Race condition

Race condition in the libreswan.spec files for Red Hat Enterprise Linux RHEL and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file...

CVE-2013-6955

webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header...

PT-2014-3236 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions 4.0 through 4.0-2258 Synology DiskStation Manager DSM versions 4.2 through 4.2-3242 Synology DiskStation Manager DSM versions 4.3 through 4.3-3809 Description: The issue allows remote attackers to...

CVE-2013-6402

base/pkit.py in HP Linux Imaging and Printing HPLIP through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file...

CVE-2013-2119

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service prevent application start or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem...

Fedora 18 : wireshark-1.10.2-4.fc18 (2013-17635)

dumpcap now stores temporary capture files in /var/tmp - Convert automake/pkgconfig files into patches better upstream integration - Restored category in the .desktop file - Install another one necessary header file - framedatasequence.h - Add basic OpenFlow dissector - Ver. 1.10.2 - Ver. 1.10.1...

CVE-2012-0426

Race condition in sapsuseclusterconnector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory...

Race condition

Race condition in sapsuseclusterconnector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory...

CVE-2012-0426

Race condition in sapsuseclusterconnector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory...

Design/Logic Flaw

OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on 1 ibdiagnet.db, 2 ibdiagnet.fdbs, 3 ibdiagnetibis.log, 4 ibdiagnet.log, 5 ibdiagnet.lst, 6 ibdiagnet.mcfdbs, 7 ibdiagnet.pkey, 8 ibdiagnet.psl, 9 ibdiagnet.slvl, or 10 ibdiagnet.sm in /tmp/...

core: Insecure temporary file usage in nagios.upgrade_to_v3.sh

nagios.upgradetov3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/...

CVE-2013-4437

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

Code injection

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

PYSEC-2013-27

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

CVE-2013-4437

Removed by vendor...

CVE-2013-4437

Unspecified vulnerability in salt-ssh in Salt aka SaltStack 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."...

CVE-2013-4437

Technical details for CVE-2013-4437 are not publicly provided in the supplied documents. Monitor for updates and new disclosures.

Code injection

Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the 1 e, 2 local-bricks.list, 3 bricks.err, or 4 limits.conf files in /tmp...

DEBIAN-CVE-2013-1444

A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222...

CVE-2013-4136

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...