CVE-2025-12985

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image...

CVE-2025-12985 License Service: Privilege escalation vulnerability

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image...

CVE-2025-12985 License Service: Privilege escalation vulnerability

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image...

CVE-2025-36193

IBM Transformation Advisor is affected by CVE-2025-36193, with versions 2.0.1 through 4.3.1 vulnerable to privilege escalation due to incorrect permissions on security-critical files, enabling local root escalation inside the IBM Transformation Advisor Operator Catalog container. The Red Hat secu...

PT-2025-35826

Name of the Vulnerable Software and Affected Versions IBM Transformation Advisor versions 2.0.1 through 4.3.1 Description IBM Transformation Advisor incorrectly assigns privileges to security critical files. This could allow a local root escalation within a container running the IBM Transformatio...

CVE-2023-51444 GeoServer arbitrary file upload vulnerability in REST Coverage Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the...

Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API

Summary An arbitrary file upload vulnerability exists that enables an authenticated administrator with permissions to modify coverage stores through the REST Coverage Store API to upload arbitrary file contents to arbitrary file locations which can lead to remote code execution. Details Coverage...

CVE-2022-40756

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...

CVE-2022-40756

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 v15.11.005, Patch Update 4 for Zen 15 v15.01.017, or Patch Update 5 for Zen 14 SP2 v14.21.022, it can allow an attacker with file read/write access to remove specific security files in order to reset the...

Actian Zen 安全漏洞

Actian Zen is a suite of embedded databases from Actian Corporation in the United States. A security vulnerability exists in Actian Zen PSQL BEFORE versions v15.11.005, v15.01.017, and v14.21.022 that stems from a folder security misconfiguration. An attacker exploiting this vulnerability could...

New Windows and Linux Flaws Give Attackers Highest System Privileges

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even...

迈克菲 McAfee Endpoint Security 访问控制错误漏洞

McAfee Endpoint Security ENS is McAfee's antivirus product that provides comprehensive protection against network security threats. An improper access control vulnerability exists in McAfee Endpoint Security for Windows. An attacker could exploit the vulnerability to prevent the installation of...

PYSEC-2019-176

python-docutils allows insecure usage of temporary files...

CVE-2017-1541

A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809...

Directory Traversal in Sun iPlanet Administration Server 5.1

Text of original posting to Sun: Originator: EDS Information Assurance Group - Jim Hardisty, Mark Brewis Date of Contact: 22nd April 2003 Issue:During a recent Penetration Test, a member of the team, Jim Hardisty, identified an issue with an installation of iPlanet Administration Express. It is...