Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64896 | 2 Adobe, Apple | 3 Creative Cloud, Creative Cloud Desktop Application, Macos | 2025-12-12 | 5.5 Medium |
| Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to disrupt the application's functionality by manipulating temporary files. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-33111 | 1 Ibm | 2 Cognos Controller, Controller | 2025-12-10 | 4.3 Medium |
| IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks. | ||||
| CVE-2023-3972 | 1 Redhat | 23 Enterprise Linux, Enterprise Linux Aus, Enterprise Linux Desktop and 20 more | 2025-11-20 | 7.8 High |
| A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). | ||||
| CVE-2023-40438 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-11-04 | 5.5 Medium |
| An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory. | ||||
| CVE-2024-9950 | 2 Forescout, Microsoft | 2 Secureconnector, Windows | 2025-10-17 | 7.8 High |
| A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory. | ||||
| CVE-2024-12911 | 1 Llamaindex | 1 Llamaindex | 2025-10-15 | N/A |
| A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.5.1. | ||||
| CVE-2024-9500 | 1 Autodesk | 1 Installer | 2025-10-06 | 7.8 High |
| A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. | ||||
| CVE-2025-21173 | 3 Linux, Microsoft, Redhat | 5 Linux Kernel, .net, Visual Studio 2022 and 2 more | 2025-09-09 | 7.3 High |
| .NET Elevation of Privilege Vulnerability | ||||
| CVE-2023-38533 | 1 Siemens | 1 Tia Administrator | 2025-08-21 | 3.3 Low |
| A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any authenticated attacker on Windows to disrupt the update process. | ||||
| CVE-2023-3181 | 2 Microsoft, Splashtop | 6 Windows, Mirroring360 Receiver, Mirroring360 Sender and 3 more | 2025-08-14 | 7.8 High |
| The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamer’s Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | ||||
| CVE-2025-21162 | 2 Adobe, Apple | 2 Photoshop Elements, Macos | 2025-07-25 | 5.5 Medium |
| Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-7562 | 2025-06-17 | N/A | ||
| A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022 R2 and InstallShield 2021 R2) are affected by this issue. | ||||
| CVE-2025-32802 | 1 Redhat | 1 Enterprise Linux | 2025-05-29 | 6.1 Medium |
| Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. | ||||
| CVE-2022-23950 | 1 Keylime | 1 Keylime | 2025-05-27 | 7.5 High |
| In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations. | ||||
| CVE-2021-21068 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud Desktop Application, Macos, Windows | 2025-04-23 | 6.1 Medium |
| Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction. | ||||
| CVE-2021-21100 | 2 Adobe, Apple | 2 Digital Editions, Macos | 2025-04-23 | 7.8 High |
| Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary file system write in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2021-28597 | 3 Adobe, Apple, Microsoft | 3 Photoshop Elements, Macos, Windows | 2025-04-23 | 5.5 Medium |
| Adobe Photoshop Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | ||||
| CVE-2021-28623 | 2 Adobe, Microsoft | 2 Premiere Elements, Windows | 2025-04-23 | 5.5 Medium |
| Adobe Premiere Elements version 5.2 (and earlier) is affected by an insecure temporary file creation vulnerability. An unauthenticated attacker could leverage this vulnerability to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction. | ||||
| CVE-2021-39828 | 2 Adobe, Apple | 2 Digital Editions, Macos | 2025-04-23 | 5.8 Medium |
| Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a privilege escalation vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. | ||||
| CVE-2021-43017 | 2 Adobe, Apple | 2 Creative Cloud Desktop Application, Macos | 2025-04-23 | 4.2 Medium |
| Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of service by planting a malicious file on the victim's local machine. User interaction is required before product installation to abuse this vulnerability. | ||||