SUSE CVE-2018-14650

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the...

SUSE CVE-2008-5843

Multiple untrusted search path vulnerabilities in pdfjam allow local users to gain privileges via a Trojan horse program in 1 the current working directory or 2 /var/tmp, related to the a pdf90, b pdfjoin, and c pdfnup scripts...

ansible: insecure temporary directory when running become_user from become directive

A race condition flaw was found in Ansible Engine when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p "; this operation does not fail if...

ALPINE-CVE-2020-1733

A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask...

PYSEC-2017-72

sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive...

UBUNTU-CVE-2016-10120

Firejail uses 0777 permissions when mounting 1 /dev, 2 /dev/shm, 3 /var/tmp, or 4 /var/lock, which allows local users to gain privileges...

DEBIAN-CVE-2006-1695

The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-PID...