Linux: noexec option on /tmp

The noexec mount option specifies that the filesystem cannot contain executable binaries. Since the /tmp filesystem is only intended for temporary file storage, set this option to ensure that users cannot run executable binaries from /tmp. SPDX-FileCopyrightText: 2020 Greenbone AG Some text...

Linux: noexec option on /var/tmp

The noexec mount option specifies that the filesystem cannot contain special devices. Since the /var/tmp filesystem is not intended to support devices, set this option to ensure that users cannot attempt to create block or character special devices in /var/tmp. SPDX-FileCopyrightText: 2020...

CVE-2014-1420

On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the OEXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by...

Open redirect

On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the OEXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by...

tmp-m.org Cross Site Scripting vulnerability OBB-1311980

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Code injection

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

CVE-2019-3881

CVE-2019-3881 affects Bundler prior to 2.1.0. The issue stems from an insecure, predictable temporary directory path in /tmp/ used to store gems when the user’s home directory is not writable. An attacker with local access could place a malicious file in this directory, which could later be loade...

CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

CVE-2019-3881

Removed by vendor...

FreeBSD : Gitlab -- Multiple Vulnerabilities (f7a97d43-c039-11ea-a051-001b217b3468)

Gitlab reports : Workhorse bypass allows files in /tmp to be read via Maven Repository APIs C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and contributors Redistribution...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Workhorse bypass allows files in /tmp to be read via Maven Repository APIs...

CVE-2020-11960

Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in cupload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS...

CVE-2020-11960

Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in cupload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS...

Security update for rubygem-bundler (moderate)

openSUSE Security Update: Security update for rubygem-bundler Announcement ID: openSUSE-SU-2020:0803-1 Rating: moderate References: 1143436 Cross-References: CVE-2019-3881 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

USN-4380-1: Apache Ant vulnerability

It was discovered that Apache Ant created temporary files with insecure permissions. An attacker could use this vulnerability to read sensitive information leaked into /tmp, or potentially inject malicious code into a project that is built with Apache Ant...

PT-2020-6975 · Audacity +5 · Audacity +5

Name of the Vulnerable Software and Affected Versions: Audacity versions 2.3.3 and earlier Description: The issue is related to the default permission settings in Audacity. When Audacity creates temporary files, it saves them to /var/tmp/audacity-$USER and sets the permissions to 755. This allows...

CVE-2020-10685

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchiv...

CVE-2020-12050

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library...

CVE-2020-12242

Valve Source allows local users to gain privileges by writing to the /tmp/hl2relaunch file, which is later executed in the context of a different user account...

Design/Logic Flaw

Valve Source allows local users to gain privileges by writing to the /tmp/hl2relaunch file, which is later executed in the context of a different user account...