Lucene search
K

280 matches found

OSV
OSV
added 2020/06/24 5:15 p.m.3 views

CVE-2020-11960

Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in cupload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS...

9.8CVSS7.3AI score0.01433EPSS
Exploits0References1
NVD
NVD
added 2020/05/11 2:15 p.m.21 views

CVE-2020-10685

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchiv...

5.5CVSS6AI score0.00376EPSS
Exploits0References4
CNVD
CNVD
added 2020/04/23 12:0 a.m.1 views

Unspecified Vulnerability in GitLab (CNVD-2020-25736)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise and...

7.5CVSS6.5AI score0.01174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/03/11 12:0 a.m.9 views

PT-2020-6579

Name of the Vulnerable Software and Affected Versions Ansible Engine versions 2.7.17 and prior Ansible Engine versions 2.8.9 and prior Ansible Engine versions 2.9.6 and prior Description The issue is related to a race condition flaw in Ansible Engine when running a playbook with an unprivileged...

5CVSS7.6AI score0.004EPSS
Exploits1References199
NVD
NVD
added 2019/12/26 9:15 p.m.15 views

CVE-2013-4318

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

5.4CVSS5.6AI score0.0081EPSS
Exploits1References2
Prion
Prion
added 2019/12/26 9:15 p.m.12 views

Design/Logic Flaw

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

3.5CVSS7.4AI score0.0081EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2019/12/26 8:49 p.m.99 views

CVE-2013-4318

CVE-2013-4318 affects the Ruby Gems Features package (Ruby Features 0.3.0). The issue is a file handling flaw where input submitted to /tmp/out.html is not properly validated, enabling a local cross-site scripting (XSS) attack. Some sources describe the risk as a local XSS, while others reference...

5.4CVSS5.5AI score0.0081EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/12/26 8:49 p.m.18 views

CVE-2013-4318

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

5.6AI score0.0081EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/12/05 7:15 p.m.30 views

CVE-2012-1105

An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner...

5.5CVSS6.1AI score0.00464EPSS
Exploits0References2
NVD
NVD
added 2019/11/22 7:15 p.m.26 views

CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

9.8CVSS9.6AI score0.01672EPSS
Exploits0References4
OSV
OSV
added 2019/11/22 7:15 p.m.6 views

UBUNTU-CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

9.8CVSS7.3AI score0.01672EPSS
Exploits0References2
Prion
Prion
added 2019/11/22 7:15 p.m.19 views

Code injection

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

5CVSS7.2AI score0.01672EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2019/11/22 6:22 p.m.19 views

CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

9.6AI score0.01672EPSS
Exploits0References4
CVE
CVE
added 2019/11/22 6:22 p.m.121 views

CVE-2014-6311

The CVE-2014-6311 entry describes a privilege-escalation flaw in ace prior to 6.2.7+dfsg-2 where generate_doygen.pl creates predictable file names in /tmp. The documented impact is elevated privileges for attackers who can leverage these predictable names. Affected component: ace (script generate...

9.8CVSS9.5AI score0.01672EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2019/11/22 6:22 p.m.41 views

CVE-2014-6311

generatedoygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges...

9.8CVSS8.6AI score0.01672EPSS
Exploits0
NVD
NVD
added 2019/11/21 2:15 p.m.13 views

CVE-2013-7171

Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges...

10CVSS9.8AI score0.06344EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2019/11/21 2:15 p.m.28 views

CVE-2013-7171

Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges...

10CVSS7.5AI score0.06344EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/11/21 1:46 p.m.15 views

CVE-2013-7171

Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges...

9.8AI score0.06344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/10/04 8:56 p.m.16 views

CVE-2008-5703

gpsdrive aka gpsdrive-scripts 2.10pre4 allows local users to overwrite arbitrary files via a symlink attack on the a /tmp/.smswatch or b /tmp/gpsdrivepos temporary file, related to 1 examples/gpssmswatch and 2 src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380...

6.9CVSS6.2AI score0.0045EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/08/07 12:21 p.m.24 views

CVE-2016-10799

cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation SEC-137...

5.6AI score0.00307EPSS
Exploits0References1
Rows per page
Query Builder