diff --git a/SOURCES/sblim-gather-2.2.9-covscan-fixes.patch b/SOURCES/sblim-gather-2.2.9-covscan-fixes.patch
new file mode 100644
index 0000000..8e3aebf
--- /dev/null
+++ b/SOURCES/sblim-gather-2.2.9-covscan-fixes.patch
@@ -0,0 +1,59 @@
+diff -up sblim-gather-2.2.9/plugin/cimplugLocalFileSystem.c.orig sblim-gather-2.2.9/plugin/cimplugLocalFileSystem.c
+--- sblim-gather-2.2.9/plugin/cimplugLocalFileSystem.c.orig	2014-10-09 23:29:09.000000000 +0200
++++ sblim-gather-2.2.9/plugin/cimplugLocalFileSystem.c	2021-08-16 11:44:16.249428364 +0200
+@@ -28,14 +28,15 @@ CMPIObjectPath* COP4VALID (CMPIBroker *b
+ {
+   CMPIObjectPath *cop; 
+   char *fsclass;
+-  char  fsname[300];
++  char  fsname[301];
+   char *fstype, *idx2;
+   
+   if (id==NULL || systemid==NULL) {
+     return NULL;
+   }
+ 
+-  strncpy(fsname,id,sizeof(fsname));
++  strncpy(fsname,id,sizeof(fsname)-1);
++  fsname[sizeof(fsname)-1] = '\0';
+   fstype = strchr(fsname,'(');
+   idx2 = strchr(fsname,')');
+   if (fstype && idx2 && fstype < idx2) {
+diff -up sblim-gather-2.2.9/provider/OSBase_MetricIndicationProvider.c.orig sblim-gather-2.2.9/provider/OSBase_MetricIndicationProvider.c
+--- sblim-gather-2.2.9/provider/OSBase_MetricIndicationProvider.c.orig	2014-10-09 23:29:10.000000000 +0200
++++ sblim-gather-2.2.9/provider/OSBase_MetricIndicationProvider.c	2021-08-16 11:40:35.511820637 +0200
+@@ -364,10 +364,13 @@ static int removeListenFilter(const CMPI
+ 	free (lf->lf_namespace);
+       }
+       free(lf);
++      lf = NULL;
+       state=0;
+     }
+-    prev = lf;
+-    lf = lf->lf_next;
++    if (lf) {
++      prev = lf;
++      lf = lf->lf_next;
++    }
+   }
+   pthread_mutex_unlock(&listenMutex);
+   return state;
+diff -up sblim-gather-2.2.9/provider/OSBase_MetricLifeCycleProvider.c.orig sblim-gather-2.2.9/provider/OSBase_MetricLifeCycleProvider.c
+--- sblim-gather-2.2.9/provider/OSBase_MetricLifeCycleProvider.c.orig	2014-10-09 23:29:10.000000000 +0200
++++ sblim-gather-2.2.9/provider/OSBase_MetricLifeCycleProvider.c	2021-08-16 11:40:35.511820637 +0200
+@@ -384,10 +384,13 @@ static int removeListenFilter(const CMPI
+ 	free (lf->lf_namespace);
+       }
+       free(lf);
++      lf = NULL;
+       state=0;
+     }
+-    prev = lf;
+-    lf = lf->lf_next;
++    if (lf) {
++      prev = lf;
++      lf = lf->lf_next;
++    }
+   }
+   pthread_mutex_unlock(&listenMutex);
+   return state;
diff --git a/SOURCES/sblim-gather-2.2.9-fix-use-of-temp-paths.patch b/SOURCES/sblim-gather-2.2.9-fix-use-of-temp-paths.patch
new file mode 100644
index 0000000..65cd02d
--- /dev/null
+++ b/SOURCES/sblim-gather-2.2.9-fix-use-of-temp-paths.patch
@@ -0,0 +1,134 @@
+diff -up sblim-gather-2.2.9/plugin/metricVirt.c.orig sblim-gather-2.2.9/plugin/metricVirt.c
+--- sblim-gather-2.2.9/plugin/metricVirt.c.orig	2014-10-09 23:29:10.000000000 +0200
++++ sblim-gather-2.2.9/plugin/metricVirt.c	2021-08-19 14:29:14.500341897 +0200
+@@ -31,6 +31,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <unistd.h>
+ 
+ #define PIDDIR "/var/run/libvirt/qemu/"
+ #define L_piddir 22
+@@ -239,7 +240,8 @@ static void collectDomainSchedStats(int
+     FILE * fd = NULL;
+     char * pidfile = NULL;
+     char * tidfile = NULL;
+-    char tmpfile[L_tmpnam];
++    char pidtmpfile[] = "/tmp/pidtmp-XXXXXX";
++    int tfd = -1;
+     char cmdbuf[128];
+     char buf[bufsize];
+     int * tids = NULL;
+@@ -266,10 +268,12 @@ static void collectDomainSchedStats(int
+     
+     /* determine thread ids for each vcpu via ps */
+     if (pid) {
+-        if (tmpnam(tmpfile)) {
+-            sprintf(cmdbuf, "ps --no-headers -p %d -Lo lwp > %s", pid, tmpfile);
++        tfd = mkstemp(pidtmpfile);
++        if (tfd != -1) {
++            unlink(pidtmpfile);
++            sprintf(cmdbuf, "ps --no-headers -p %d -Lo lwp > %s", pid, pidtmpfile);
+             if (system(cmdbuf) == 0) {
+-                if ((fd = fopen(tmpfile, "r")) != NULL) {
++                if ((fd = fdopen(tfd, "r")) != NULL) {
+                     /* ignore master thread (vm pid) */
+                     fgets(buf, bufsize, fd);
+                     
+@@ -282,7 +286,6 @@ static void collectDomainSchedStats(int
+                     fclose(fd);
+                 }
+             }
+-            remove(tmpfile);
+         }
+     }
+     
+@@ -293,17 +296,20 @@ static void collectDomainSchedStats(int
+         /* for each vcpu/tid grab stats from /proc/$pid/task/$tid/sched */
+         for (i = 0; i < domain_statistics.vcpus[cnt]; i++) {
+             float used, ready;
++            char tidtmpfile[] = "/tmp/tidtmp-XXXXXX";
+             
+-            if (tmpnam(tmpfile)) {
++            tfd = mkstemp(tidtmpfile);
++            if (tfd != -1) {
++                unlink(tidtmpfile);
+                 sprintf(tidfile, "%s%d%s%d%s", PROC, pid, TASK, tids[i], SCHED);
+                 
+                 /* interested in se.sum_exec_runtime and se.wait_sum */           
+                 sprintf(cmdbuf, "cat %s | awk '/exec_runtime/ || /wait_sum/ {print $3}' > %s",
+-                    tidfile, tmpfile);
++                    tidfile, tidtmpfile);
+                 
+                 /* stats are in floating point ms, convert to microseconds */
+                 if (system(cmdbuf) == 0) {
+-                    if ((fd = fopen(tmpfile, "r")) != NULL) {
++                    if ((fd = fdopen(tfd, "r")) != NULL) {
+                         fgets(buf, bufsize, fd);
+                         sscanf(buf, "%f", &used);
+                         used = used * 1000;
+@@ -317,7 +323,6 @@ static void collectDomainSchedStats(int
+                         fclose(fd);
+                     }
+                 }
+-                remove(tmpfile);
+             }
+             
+         }
+diff -up sblim-gather-2.2.9/reposdump.c.orig sblim-gather-2.2.9/reposdump.c
+--- sblim-gather-2.2.9/reposdump.c.orig	2014-10-09 23:29:11.000000000 +0200
++++ sblim-gather-2.2.9/reposdump.c	2021-08-19 14:33:27.612564618 +0200
+@@ -55,6 +55,7 @@ int main(int argc, char * argv[])
+   /* output file handling */
+   char fname[400];
+   char *dumpdir;
++  int tfd;
+   FILE * fhdl;
+   /* rrepos API related */
+   char **plugins;
+@@ -119,7 +120,8 @@ int main(int argc, char * argv[])
+ 
+   /* we will need the current time later on */
+   now = time(NULL);
+-  strcpy(timestr,time_chars_unsafe(now));
++  strncpy(timestr, time_chars_unsafe(now), sizeof(timestr)-1);
++  timestr[sizeof(timestr)-1] = '\0';
+ 
+   /* construct output filename and open for writing */
+   if (argc > 3) {
+@@ -127,8 +129,14 @@ int main(int argc, char * argv[])
+   } else {
+     dumpdir = "/tmp";
+   }
+-  sprintf(fname,"%s/reposd-dump-%s.out",dumpdir,timestr);
+-  fhdl = fopen(fname,"w");
++  snprintf(fname, sizeof(fname)-1, "%s/reposd-dump-%s-XXXXXX.out", dumpdir, timestr);
++  fname[sizeof(fname)-1] = '\0';
++  tfd = mkstemps(fname, 4);
++  if (tfd == -1) {
++    fprintf(stderr, "Could not create %s\n", fname);
++    return REPOSDUMP_FILEWRITE;
++  }
++  fhdl = fdopen(tfd,"w");
+   if (fhdl == NULL) {
+     fprintf(stderr, "Could not open %s for writing\n", fname);
+     return REPOSDUMP_FILEWRITE;
+diff -up sblim-gather-2.2.9/slisten.c.orig sblim-gather-2.2.9/slisten.c
+--- sblim-gather-2.2.9/slisten.c.orig	2014-10-09 23:29:11.000000000 +0200
++++ sblim-gather-2.2.9/slisten.c	2021-08-19 14:29:14.501341906 +0200
+@@ -64,6 +64,7 @@ static void subs_listener_cleanup(void *
+   /* reset to initial state */
+   long fds = (long)fdsocket;
+   close(fds);
++  close(fdsockfile);
+   unlink(listener);
+   strcpy(listener,SOCKFILE_TEMPLATE);
+   fdsockfile=-1;
+@@ -139,7 +140,6 @@ int add_subscription_listener(char *list
+     M_TRACE(MTRACE_DETAILED,MTRACE_RREPOS,
+ 	    ("listener socket name = %s",listener));
+     if (fdsockfile != -1) {
+-      close(fdsockfile);
+       unlink(listener);
+       pthread_create(&pt_listener,NULL,subs_listener,NULL);
+       pthread_detach(pt_listener);
diff --git a/SPECS/sblim-gather.spec b/SPECS/sblim-gather.spec
index 845e5c6..2895d4c 100644
--- a/SPECS/sblim-gather.spec
+++ b/SPECS/sblim-gather.spec
@@ -3,7 +3,7 @@
 
 Name:           sblim-gather
 Version:        2.2.9
-Release:        23%{?dist}
+Release:        24%{?dist}
 Summary:        SBLIM Gatherer
 
 License:        EPL
@@ -42,6 +42,10 @@ Patch6:         sblim-gather-2.2.9-prov-reg-sfcb-systemd.patch
 Patch7:         sblim-gather-2.2.9-remove-assoc-conflict.patch
 # Patch9: fix link fail with gcc-10 (patch by Jeff Law)
 Patch9:         sblim-gather-2.2.9-inline.patch
+# Patch10: fix important issues found by coverity scan
+Patch10:        sblim-gather-2.2.9-covscan-fixes.patch
+# Patch11: fix incorrect use of temporary paths
+Patch11:        sblim-gather-2.2.9-fix-use-of-temp-paths.patch
 
 Requires:       cim-server
 Requires(post): systemd
@@ -99,6 +103,8 @@ tar xfvz %{SOURCE4}
 %patch7 -p1 -b .remove-assoc-conflict
 %patch8 -p1 -b .remove-cxx-check
 %patch9 -p1 -b .inline
+%patch10 -p1 -b .covscan-fixes
+%patch11 -p1 -b .fix-use-of-temp-paths
 
 %build
 %ifarch s390 s390x ppc ppc64
@@ -294,6 +300,12 @@ fi
 %ldconfig_postun provider
 
 %changelog
+* Tue Aug 24 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.9-24
+- Fix important coverity issues
+  Resolves: #1989603
+- Fix incorrect use of temporary paths
+  Resolves: #1989605
+
 * Wed Jul 21 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.2.9-23
 - Fix undefined symbol in libmetricKvm plugin
 - Fix tmpfiles path