Lucene search
K

210 matches found

ATTACKERKB
ATTACKERKB
added 2022/01/11 8:15 p.m.2 views

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...

6.8CVSS6.8AI score0.01465EPSS
Exploits0References4
Huntr
Huntr
added 2022/01/05 3:29 p.m.22 views

Insecure Temporary File in tensorflow/tensorflow

Description tensorflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

3.3CVSS2.1AI score0.0011EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/09/07 12:0 a.m.37 views

FreeBSD : Python -- multiple vulnerabilities (032643d7-0ba7-11ec-a689-080027e50e6d)

Python reports : bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-41180: Add auditing events to the marshal module, and stop raising code.init events for every unmarshalled code object. Directly instantiated code objects will continue t...

6.8CVSS7.5AI score0.19433EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2021/08/30 12:0 a.m.40 views

Python -- multiple vulnerabilities

Python reports: bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-41180: Add auditing events to the marshal module, and stop raising code.init events for every unmarshalled code object. Directly instantiated code objects will continue to...

6.8CVSS1.4AI score0.19433EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/07/09 11:15 a.m.52 views

CVE-2012-2666

golang/go in 1.0.2 fixes all.bash on shared machines. dotest in src/pkg/debug/gosym/pclntabtest.go creates a temporary file with predicable name and executes it as shell script...

9.8CVSS7.2AI score0.01935EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/05/06 3:1 p.m.36 views

Tempfile on Windows path traversal vulnerability

There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally...

7.5CVSS3.6AI score0.58039EPSS
Exploits1References9Affected Software1
Veracode
Veracode
added 2021/04/17 2:47 a.m.16 views

Path Traversal

ruby is vulnerable to path traversal. There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally...

7.5CVSS3.8AI score0.58039EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/05 12:0 a.m.3 views

PT-2021-18004 · Ruby · Ruby

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 3.0 on Windows Description: A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, potentially allowing them to exit the directory and impact the system. There is an...

7.5CVSS6.9AI score0.58039EPSS
Exploits1References17
RubySec
RubySec
added 2021/04/05 12:0 a.m.14 views

Path traversal in Tempfile on Windows

There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally...

7.5CVSS3.6AI score0.58039EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2021/03/20 7:21 p.m.110 views

Ruby: Path traversal in Tempfile on windows OS due to unsanitized backslashes

Hi team, Summary We've noticed that both arguments basename and ext of Tempfile on Windows are vulnerable to a path traversal which could allow unintentional file creating in arbitrary writable directories. Tempfile often has a user control either by basename or ext or both. PoC irbmain:029:0...

5CVSS2.4AI score0.58039EPSS
Exploits1
Mageia
Mageia
added 2021/01/19 3:40 p.m.13 views

Updated resource-agents packages fix security vulnerabilities

Multiple vulnerabilities related to unsafe tempfile usage bsc1146690, bsc1146691, bsc1146692, bsc1146766, bsc1146776, bsc1146784, bsc1146785, bsc1146787. Issues where the ocfmon user was created with a default password bsc1021689, bsc1146687. The resource-agents package has been updated to versio...

1.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/05/04 12:0 a.m.16 views

openSUSE Security Update : resource-agents (openSUSE-2020-585)

This update for resource-agents fixes the following issues : - Fixed multiple vulnerabilities related to unsafe tempfile usage. bsc1146690 bsc1146691 bsc1146692 bsc1146766 bsc1146776 bsc1146784 bsc1146785 bsc1146787 - Fixed issues where the ocfmon user was created with a default password...

5.5AI score
Exploits0References10
OPENSUSE Linux
OPENSUSE Linux
added 2020/05/01 12:0 a.m.108 views

Security update for resource-agents (important)

openSUSE Security Update: Security update for resource-agents Announcement ID: openSUSE-SU-2020:0585-1 Rating: important References: 1021689 1146687 1146690 1146691 1146692 1146766 1146776 1146784 1146785 1146787 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now...

7.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/04/29 12:0 a.m.4 views

The vulnerability of the .tempfile component in the software suite for processing, transforming, and generating Ghostscript documents allows a perpetrator to circumvent the dSAFER protection mechanism, delete files, or gain unauthorized access to protected information.

The vulnerability of the .tempfile component in the software for processing, transforming, and generating Ghostscript documents is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to bypass the dSAFER protection, delete files, or gain unauthorized...

7.8CVSS7.2AI score0.01916EPSS
Exploits0References8Affected Software4
OSV
OSV
added 2020/04/24 2:40 p.m.3 views

SUSE-SU-2020:14348-1 Security update for resource-agents

This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. bsc1146690 bsc1146784 bsc1146785 bsc1146787 - Fixed issues where the ocfmon user was created with a default password bsc1021689, bsc1146687...

7.5AI score
Exploits0References7
OSV
OSV
added 2020/04/23 1:32 p.m.2 views

SUSE-SU-2020:1090-1 Security update for resource-agents

This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. bsc1146690, bsc1146691, bsc1146692, bsc1146766, bsc1146776, bsc1146784, bsc1146785, bsc1146787 - Fixed issues where the ocfmon user was created with a default password...

7.5AI score
Exploits0References11
OSV
OSV
added 2020/04/23 1:32 p.m.1 views

SUSE-SU-2020:1089-1 Security update for resource-agents

This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. bsc1146690 bsc1146691 bsc1146692 bsc1146766 bsc1146776 bsc1146784 bsc1146785 bsc1146787 - Fixed issues where the ocfmon user was created with a default password bsc102168...

7.5AI score
Exploits0References11
NVD
NVD
added 2019/11/18 10:15 p.m.22 views

CVE-2008-7273

A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling...

7.8CVSS7.6AI score0.00398EPSS
Exploits0References3
Prion
Prion
added 2019/11/18 10:15 p.m.15 views

Design/Logic Flaw

A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling...

4.6CVSS7AI score0.00398EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/11/18 9:18 p.m.29 views

CVE-2008-7273

A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling...

7.6AI score0.00398EPSS
Exploits0References3
Rows per page
Query Builder