Huawei EulerOS: Security Advisory for aide (EulerOS-SA-2025-2513)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for busybox (EulerOS-SA-2025-2475)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for busybox (EulerOS-SA-2025-2456)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:21152-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : busybox (EulerOS-SA-2025-2456)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence,...

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-48868)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following version...

Qnap QTS and QuTS hero Improper Neutralization of CRLF Sequences (CVE-2024-48867)

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following version...

EulerOS 2.0 SP13 : aide (EulerOS-SA-2025-2492)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An...

EulerOS 2.0 SP13 : aide (EulerOS-SA-2025-2513)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An...

EulerOS 2.0 SP11 : busybox (EulerOS-SA-2025-2475)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv0 containing an ANSI terminal escape sequence,...

The Biosig Project libbiosig MFER parsing multiple stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2025-2296 The Biosig Project libbiosig MFER parsing multiple stack-based buffer overflow vulnerabilities December 11, 2025 CVE Number CVE-2025-66047,CVE-2025-66045,CVE-2025-66044,CVE-2025-66048,CVE-2025-66043,CVE-2025-66046 SUMMARY Several stack-based buffer...

EUVD-2020-30834

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

CVE-2021-47724

STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read...

CVE-2020-36898

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

CVE-2020-36898

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

CVE-2020-36898 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

CVE-2020-36898 QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Deletion

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...

CVE-2020-36898

Summary: CVE-2020-36898 affects QiHang Media Web Digital Signage 3.0.9, exposing an unauthenticated file-deletion vulnerability in the QH.aspx endpoint. The issue allows a remote attacker to delete arbitrary files by POSTing a radius of file paths using directory traversal via the data parameter,...

Pyrofork has a Path Traversal in download_media Method

Summary The downloadmedia method in Pyrofork does not sanitize filenames received from Telegram messages before using them in file path construction. This allows a remote attacker to write files to arbitrary locations on the filesystem by sending a specially crafted document with path traversal...

GHSA-6H2F-WJHF-4WJX Pyrofork has a Path Traversal in download_media Method

Summary The downloadmedia method in Pyrofork does not sanitize filenames received from Telegram messages before using them in file path construction. This allows a remote attacker to write files to arbitrary locations on the filesystem by sending a specially crafted document with path traversal...