CVE-2013-0180

Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds...

PT-2019-6829 · Red Hat · Openshift

Name of the Vulnerable Software and Affected Versions: OpenShift affected versions not specified Description: The issue is related to the improper creation of files in /tmp by the dump.sh script in the cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin directory of OpenShift...

CVE-2019-3881

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

CVE-2010-2061

rpcbind 0.2.0 does not properly validate 1 /tmp/portmap.xdr and 2 /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started...

CVE-2010-2061

rpcbind 0.2.0 does not properly validate 1 /tmp/portmap.xdr and 2 /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started...

CVE-2010-2064

rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on 1 /tmp/portmap.xdr and 2 /tmp/rpcbind.xdr...

Design/Logic Flaw

rpcbind 0.2.0 does not properly validate 1 /tmp/portmap.xdr and 2 /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started...

CVE-2008-5703

gpsdrive aka gpsdrive-scripts 2.10pre4 allows local users to overwrite arbitrary files via a symlink attack on the a /tmp/.smswatch or b /tmp/gpsdrivepos temporary file, related to 1 examples/gpssmswatch and 2 src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380...

CVE-2019-15513

An issue was discovered in OpenWrt libuci aka Library for the Unified Configuration Interface before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang...

keycloak-httpd-client-install security, bug fix, and enhancement update

0.8-1 - Resolves: rhbz1673716 - Rebase k-h-c-i to version 0.8 - The rebase also includes fixes for: - rhbz1533190 - CVE-2017-15111 keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloakcli.py - rhbz1533202 - CVE-2017-15112 keycloak-httpd-client-install: unsafe use of...

CVE-2016-10799

cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation SEC-137...

CVE-2019-13385

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log...

Security update for bubblewrap (important)

openSUSE Security Update: Security update for bubblewrap Announcement ID: openSUSE-SU-2019:1721-1 Rating: important References: 1136958 Cross-References: CVE-2019-12439 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...

Design/Logic Flaw

A vulnerability in the London Trust Media Private Internet Access PIA VPN Client v82 for Linux could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The rootrunner.64 binary is setuid root. This binary executes /opt/pia/ruby/64/ruby, which in turn attempts t...

Malicious Package

Overview All versions of malicious-do-not-install contain malicious code. The package copies the contents of /etc/passwd and /etc/shadow to files in the local /tmp/ folder. Recommendation Remove the package from your environment and rotate affected credentials. References GitHub Advisory...

DEBIAN-CVE-2019-12779

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...

CVE-2019-12439

bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations related to XDGRUNTIMEDIR, a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code...

CVE-2018-7441

Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junksplitimage.ps in prog/splitimage2pdf.c...

CVE-2017-18196

Leptonica 1.74.4 constructs unintended pathnames containing duplicated path components when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as...

Carriage Return And Line Feed (CRLF) Injection

Red Hat OpenShift Enterprise is a cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. Refer to the Red Hat OpenShift Enterprise 1.1 Release Notes for information about the changes in this release. The Release Notes will be available shortly fr...