CWE-379 在具有不安全权限的目录中创建临时文件 类弱点 44 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-379属于临时文件权限配置不当漏洞。当程序在权限过宽的目录中创建临时文件时,未授权用户可探测文件存在并推断应用身份,进而可能利用竞争条件或符号链接进行攻击。开发者应确保临时目录权限严格受限,仅允许目标进程访问,或使用原子操作创建文件,避免暴露敏感信息或引发权限提升风险。
FILE *stream; if( (stream = tmpfile()) == NULL ) { perror("Could not open new temporary file\n"); return (-1); } // write data to tmp file ... // remove tmp file rmtmp();try { File temp = File.createTempFile("pattern", ".suffix"); temp.deleteOnExit(); BufferedWriter out = new BufferedWriter(new FileWriter(temp)); out.write("aString"); out.close(); } catch (IOException e) { }| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-42191 | OpenTelemetry .NET Contrib 安全漏洞 — opentelemetry-dotnet | 6.5 | Medium | 2026-05-12 |
| CVE-2019-25677 | WinRAR 安全漏洞 — WinRAR | 6.2 | Medium | 2026-04-05 |
| CVE-2025-10279 | MLflow 安全漏洞 — mlflow/mlflow | 7.0AI | HighAI | 2026-02-02 |
| CVE-2025-71176 | Pytest 安全漏洞 — pytest | 6.8 | Medium | 2026-01-22 |
| CVE-2025-64896 | Adobe Creative Cloud Desktop 安全漏洞 — Creative Cloud Desktop | 5.5 | Medium | 2025-12-09 |
| CVE-2025-33111 | IBM Cognos Controller和IBM Controller 安全漏洞 — Controller | 4.3 | Medium | 2025-12-08 |
| CVE-2024-7562 | Flexera InstallShield 安全漏洞 — InstallShield | 7.8AI | HighAI | 2025-06-12 |
| CVE-2025-21162 | Adobe Photoshop 安全漏洞 — Photoshop Elements | 5.5 | Medium | 2025-02-11 |
| CVE-2025-21173 | Microsoft .NET 安全漏洞 — .NET 8.0 | 7.3 | High | 2025-01-14 |
| CVE-2024-9950 | ForeScout SecureConnector 安全漏洞 — SecureConnector | 6.2 | - | 2025-01-02 |
| CVE-2024-9500 | Autodesk installer 安全漏洞 — Installer | 7.8 | High | 2024-11-15 |
| CVE-2023-6080 | Lakeside SysTrack LsiAgent 安全漏洞 — SysTrack LsiAgent Installer | 7.8 | - | 2024-10-18 |
| CVE-2023-38533 | Siemens TIA Administrator 安全漏洞 — TIA Administrator | 3.3 | Low | 2024-06-11 |
| CVE-2024-24693 | Zoom Rooms 安全漏洞 — Zoom Rooms Client for Windows | 7.2 | High | 2024-03-13 |
| CVE-2023-3181 | Splashtop Software Updater 安全漏洞 — Splashtop Software Updater | 7.8 | High | 2024-01-25 |
| CVE-2023-49797 | PyInstaller 安全漏洞 — pyinstaller | 8.8 | High | 2023-12-09 |
| CVE-2023-3972 | Red Hat Insights 安全漏洞 — Red Hat Enterprise Linux 7 | 7.8 | High | 2023-11-01 |
| CVE-2023-37243 | Atera Agent Package Availability 安全漏洞 — Atera Agent Package Availability | 7.8 | High | 2023-10-31 |
| CVE-2023-32450 | Dell Power Manager 安全漏洞 — Dell Power Manager (DPM) | 6.1 | Medium | 2023-07-27 |
| CVE-2023-26396 | Adobe Acrobat Reader 安全漏洞 — Acrobat Reader | 7.8 | High | 2023-04-12 |
| CVE-2023-21611 | Adobe Acrobat Reader 安全漏洞 — Acrobat Reader | 7.8 | High | 2023-01-18 |
| CVE-2023-21612 | Adobe Acrobat Reader安全漏洞 — Acrobat Reader | 7.8 | High | 2023-01-18 |
| CVE-2022-23950 | Keylime 安全漏洞 — keylime | 6.5 | - | 2022-09-21 |
| CVE-2021-40776 | Adobe Lightroom Classic 安全漏洞 — Lightroom Classic | 6.1 | Medium | 2022-06-15 |
| CVE-2022-23163 | Dell Technologies Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS | 4.7 | Medium | 2022-04-12 |
| CVE-2021-43017 | Adobe Creative Cloud Desktop Application 安全漏洞 — GoCart | 4.2 | Medium | 2021-11-18 |
| CVE-2021-40708 | Adobe Genuine 安全漏洞 — GoCart | 7.3 | High | 2021-09-29 |
| CVE-2021-39828 | Adobe Digital Editions 安全漏洞 — Digital Editions | 5.8 | Medium | 2021-09-27 |
| CVE-2021-39827 | Adobe Digital Editions 安全漏洞 — Digital Editions | 6.5 | Medium | 2021-09-27 |
| CVE-2021-28613 | Adobe Creative Cloud Desktop Application 访问控制错误漏洞 — Creative Cloud (desktop component) | 7.4 | High | 2021-09-27 |
CWE-379(在具有不安全权限的目录中创建临时文件) 是常见的弱点类别,本平台收录该类弱点关联的 44 条 CVE 漏洞。