CWE-377 · Insecure Temporary File

95 CVEs classified under CWE-377 (Insecure Temporary File). Browse by severity and year.

Top CVEs for CWE-377
CVESeverityScorePublishedSummary
CVE-2011-4119Critical9.82021-10-26caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.
CVE-2012-2666Critical9.82021-07-09golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and execute…
CVE-2015-5224Critical9.82017-08-23The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
CVE-2013-4561Critical9.12022-06-30In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity.
CVE-2018-16494High8.82021-05-26In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result…
CVE-2025-14307High8.12025-12-09An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely…
CVE-2023-43498High8.12023-09-20In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temp…
CVE-2022-21809High8.12022-05-12A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arb…
CVE-2025-46369High7.82025-11-13Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local…
CVE-2025-7707High7.82025-10-13The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user enviro…
CVE-2025-34194High7.82025-09-19Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments)…
CVE-2020-1991High7.82020-04-08An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files…
CVE-2018-6705High7.82018-12-12Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command executi…
CVE-2018-6704High7.82018-12-12Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command executi…
CVE-2018-3710High7.82018-03-21Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execu…
CVE-2025-67223High7.52026-04-28The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly acc…
CVE-2026-20649High7.52026-02-11A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user…
CVE-2013-4253High7.52022-10-19The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's aut…
CVE-2022-0315High7.52022-03-24Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
CVE-2022-0736High7.52022-02-23Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.