Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-377 (不安全的临时文件) — Vulnerability Class 67

67 vulnerabilities classified as CWE-377 (不安全的临时文件). AI Chinese analysis included.

CWE-377 represents a critical software weakness involving the creation and use of insecure temporary files, which exposes sensitive application and system data to potential compromise. This vulnerability is typically exploited by attackers who predict or guess the filename of a temporary file, allowing them to create a symbolic link or a malicious file with the same name before the legitimate application writes to it. This substitution enables the attacker to overwrite critical data, execute arbitrary code, or escalate privileges by tricking the application into interacting with the malicious file instead of the intended temporary storage. To mitigate this risk, developers must ensure that temporary files are created with strict access controls, such as using secure file creation flags that prevent race conditions. Additionally, employing unique, unpredictable filenames and storing temporary data in directories with restricted permissions significantly reduces the attack surface, ensuring that only the intended process can access the sensitive information.

MITRE CWE Description
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
Common Consequences (1)
Confidentiality, IntegrityRead Files or Directories, Modify Files or Directories
Examples (1)
The following code uses a temporary file for storing intermediate data gathered from the network before it is processed.
if (tmpnam_r(filename)) { FILE* tmp = fopen(filename,"wb+"); while((recv(sock,recvbuf,DATA_SIZE, 0) > 0)&(amt!=0)) amt = fwrite(recvbuf,1,DATA_SIZE,tmp); } ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-40979 VMware Spring AI 安全漏洞 — Spring AI 6.1 Medium2026-04-28
CVE-2026-40973 VMware Spring Boot 安全漏洞 — Spring Boot 7.0 High2026-04-27
CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR — coreutils 3.3 Low2026-04-22
CVE-2026-20204 Improper Handling and Insufficient Isolation of Specific Temporary Files in Splunk Enterprise — Splunk Enterprise 7.1 High2026-04-15
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function — requests 4.4 Medium2026-03-25
CVE-2026-25701 openSUSE sdbootutil 安全漏洞 — sdbootutil 7.1AIHighAI2026-02-25
CVE-2025-14614 Quartus® Prime Standard and Quartus® Prime Lite Security Advisory — Quartus Prime Standard 6.7 Medium2026-01-06
CVE-2025-14612 Quartus Prime Pro Edition Advisory — Quartus Prime Pro 6.7 Medium2026-01-06
CVE-2025-14307 Insecure Temporary File Creation in Robocode's AutoExtract Component — Robocode 8.1AIHighAI2025-12-09
CVE-2025-46369 Dell Alienware Command Center 安全漏洞 — Alienware Command Center 6.x (AWCC) 7.8 High2025-11-13
CVE-2025-46368 Dell Alienware Command Center 安全漏洞 — Alienware Command Center 6.x (AWCC) 6.6 Medium2025-11-13
CVE-2025-7707 World-Writable NLTK Cache Directory Vulnerability in run-llama/llama_index — run-llama/llama_index 7.8 -2025-10-13
CVE-2025-61659 Informative git prompt for bash and fish 安全漏洞 — bash-git-prompt 6.8 Medium2025-09-29
CVE-2024-49506 Fixed temporary file path in aeon-checks allows fixing of disk encryption key — Tumbleweed 7.8AIHighAI2024-11-13
CVE-2024-10372 chidiwilliams buzz model_loader.py download_model temp file — buzz 4.5 Medium2024-10-25
CVE-2024-6654 Denial of Service vulnerability in ESET products for macOS — ESET Cyber Security 6.5AIMediumAI2024-09-27
CVE-2023-49346 Ubuntu Budgie Extras 安全漏洞 — Budgie Extras 6.0 Medium2023-12-14
CVE-2023-49344 Ubuntu Budgie Extras 安全漏洞 — Budgie Extras 6.0 Medium2023-12-14
CVE-2023-49342 Ubuntu Budgie Extras 安全漏洞 — Budgie Extras 6.0 Medium2023-12-14
CVE-2023-2800 Insecure Temporary File in huggingface/transformers — huggingface/transformers--2023-05-18
CVE-2022-34387 Dell SupportAssist for Home PCs 安全漏洞 — SupportAssist 6.4 Medium2023-02-10
CVE-2022-24913 java-merge-sort 安全漏洞 — com.fasterxml.util:java-merge-sort 5.5 Medium2023-01-12
CVE-2018-25068 devent globalpom-utils FileResourceManagerProvider.java createTmpDir temp file — globalpom-utils 6.3 Medium2023-01-06
CVE-2022-4817 centic9 jgit-cookbook temp file — jgit-cookbook 3.1 Low2022-12-28
CVE-2022-4641 pig-vector LogisticRegression.java LogisticRegression temp file — pig-vector 2.5 Low2022-12-21
CVE-2022-3969 OpenKM FileUtils.java getFileExtension temp file — OpenKM 2.6 Low2022-11-13
CVE-2022-3952 ManyDesigns Portofino WarFileLauncher.java createTempDir temp file — Portofino 2.6 Low2022-11-11
CVE-2013-4253 Red Hat OpenShift 安全漏洞 — Red Hat Openshift 9.1 -2022-10-19
CVE-2022-35631 Filesystem race on temporary files — Velociraptor 5.5 -2022-07-29
CVE-2013-4561 Red Hat OpenShift 安全漏洞 — openshift-origin-msg-node-mcollective 8.1 -2022-06-30

Vulnerabilities classified as CWE-377 (不安全的临时文件) represent 67 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.