#perl

Bang Resto version 1.0 suffers from an information disclosure vulnerability.

Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window.

Ubuntu Security Notice 6980-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to properly enforce permissions which allows a user with systems manager role with read-only access to teams to perform write operations on teams.

Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL.

Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Classic that was released by Shanghai Fudan Microelectronics in 2020. "The FM11RF08S backdoor enables any

Ubuntu Security Notice 6977-1 - It was discovered that QEMU did not properly handle certain memory operations, which could result in a buffer overflow. An attacker could potentially use this issue to cause a denial of service. It was discovered that QEMU did not properly handle certain memory operations, which could result in an out-of-bounds memory access. An attacker could potentially use this issue to cause a denial of service.

Ubuntu Security Notice 6971-1 - It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system.

Online Banking System version 1.0 suffers from an arbitrary file upload vulnerability.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MOBOTIX Equipment: P3 Cameras, Mx6 Cameras Vulnerability: Improper Neutralization of Expression/Command Delimiters 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to achieve remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of MOBOTIX are affected: P3 D24M: MX-V4.1.4.11, MX-V4.1.4.70, MX-V4.1.6.25, MX-V4.1.6.27, MX-V4.1.9.29, MX-V4.1.10.28, MX-V4.1.10.35, MX-V4.2.1.43, MX-V4.2.1.61, MX-V4.3.0.15, MX-V4.3.2.45, MX-V4.3.2.53, MX-V4.3.2.68, MX-V4.3.2.72, MX-V4.3.2.77, MX-V4.3.4.50, MX-V4.3.4.66, MX-V4.3.4.83, MX-V4.4.0.31, MX-V4.4.0.31.r1, MX-V4.4.1.55, MX-V4.4.1.56, MX-V4.4.2.34, MX-V4.4.2.51.r1, MX-V4.4.2.69, MX-V4.4.2.73 P3 M24M: MX-V4.1.4.11, MX-V4.1.4.70, MX-V4.1.6.25, MX-V4.1.6.27, MX-V4.1.9.29, MX-V4.1.10.28, MX-V4.1.10.35, MX-V4.2.1.43, MX-V4.2.1.61, MX-V4.3.0.15, MX-V4.3.2.45, MX-V...