual to escalate their privileges.

The vulnerability in the Hawk2 web interface of SUSE Linux Enterprise Server and OpenSUSE Leap involves the creation of temporary files with insecure permissions. Exploiting this vulnerability can allow attackers to increase their privileges...

7.8CVSS7.1AI score0.00378EPSS
Exploits1References3Affected Software4
CNNVD
CNNVD
added 2022/11/25 12:0 a.m.36 views

MPXJ 安全漏洞

MPXJ is an open source library for Jon Iles individual developers. It is used to read and write project plans from various file formats and databases. A security vulnerability exists in MPXJ versions prior to 10.14.1 that stems from the use of File.createTempFile... This causes a temporary file t...

3.3CVSS5AI score0.00208EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/11/25 12:0 a.m.4 views

PT-2022-26181 · Mpxj · Mpxj

Name of the Vulnerable Software and Affected Versions: MPXJ versions prior to 10.14.1 Description: MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems, MPXJ's use of File.createTempFile.. results in temporary...

3.3CVSS3.3AI score0.00208EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2022/05/01 3:19 p.m.9 views

CVE-2022-21230

This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to ...

5.5CVSS6AI score0.00289EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/03/22 3:33 p.m.3 views

jersey: Local information disclosure via system temporary directory

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are...

6.2CVSS7.1AI score0.00905EPSS
Exploits0References4
OSV
OSV
added 2007/06/07 10:30 p.m.2 views

DEBIAN-CVE-2007-3024

libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cligentempstream function in clamd/clamdscan, which might allow local users to read sensitive files...

2.1CVSS6.1AI score0.00359EPSS
Exploits0References1
exploitpack
exploitpack
added 1997/05/03 12:0 a.m.11 views

Solaris 2.5.1 lp lpsched - Symlink

Solaris 2.5.1 lp lpsched - Symlink !/bin/sh lpNet & temp file exploit: break lp, then use lp priv to break root or bin, etc.... Written by: Chris Sheldon [email protected] Tested on Solaris-2.5.1: SunOS testhost 5.5.1 Generic sun4m sparc SUNW,SPARCstation-20 Caveat: This system is running...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 1997/05/03 12:0 a.m.43 views

Solaris 2.5.1 lp / lpsched - Symlink

!/bin/sh lpNet & temp file exploit: break lp, then use lp priv to break root or bin, etc.... Written by: Chris Sheldon [email protected] Tested on Solaris-2.5.1: SunOS testhost 5.5.1 Generic sun4m sparc SUNW,SPARCstation-20 Caveat: This system is running without patches. Sun released patch...

7.4AI score
Exploits0
Rows per page
Query Builder