CVE-2025-22620 gix-worktree-state nonexclusive checkout sets executable files world-writable

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

CVE-2024-51448

IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.ex...

CVE-2024-51448

CVE-2024-51448 affects IBM Robotic Process Automation versions 21.0.0–21.0.7.17 and 23.0.0–23.0.18. The root cause is insecure inherited permissions: all install files inherit the parent directory’s permissions, allowing a non-privileged user to substitute any executable for the nssm.exe service....

gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

RUSTSEC-2025-0001 gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

Exploit for CVE-2024-40094

CVE-2024-40094 ENF ExecutableNormalizedFields Denial of Serv...

CVE-2024-55511

A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows a local attacker to cause a system crash or potentially elevate their privileges via executing a specially crafted executable...

Macrium Reflect 安全漏洞

Macrium Reflect is a backup utility for Microsoft Windows from Macrium. A security vulnerability exists in Macrium Reflect versions prior to 8.1.8017, which stems from the presence of a null pointer dereference that allows an attacker to elevate its privileges by executing a specially crafted...

CyberPower PowerPanel Business 授权问题漏洞

CyberPower PowerPanel Business CyberPower PPB is a state-of-the-art power management software from CyberPower, Inc. designed to monitor and manage CyberPower UPS systems and networked ATS/PDUs. CyberPower PowerPanel Business version 4.11.0 suffers from an authorization issue vulnerability that...

Bitdefender Antivirus Free 代码问题漏洞

Bitdefender Antivirus Free is a free version of a suite of antivirus software from the Romanian company Bitdefender that primarily provides cyber threat detection and ransomware protection. Bitdefender Antivirus Free 2020 suffers from a code issue vulnerability that stems from an untrusted search...

Ovidentia 代码问题漏洞

Ovidentia is an open source content management system and collaboration platform based on PHP and MySQL from the French team Cantico, which can be used for publishing and managing projects, publication and article management, schedule sharing, and more. A security vulnerability exists in Ovidenti...

CVE-2022-41573

CVE-2022-41573 affects Ovidentia 8.3. The file upload feature does not prevent executable files; a user can upload a PHP-embedded PNG and rename it to .php, making it accessible at an images/common/ URI and enabling remote code execution. The available sources describe the impact (remote code exe...

MAL-2024-12338 Malicious code in requesr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b792f17b467610a1021820a7718884aa436487a9ec75d5ebf889d400efeaec24 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

Malicious code in requesr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b792f17b467610a1021820a7718884aa436487a9ec75d5ebf889d400efeaec24 Importing the module downloads and starts an infostealer attempting to exfiltrate data and establishing persistence through autorun directory. --- Category:...

Amazon Linux 2 : NetworkManager-libreswan (ALAS-2024-2703)

The version of NetworkManager-libreswan installed on the remote host is prior to 1.2.4-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2703 advisory. A flaw was found in the libreswan client plugin for NetworkManager NetkworkManager-libreswan, where it fails to...

CVE-2024-40695

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can ...

CVE-2024-40695

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can ...

CVE-2024-40695

CVE-2024-40695 affects IBM Cognos Analytics 11.2.0–11.2.4 FP4 and 12.0.0–12.0.4, where a Malicious File Upload flaw arises from not validating uploaded file contents via the web interface. This allows an attacker to upload executable files that could be processed by the product and used for furth...

CVE-2024-40695 IBM Cognos Analytics file upload

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can ...

PT-2024-28988 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP4 IBM Cognos Analytics versions 12.0.0 through 12.0.4 Description: The issue is related to a malicious file upload vulnerability due to the lack of validation of the content of uploaded...