23 matches found
MAL-2026-10540 Malicious code in postcss-processor-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0253c4f750443ba47f0ab61347fa85a1659b847190a85757575e904966636da On require, src/index.js loads src/token-loader.js, which reads data/design-tokens.json, XOR-decodes the base64 blobs under encrypted.chunks using a...
CVE-2026-41991 Predictable Temporary File in GNU gzip
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...
PT-2026-43311
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A local symlink attack is possible due to predictable file paths in the /tmp directory. The software uses a default statistics file path at '/tmp/fastnetmon.dat'. The print scre...
CVE-2026-48693
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...
Amazon Linux 2023 : socat (ALAS2023-2026-1701)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1701 advisory. readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. CVE-2024-54661 Tenable has extracted the preceding description block directly from the tested product security advisory. Note...
EUVD-2025-31584
Malicious code in bioql PyPI...
CVE-2010-2449
Gource through 0.26 logs to a predictable file name /tmp/gource-$UID.tmp, enabling attackers to overwrite an arbitrary file via a symlink attack...
DEBIAN-CVE-2024-54661
readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file...
CVE-2024-49506 Fixed temporary file path in aeon-checks allows fixing of disk encryption key
Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem...
CVE-2024-49506
CVE-2024-49506 corresponds to an insecure temporary-file creation in aeon-checks/openSUSE-related tooling. The vulnerability allows a local attacker on systems with non-default configurations to cause a denial of service or set the filesystem encryption key. Several connected sources reference ae...
Insecure Temporary File
Overview Affected versions of this package are vulnerable to Insecure Temporary File through the use of the deprecated mktemp function, there is a risk of race conditions. This occurs because the function generates a temporary file name without ensuring exclusive access, allowing an opportunity f...
SUSE CVE-2011-3616
The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf...
SUSE CVE-2013-0180
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds...
SUSE CVE-2014-2312
The main function in androidmain.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid...
Insecure temporary file usage in SWHKD
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...
UBUNTU-CVE-2013-0178
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm...
CVE-2018-19789: Temporary uploaded file path disclosure
More info at https://symfony.com/cve-2018-19789...
CVE-2018-10824
An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. The administrative password is stored in plaintext in the /tmp/csman/0...
D-Link Router Password Plaintext Storage Vulnerability
The DWR-116, DIR-140, and DIR-640 are all D-Link router products. A password plaintext storage vulnerability exists in several series of D-Link routers, which stems from the administrative password being stored in plaintext in the /tmp/XXX /0 file. An attacker with directory traversal or LFI can...
CVE-2018-1150
NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists...