CWE-378 · Creation of Temporary File With Insecure Permissions
41 CVEs classified under CWE-378 (Creation of Temporary File With Insecure Permissions). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-39872 | Critical | 9.6 | 2024-07-09 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temp… |
CVE-2025-32438 | High | 8.8 | 2025-04-15 | make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable e… |
CVE-2025-27148 | High | 8.8 | 2025-02-25 | Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory ca… |
CVE-2021-29428 | High | 8.8 | 2021-04-13 | In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and… |
CVE-2026-33572 | High | 8.4 | 2026-03-29 | OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attac… |
CVE-2026-4137 | High | 7.8 | 2026-05-18 | In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-… |
CVE-2025-38747 | High | 7.8 | 2025-08-06 | Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated… |
CVE-2024-7358 | High | 7.8 | 2024-08-01 | A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown func… |
CVE-2022-24411 | High | 7.8 | 2022-04-12 | Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE c… |
CVE-2021-25314 | High | 7.8 | 2021-04-14 | A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Ava… |
CVE-2025-46685 | High | 7.5 | 2026-01-13 | Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged atta… |
CVE-2025-4953 | High | 7.4 | 2025-09-16 | A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can… |
CVE-2025-7647 | High | 7.3 | 2025-09-27 | The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `… |
CVE-2026-4822 | High | 7.0 | 2026-03-25 | A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of th… |
CVE-2021-1426 | High | 7.0 | 2021-05-06 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated… |
CVE-2021-1427 | High | 7.0 | 2021-05-06 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated… |
CVE-2021-1496 | High | 7.0 | 2021-05-06 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated… |
CVE-2021-1429 | High | 7.0 | 2021-05-06 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated… |
CVE-2021-1430 | High | 7.0 | 2021-05-06 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated… |
CVE-2021-1428 | High | 7.0 | 2021-05-06 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated… |