Total
71 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23287 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-11-04 | N/A | 5.5 MEDIUM |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data. | |||||
| CVE-2022-41946 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql Jdbc Driver | 2025-11-03 | N/A | 4.7 MEDIUM |
| pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability. | |||||
| CVE-2025-7707 | 1 Llamaindex | 1 Llamaindex | 2025-10-21 | N/A | 7.8 HIGH |
| The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability arises from the use of a shared cache directory instead of a user-specific one, making it susceptible to local data tampering and denial of service. | |||||
| CVE-2025-34194 | 2 Microsoft, Vasion | 3 Windows, Virtual Appliance Application, Virtual Appliance Host | 2025-09-29 | N/A | 7.8 HIGH |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file handling vulnerability in the PrinterInstallerClient components. The software creates files as NT AUTHORITY\SYSTEM inside a directory under the control of the local user (C:\Users\%USER%\AppData\Local\Temp\). An attacker who can place symbolic links or otherwise influence filenames in that directory can cause the service to follow the link and write to arbitrary filesystem locations as SYSTEM. This allows a local, unprivileged user to overwrite or create files as SYSTEM, leading to local privilege escalation and the ability to modify configuration files, replace or inject binaries, or otherwise compromise confidentiality, integrity, and availability of the system. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced. | |||||
| CVE-2025-61659 | 2025-09-29 | N/A | 6.8 MEDIUM | ||
| bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name. | |||||
| CVE-2025-9474 | 2025-08-26 | 3.5 LOW | 4.5 MEDIUM | ||
| A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. | |||||
| CVE-2015-0849 | 1 Debian | 1 Pycode-browser | 2025-08-06 | N/A | 3.9 LOW |
| pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability. | |||||
| CVE-2024-22236 | 1 Vmware | 1 Spring Cloud Contract | 2025-06-03 | N/A | 3.3 LOW |
| In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | |||||
| CVE-2017-20147 | 1 Smokeping | 1 Smokeping | 2025-05-29 | N/A | 6.5 MEDIUM |
| In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped. | |||||
| CVE-2013-4253 | 1 Redhat | 1 Openshift | 2025-05-09 | N/A | 7.5 HIGH |
| The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. | |||||
| CVE-2017-7560 | 1 Redhat | 1 Rhnsd | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. | |||||
| CVE-2017-7549 | 2 Openstack, Redhat | 2 Instack-undercloud, Openstack | 2025-04-20 | 3.3 LOW | 6.4 MEDIUM |
| A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files. | |||||
| CVE-2022-26386 | 3 Apple, Linux, Mozilla | 4 Macos, Linux Kernel, Firefox Esr and 1 more | 2025-04-15 | N/A | 6.5 MEDIUM |
| Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in <code>/tmp</code>, but this behavior was changed to download them to <code>/tmp</code> where they could be affected by other local users. This behavior was reverted to the original, user-specific directory. <br>*This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7. | |||||
| CVE-2022-24913 | 1 Java-merge-sort Project | 1 Java-merge-sort | 2025-04-08 | N/A | 5.5 MEDIUM |
| Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. | |||||
| CVE-2024-2313 | 2025-03-13 | N/A | 2.8 LOW | ||
| If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. | |||||
| CVE-2024-49506 | 2024-11-21 | N/A | N/A | ||
| Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem | |||||
| CVE-2024-34490 | 2024-11-21 | N/A | 5.1 MEDIUM | ||
| In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d. | |||||
| CVE-2023-49347 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-11-21 | N/A | 6.0 MEDIUM |
| Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application. | |||||
| CVE-2023-49346 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-11-21 | N/A | 6.0 MEDIUM |
| Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||
| CVE-2023-49345 | 1 Ubuntubudgie | 1 Budgie Extras | 2024-11-21 | N/A | 6.0 MEDIUM |
| Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. | |||||