CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1107 matches found

Github Security Blog•added 2022/05/05 2:48 a.m.•35 views

Incorrect Default Permissions in Apache Commons FileUpload

The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack...

3.3CVSS5.4AI score0.00068EPSS

Exploits1References7Affected Software1

OSV•added 2022/05/05 2:48 a.m.•19 views

GHSA-8MVW-22R7-W6FQ ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name

The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...

2.1CVSS5.9AI score0.00149EPSS

Exploits1References11

Github Security Blog•added 2022/05/05 2:48 a.m.•23 views

ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name

2.1CVSS4.3AI score0.00149EPSS

Exploits1References11Affected Software1

OSV•added 2022/05/05 12:29 a.m.•11 views

GHSA-42GQ-H7XJ-33R4 Features file injection vulnerability

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

5.4CVSS5.5AI score0.00244EPSS

Exploits1References5

Github Security Blog•added 2022/05/05 12:29 a.m.•19 views

Features file injection vulnerability

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

5.4CVSS3.9AI score0.00244EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2022/05/01 2:0 a.m.•16 views

Cheetah Path Search Order Hijacking

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...

7.2CVSS7.5AI score0.00054EPSS

Exploits0References4Affected Software1

OSV•added 2022/05/01 2:0 a.m.•9 views

GHSA-VXF2-7RC3-PXMX Cheetah Path Search Order Hijacking

7.2CVSS7AI score0.00054EPSS

Exploits0References3

OSV•added 2022/04/23 12:40 a.m.•21 views

GHSA-V5C9-98F7-2H54 Hadoop symlink vulnerability

Hadoop 1.0.3 contains a symlink vulnerability as a result of storing pid files in the shared /tmp directory by default...

7.5CVSS7.4AI score0.01713EPSS

Exploits2References5

OSV•added 2022/04/12 8:15 p.m.•1 views

AZL-9357 CVE-2022-27378 affecting package mariadb for versions less than 10.6.8-1

An issue in the component Createtmptable::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

7.5CVSS7.2AI score0.00217EPSS

Exploits1References1

OSV•added 2022/04/12 8:15 p.m.•1 views

UBUNTU-CVE-2022-27378

An issue in the component Createtmptable::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service DoS via specially crafted SQL statements...

7.5CVSS7.2AI score0.00217EPSS

Exploits1References4

OSV•added 2022/04/07 2:15 a.m.•14 views

CVE-2022-27818

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...

9.1CVSS9AI score

Exploits0References3

Cvelist•added 2022/04/07 1:35 a.m.•11 views

CVE-2022-27818

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service...

9.3AI score0.00486EPSS

Exploits0References3

CNVD•added 2022/04/07 12:0 a.m.•13 views

SWHKD has unspecified vulnerabilities (CNVD-2022-43218)

SWHKD is a display protocol-independent hotkey daemon made with Rust. A security vulnerability exists in SWHKD, which stems from the insecure use of the /tmp/swhkd.sock pathname. An attacker could exploit the vulnerability to obtain sensitive information or launch a denial-of-service attack...

9.1CVSS2.1AI score0.00486EPSS

Exploits0References1

CNVD•added 2022/04/01 12:0 a.m.•14 views

SWHKD Denial of Service Vulnerability

SWHKD is a display protocol independent hotkey daemon made in Rust. A denial of service vulnerability exists in SWHKD version 1.1.5, which stems from the insecure use of the /tmp/swhks.pid pathname and can be exploited by an attacker to potentially cause a denial of service...

7.1CVSS6.7AI score0.00119EPSS

Exploits1References1

OSV•added 2022/03/31 12:0 a.m.•13 views

GHSA-8M49-2XJ8-67V9 Data Loss/Denial of Service in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository...

7.1CVSS6.8AI score0.00119EPSS

Exploits1References5

GitLab Advisory Database•added 2022/03/31 12:0 a.m.•3 views

Data Loss/Denial of Service in SWHKD

SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository...

7.1CVSS7.1AI score0.00119EPSS

Exploits1References5Affected Software1