CVE-2025-7647

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the getcachedir function where a predictable, hardcoded directory path /tmp/llamaindex is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal...

Linux Distros Unpatched Vulnerability : CVE-2022-40299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Singular before 4.3.1, a predictable /tmp pathname is used e.g., by sdb.cc, which allows local users to gain the privileges of other users via a procedure in...

SUSE CVE-2025-21737

In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in cephmdsauthmatch We now free the temporary target path substring allocation on every possible branch, instead of omitting the default branch. In some cases, a memory leak occured, which could rapidly cras...

PT-2024-41043 · Hewlett Packard · Hplip

Name of the Vulnerable Software and Affected Versions: hplip affected versions not specified Description: The issue is related to security problems in the hpps program of hplip, specifically due to the fixed /tmp path usage in the prnt/hpps/hppsfilter.c file. Recommendations: At the moment, there...

SUSE CVE-2009-3274

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp locati...

SUSE CVE-2018-7441

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...

SUSE CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

OESA-2022-2086 python-pillow security update

Security Fixes: Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.CVE-2022-24303...

CVE-2022-40299

In Singular before 4.3.1, a predictable /tmp pathname is used e.g., by sdb.cc, which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathname...

Singular 安全特征问题漏洞

Singular is a computer algebra system for polynomial computation open-sourced by Singular in Germany. A security vulnerability exists in versions of Singular prior to 4.3.1 that stems from its use of a predictable /tmp pathname e.g., sdb.cc, which allows a local user to gain privileges from other...

Medium: docker

Issue Overview: A flaw was found in moby. Moby buildkit calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. CVE-2020-27534 Affected Packages: docker Note: This advisory is applicable to Amazon Linux 2 -...

InstallBuilder安全特征问题漏洞

Vmware InstallBuilder is a multi-platform installer development and automatic update tool from Vmware, Inc. A security vulnerability exists in InstallBuilder that stems from the fact that under certain circumstances on the InstallBuilder Windows version, the uninstaller binary copies itself to a...

Exploit for Session Fixation in Gogs

CVE-2018-18925 Exploitation of CVE-2018-18925 a Remote Code Ex...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution. Bundler uses a predictable path in /tmp/, which is created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If is is used in a scenario...

PT-2020-16700 · Docker · Docker Engine +1

Name of the Vulnerable Software and Affected Versions: Docker Engine versions prior to 19.03.9 Description: The issue arises from the util/binfmt misc/check.go file in the Builder component of Docker Engine, where it calls os.OpenFile with a potentially unsafe temporary pathname for qemu-check...

UBUNTU-CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

Timeshift Code Execution Vulnerability

Timeshift is a Linux system restore tool. The product supports the creation of file system snapshots and provides features such as snapshot recovery. A security vulnerability exists in Timeshift versions prior to 20.03, which stems from the 'inittmp' function of the TeeJee.FileSystem.vala file...

Novell openSUSE dracut Package Symbolic Link Vulnerability

Novell openSUSE is a set of free Linux-based operating systems from the American company Novell. A security vulnerability in the modules.d/90crypt/module-setup.sh file in Novell openSUSE's dracut allows a local attacker to corrupt system files via a symbolic link attack in /tmp/dracutblockuuid.ma...

CVE-2013-4093

The SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via 1 a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath...

Firefox: Predictable /tmp pathname use

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp locati...