77 matches found
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
CVE-2023-29465
SageMath FlintQS 1.0 relies on pathnames under TMPDIR typically world-writable, which for example allows a local user to overwrite files with the privileges of a different user who is running FlintQS...
GHSA-584M-7R4M-8J6V Incorrect Authorization in Jenkins Core
When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and , and LTS prior to 2.387.1 creates this temporary file in the default temporar...
PT-2023-21405 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.393 and earlier Jenkins LTS versions 2.375.3 and earlier Description: The issue arises when Jenkins creates a temporary file in the default temporary directory with default permissions for newly created files during plugin...
SUSE CVE-2018-6914
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. dot dot in the prefix argument...
SUSE CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreatin...
SUSE CVE-2022-24823
Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...
PT-2022-34023 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.138 Description: The issue is related to a potential security vulnerability in the Linux Kernel, specifically in the kbuild dummy-tools component. It concerns a tmpdir leak in dummy gcc. The actual impact...
PT-2022-33769 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.63 Description: The issue is related to a potential security vulnerability in the Linux Kernel, specifically in the kbuild dummy-tools component. It involves avoiding a tmpdir leak in dummy gcc. The actual...
PT-2022-33328 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to a potential security vulnerability in the Linux Kernel. It concerns a tmpdir leak in dummy gcc. The actual impact and attack plausibility have not yet been proven...
PT-2022-33393 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to a potential security vulnerability in the Linux Kernel, specifically in the kbuild dummy-tools component. It involves avoiding a tmpdir leak in dummy gcc. The actual...
GHSA-PXXV-RV32-2QGV OpenStack Nova uses insecure keystone middleware tmpdir by default
keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...
CVE-2021-28966
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...
CVE-2021-28966
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...
ALPINE-CVE-2021-28966
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...
Code injection
In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir...