42 matches found
EUVD-2010-2543
Malware in sbrugna...
EUVD-2012-3350
Malware in sbrugna...
EUVD-2012-0835
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2014-6311
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...
DEBIAN-CVE-2024-34490
In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...
SUSE CVE-2015-4037
The slirpsmb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service instantiation failure by creating /tmp/qemu-smb.- files before the program...
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6cpc-mj5c-m9rq. This link is maintained to preserve external references. Original Description An issue exists in node-cli 0.1.0 through 0.11.3 due to predictable temporary file names in lockfile and logfile, whi...
GHSA-9GCF-PQ99-RJW3 RPLY Predictable Tmpfile Names Allows Cache Spoofing
The parser cache functionality in parsergenerator.py in RPLY aka python-rply before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-.json file with a predictable name...
SUSE: Security Advisory (SUSE-SU-2021:0776-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 Security Update : s390-tools (SUSE-SU-2021:0777-1)
This update for s390-tools fixes the following issues : Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. CVE-2021-25316: Do not use predictable temporary file names bsc1182777. Made the...
SUSE SLES12 Security Update : s390-tools (SUSE-SU-2021:0776-1)
This update for s390-tools fixes the following issues : Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. CVE-2021-25316: Do not use predictable temporary file names bsc1182777. Made the...
SUSE-SU-2021:0776-1 Security update for s390-tools
This update for s390-tools fixes the following issues: - Fixed an issue where IPL was not working when bootloader was installed on a SCSI disk with 4k physical blocksize without using a devicemapper target bsc1183041. - CVE-2021-25316: Do not use predictable temporary file names bsc1182777. - Mad...
GHSA-V3JV-WRF4-5845 Local Privilege Escalation in npm
Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission to write t...
Fortinet FortiClient Elevation of Privilege Vulnerability (CNVD-2020-34648)
Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...
GHSA-6CPC-MJ5C-M9RQ Arbitrary File Write in cli
Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of Concept By...
GIMP File Creation Vulnerability
GIMP GNU Image Manipulation Program, GNU Image Manipulation Program is a cross-platform open source image processing software developed by the GIMP team. The software enables a variety of image processing, including photo retouching, image compositing and image creation. A security vulnerability...
Local Privilege Escalation
Overview Affected versions of npm use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the npm process has permission t...
Arbitrary File Write
Overview Affected versions of cli use predictable temporary file names. If an attacker can create a symbolic link at the location of one of these temporarly file names, the attacker can arbitrarily write to any file that the user which owns the cli process has permission to write to. Proof of...
Fedora 23 : perl-IPTables-Parse-1.5-2.fc23 (2015-0c153d3319)
Update to IPTables-Parse-1.5 - Fix use of predictable temporary file names Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Debian DSA-3284-1 : qemu - security update
Several vulnerabilities were discovered in qemu, a fast processor emulator. - CVE-2015-3209 Matt Tait of Google's Project Zero security team discovered a flaw in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD packets with a length above 4096 bytes. A privileged guest user in a gues...