CWE-377 · Insecure Temporary File
95 CVEs classified under CWE-377 (Insecure Temporary File). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2011-4119 | Critical | 9.8 | 2021-10-26 | caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install. |
CVE-2012-2666 | Critical | 9.8 | 2021-07-09 | golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and execute… |
CVE-2015-5224 | Critical | 9.8 | 2017-08-23 | The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. |
CVE-2013-4561 | Critical | 9.1 | 2022-06-30 | In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. |
CVE-2018-16494 | High | 8.8 | 2021-05-26 | In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result… |
CVE-2025-14307 | High | 8.1 | 2025-12-09 | An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely… |
CVE-2023-43498 | High | 8.1 | 2023-09-20 | In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temp… |
CVE-2022-21809 | High | 8.1 | 2022-05-12 | A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arb… |
CVE-2025-46369 | High | 7.8 | 2025-11-13 | Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local… |
CVE-2025-7707 | High | 7.8 | 2025-10-13 | The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user enviro… |
CVE-2025-34194 | High | 7.8 | 2025-09-19 | Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments)… |
CVE-2020-1991 | High | 7.8 | 2020-04-08 | An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files… |
CVE-2018-6705 | High | 7.8 | 2018-12-12 | Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command executi… |
CVE-2018-6704 | High | 7.8 | 2018-12-12 | Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command executi… |
CVE-2018-3710 | High | 7.8 | 2018-03-21 | Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execu… |
CVE-2025-67223 | High | 7.5 | 2026-04-28 | The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly acc… |
CVE-2026-20649 | High | 7.5 | 2026-02-11 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user… |
CVE-2013-4253 | High | 7.5 | 2022-10-19 | The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's aut… |
CVE-2022-0315 | High | 7.5 | 2022-03-24 | Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. |
CVE-2022-0736 | High | 7.5 | 2022-02-23 | Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. |