210 matches found
CVE-2021-43972
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...
Insecure Temporary File in tensorflow/tensorflow
Description tensorflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...
FreeBSD : Python -- multiple vulnerabilities (032643d7-0ba7-11ec-a689-080027e50e6d)
Python reports : bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-41180: Add auditing events to the marshal module, and stop raising code.init events for every unmarshalled code object. Directly instantiated code objects will continue t...
Python -- multiple vulnerabilities
Python reports: bpo-42278: Replaced usage of tempfile.mktemp with TemporaryDirectory to avoid a potential race condition. bpo-41180: Add auditing events to the marshal module, and stop raising code.init events for every unmarshalled code object. Directly instantiated code objects will continue to...
CVE-2012-2666
golang/go in 1.0.2 fixes all.bash on shared machines. dotest in src/pkg/debug/gosym/pclntabtest.go creates a temporary file with predicable name and executes it as shell script...
Tempfile on Windows path traversal vulnerability
There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally...
Path Traversal
ruby is vulnerable to path traversal. There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally...
PT-2021-18004 · Ruby · Ruby
Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 3.0 on Windows Description: A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, potentially allowing them to exit the directory and impact the system. There is an...
Path traversal in Tempfile on Windows
There is an unintentional directory creation vulnerability in tmpdir library bundled with Ruby on Windows. And there is also an unintentional file creation vulnerability in tempfile library bundled with Ruby on Windows, because it uses tmpdir internally...
Ruby: Path traversal in Tempfile on windows OS due to unsanitized backslashes
Hi team, Summary We've noticed that both arguments basename and ext of Tempfile on Windows are vulnerable to a path traversal which could allow unintentional file creating in arbitrary writable directories. Tempfile often has a user control either by basename or ext or both. PoC irbmain:029:0...
Updated resource-agents packages fix security vulnerabilities
Multiple vulnerabilities related to unsafe tempfile usage bsc1146690, bsc1146691, bsc1146692, bsc1146766, bsc1146776, bsc1146784, bsc1146785, bsc1146787. Issues where the ocfmon user was created with a default password bsc1021689, bsc1146687. The resource-agents package has been updated to versio...
openSUSE Security Update : resource-agents (openSUSE-2020-585)
This update for resource-agents fixes the following issues : - Fixed multiple vulnerabilities related to unsafe tempfile usage. bsc1146690 bsc1146691 bsc1146692 bsc1146766 bsc1146776 bsc1146784 bsc1146785 bsc1146787 - Fixed issues where the ocfmon user was created with a default password...
Security update for resource-agents (important)
openSUSE Security Update: Security update for resource-agents Announcement ID: openSUSE-SU-2020:0585-1 Rating: important References: 1021689 1146687 1146690 1146691 1146692 1146766 1146776 1146784 1146785 1146787 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now...
The vulnerability of the .tempfile component in the software suite for processing, transforming, and generating Ghostscript documents allows a perpetrator to circumvent the dSAFER protection mechanism, delete files, or gain unauthorized access to protected information.
The vulnerability of the .tempfile component in the software for processing, transforming, and generating Ghostscript documents is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to bypass the dSAFER protection, delete files, or gain unauthorized...
SUSE-SU-2020:14348-1 Security update for resource-agents
This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. bsc1146690 bsc1146784 bsc1146785 bsc1146787 - Fixed issues where the ocfmon user was created with a default password bsc1021689, bsc1146687...
SUSE-SU-2020:1090-1 Security update for resource-agents
This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. bsc1146690, bsc1146691, bsc1146692, bsc1146766, bsc1146776, bsc1146784, bsc1146785, bsc1146787 - Fixed issues where the ocfmon user was created with a default password...
SUSE-SU-2020:1089-1 Security update for resource-agents
This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. bsc1146690 bsc1146691 bsc1146692 bsc1146766 bsc1146776 bsc1146784 bsc1146785 bsc1146787 - Fixed issues where the ocfmon user was created with a default password bsc102168...
CVE-2008-7273
A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling...
Design/Logic Flaw
A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling...
CVE-2008-7273
A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling...