MAL-2025-41648 Malicious code in ctf-q21-empire-tmp-bw134347 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41647 Malicious code in ctf-q21-empire-tmp-bw134345 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ctf-q21-empire-tmp-bw121116 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in ctf-q21-empire-tmp-bw126616 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-9409

A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack...

Linux Distros Unpatched Vulnerability : CVE-2018-7441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating...

Linux Distros Unpatched Vulnerability : CVE-2013-4419

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of...

Malicious code in tmp-tmp3 (npm)

The package tmp-tmp3 was found to contain malicious code...

MAL-2025-36995 Malicious code in tmp-tmp3 (npm)

The package tmp-tmp3 was found to contain malicious code...

Fedora 42 : glib2 (2025-16acfe9927)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-16acfe9927 advisory. Resolve CVE-2025-7039 Buffer Under-read on GLib through glib/gfileutils.c via gettmpfile with several other bug fixes. Tenable has extracted the preceding...

PT-2025-33036

Name of the Vulnerable Software and Affected Versions: Amazon EMR versions 6.10 through 7.4 Amazon EMR version 7.5 and higher Description: Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this director...

Debian: Security Advisory (DLA-4268-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-4268 : node-tmp - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4268 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4268-1 [email protected] https://www.debian.org/lts/security/...

SUSE CVE-2025-54798

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

org.webjars.npm:bazel__karma (=1.7.0), org.webjars.npm:broccoli-merge-trees (=2.0.0) +15 more potentially affected by CVE-2025-54798 via org.webjars.npm:tmp (>=0.0.24 <=0.2.3)

org.webjars.npm:tmp MAVEN version =0.0.24, =2.1.0, =0.19.11, =0.2.11, =3.2.3, =6.5.0, =2.52.0, =4.10.0 - org.webjars.npm:snyk-go-plugin =1.5.2 - org.webjars.npm:snyk-python-plugin =1.8.1 and more Source cves: CVE-2025-54798 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-11501555...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the dir parameter. An attacker can cause files or directories to be written to arbitrary locations by supplying a crafted symbolic link that resolves outside the intended temporary directory. PoC const tmp =...

CVE-2025-54798

creationtimestamp| type| source ---|---|--- 2025-08-06 07:22:36+00:00| published-proof-of-concept| https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6...

RLSA-2025:11042 Moderate: socat security update

The socat utility establishes bi-directional byte streams and transfers data between them. The utility can establish streams between a large set of channels, such as files, pipes, devices, and sockets. Security Fixes: socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 F...

socat security update

An update is available for socat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The socat utility establishes bi-directional byte streams and transfers data...

socat: arbitrary file overwrite via predictable /tmp directory

A flaw was found in the readline.sh script of Socat through version 1.8.0.1. This vulnerability can allow attackers to exploit improper use of a predictable temporary file...