CVE-2024-45301 ZDI-CAN-24744: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an...

CVE-2024-45301 ZDI-CAN-24744: Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability

Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in a specific path. It is triggered by simply printing them out on bash. An attacker can specify an arbitrary network path, negotiate an...

Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.13 CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905...

SUSE-SU-2025:4086-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.13 - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753 - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability bsc1252905 -...

Security Bulletin: IBM webMethods BPM is affected by multiple vulnerabilities

Summary Vulnerabilities due to Apache tomcat have been addressed in IBM webMethods BPM. Vulnerability Details CVEID:CVE-2025-52520 DESCRIPTION: For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits...

CVE-2025-11697

A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot...

PT-2025-46733

Name of the Vulnerable Software and Affected Versions Ozeki SMS Gateway versions up to and including 10.3.208 Description Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal issue. A successful exploit allows an unauthenticated attacker to read arbitrary files from th...

Enhancing Password Security through a High-Accuracy Scoring Framework Using Random Forests

Password security plays a crucial role in cybersecurity, yet traditional password strength meters, which rely on static rules like character-type requirements, often fail. Such methods are easily bypassed by common password patterns e.g., 'P@ssw0rd1!', giving users a false sense of security. To...

mintty 输入验证错误漏洞

mintty is the Cygwin terminal emulator for the mintty open source application, also available for MSYS and Msys2. An input validation error vulnerability exists in mintty versions 2.3.6 through 3.7.4, which stems from mishandling of escape sequences and can lead to NTLM hash disclosure...

EulerOS 2.0 SP12 : aide (EulerOS-SA-2025-2346)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An...

VulnCheck KEV: CVE-2022-4982

DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers frame.html and frame.A100.html that accept a path parameter content or sidebar which is not properly validated or canonicalized. An attacker c...

Huawei EulerOS: Security Advisory for aide (EulerOS-SA-2025-2346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for aide (EulerOS-SA-2025-2405)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-46728

Name of the Vulnerable Software and Affected Versions Longjing Technology BEMS API versions up to and including 1.21 Description The software contains an unauthenticated arbitrary file download issue in the 'downloads' endpoint. The fileName parameter lacks proper sanitization, enabling attackers...

PT-2025-46730

Name of the Vulnerable Software and Affected Versions DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 Description The GoIP-1 device firmware contains a local file inclusion issue. The web server exposes handlers frame.html and frame.A100.html that accept a path parameter conte...

EulerOS 2.0 SP10 : aide (EulerOS-SA-2025-2405)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An...

EulerOS 2.0 SP10 : aide (EulerOS-SA-2025-2377)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An...

EulerOS 2.0 SP12 : aide (EulerOS-SA-2025-2315)

According to the versions of the aide package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An...

Huawei EulerOS: Security Advisory for aide (EulerOS-SA-2025-2377)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for aide (EulerOS-SA-2025-2315)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...