CVE-2024-2658 Local privilege escalation in FlexNet Publisher

A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 11.19.6.0 allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted...

PT-2025-1303 · Teamviewer · Teamviewer

Name of the Vulnerable Software and Affected Versions: TeamViewer versions prior to 15.62 Description: The issue is related to improper neutralization of argument delimiters in the TeamViewer service.exe component, allowing an attacker with local unprivileged access on a Windows system to elevate...

CVE-2024-57276

In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\SYSTEM privileges,...

MAL-2025-605 Malicious code in monaco-npm (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee69dd8c6692848ff6eb6a9a1ed9dc881a6790a2eb02b4942215ee914d5a77da Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-0543

Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in...

CVE-2025-0543 G DATA Security Client Local privilege escalation

Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in...

CVE-2025-0543 G DATA Security Client Local privilege escalation

Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in...

CVE-2025-0543

CVE-2025-0543 describes a local privilege escalation in the G DATA Security Client caused by incorrect assignment of directory privileges. An unprivileged local attacker can escalate to SYSTEM by placing an arbitrary executable in a globally writable directory, which is then executed by the Setup...

CVE-2024-40693

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing furth...

CVE-2024-25034

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attac...

CVE-2024-25034

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attac...

CVE-2024-40693 IBM Planning Analytics file upload

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing furth...

CVE-2024-25034

CVE-2024-25034 affects IBM Planning Analytics 2.0 and 2.1, where the File Manager T1 process does not validate file types, allowing upload of executable/malicious files. IBM’s Security Bulletin notes this as a Malicious File Upload vulnerability (CWE-434) with high impact (CVE has base scores up ...

CVE-2024-25034 IBM Planning Analytics file upload

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attac...

CVE-2024-25034 IBM Planning Analytics file upload

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attac...

Node.js < 18.20.6, 20.x < 20.18.2, 21.x < 22.13.1, 23.x < 23.6.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

Oracle OpenJDK 11.x - 23.x Vulnerability (Jan 2025)

Oracle OpenJDK is prone to a vulnerability in the hotspot/compiler component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-FQMF-W4XH-33RH gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

UBUNTU-CVE-2025-22620

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...