#perl

Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.

Covid-19 Contact Tracing System version 1.0 suffers from a cross site scripting vulnerability.

Bhojon Restaurant Management System version 2.9 suffers from an ignored default credential vulnerability.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Use After Free, Improper Input Validation, Deserialization of Untrusted Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption, Out-of-bounds Read, Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'), Privilege Dropping / Lowering Errors, Allocation of Resources Without Limits or Throttling, Execution with Unnecessary Privileges, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Incorrect Authorization 2. RIS...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Location Intelligence Vulnerabilities: Inadequate Encryption Strength, Improper Restriction of Excessive Authentication Attempts, Weak Password Requirements 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read and modify data passed over the connection between legitimate clients and the affected product or brute force user passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Location Intelligence, a web-based application software, are affected: Location Intelligence: All ve...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM RM1224, SCALANCE M-800 Family Vulnerabilities: Uncontrolled Resource Consumption, Improper Input Validation, Exposure of Data Element to Wrong Session, Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to execute arbitrary code, escalate privilege, forge 2FA tokens of other users, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Siemens RUGGEDCOM RM1224 LTE(4G...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC Traffic Analyzer Vulnerabilities: Improper Privilege Management, Improper Restriction of Excessive Authentication Attempts, Improper Access Control, Use of Cache Containing Sensitive Information, Improperly Implemented Security Check for Standard 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption, conduct brute force attacks against legitimate user credentials or keys, get access to sensitive information, read and m...

Kortex version 1.0 suffers from an insecure direct object reference vulnerability.

### Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands ### Patches Fixed in 3.1.2 ### Workarounds No known workarounds

Ubuntu Security Notice 6954-1 - Markus Frank and Fiona Ebner discovered that QEMU did not properly handle certain memory operations, leading to a NULL pointer dereference. An authenticated user could potentially use this issue to cause a denial of service. Xiao Lei discovered that QEMU did not properly handle certain memory operations when specific features were enabled, which could lead to a stack overflow. An attacker could potentially use this issue to leak sensitive information.