CWE-377
Insecure Temporary File
Description
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-149 · CAPEC-155
CVEs mapped to this weakness (63)
page 4 of 4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-0162 | 0.00 | — | 0.00 | Mar 1, 2013 | The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | |||
| CVE-2012-1906 | 0.00 | — | 0.00 | May 29, 2012 | Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or… | |||
| CVE-2008-7252 | 0.00 | — | 0.03 | Jan 19, 2010 | libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors. |
- CVE-2013-0162Mar 1, 2013risk 0.00cvss —epss 0.00
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
- CVE-2012-1906May 29, 2012risk 0.00cvss —epss 0.00
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or…
- CVE-2008-7252Jan 19, 2010risk 0.00cvss —epss 0.03
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.