CVE-2024-25034

CVE-2024-25034 affects IBM Planning Analytics 2.0 and 2.1, where the File Manager T1 process does not validate file types, allowing upload of executable/malicious files. IBM’s Security Bulletin notes this as a Malicious File Upload vulnerability (CWE-434) with high impact (CVE has base scores up ...

CVE-2024-25034 IBM Planning Analytics file upload

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attac...

CVE-2024-25034 IBM Planning Analytics file upload

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attac...

Node.js < 18.20.6, 20.x < 20.18.2, 21.x < 22.13.1, 23.x < 23.6.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

Oracle OpenJDK 11.x - 23.x Vulnerability (Jan 2025)

Oracle OpenJDK is prone to a vulnerability in the hotspot/compiler component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-FQMF-W4XH-33RH gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

UBUNTU-CVE-2025-22620

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

CVE-2025-22620 gix-worktree-state nonexclusive checkout sets executable files world-writable

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

CVE-2024-51448

IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.ex...

CVE-2024-51448

CVE-2024-51448 affects IBM Robotic Process Automation versions 21.0.0–21.0.7.17 and 23.0.0–23.0.18. The root cause is insecure inherited permissions: all install files inherit the parent directory’s permissions, allowing a non-privileged user to substitute any executable for the nssm.exe service....

gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

RUSTSEC-2025-0001 gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

Exploit for CVE-2024-40094

CVE-2024-40094 ENF ExecutableNormalizedFields Denial of Serv...

CVE-2024-55511

A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows a local attacker to cause a system crash or potentially elevate their privileges via executing a specially crafted executable...

Macrium Reflect 安全漏洞

Macrium Reflect is a backup utility for Microsoft Windows from Macrium. A security vulnerability exists in Macrium Reflect versions prior to 8.1.8017, which stems from the presence of a null pointer dereference that allows an attacker to elevate its privileges by executing a specially crafted...

CyberPower PowerPanel Business 授权问题漏洞

CyberPower PowerPanel Business CyberPower PPB is a state-of-the-art power management software from CyberPower, Inc. designed to monitor and manage CyberPower UPS systems and networked ATS/PDUs. CyberPower PowerPanel Business version 4.11.0 suffers from an authorization issue vulnerability that...

Bitdefender Antivirus Free 代码问题漏洞

Bitdefender Antivirus Free is a free version of a suite of antivirus software from the Romanian company Bitdefender that primarily provides cyber threat detection and ransomware protection. Bitdefender Antivirus Free 2020 suffers from a code issue vulnerability that stems from an untrusted search...

Ovidentia 代码问题漏洞

Ovidentia is an open source content management system and collaboration platform based on PHP and MySQL from the French team Cantico, which can be used for publishing and managing projects, publication and article management, schedule sharing, and more. A security vulnerability exists in Ovidenti...

CVE-2022-41573

CVE-2022-41573 affects Ovidentia 8.3. The file upload feature does not prevent executable files; a user can upload a PHP-embedded PNG and rename it to .php, making it accessible at an images/common/ URI and enabling remote code execution. The available sources describe the impact (remote code exe...