#perl

File Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Ubuntu Security Notice 6992-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.

Ubuntu Security Notice 6990-1 - Johannes Kuhn discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server.

It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally

Ubuntu Security Notice 6985-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.

Ubuntu Security Notice 6988-1 - It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. It was discovered that Twisted did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection leading to a cross-site scripting attack.

**Name**: ASA-2024-009: State syncing validator from malicious node may lead to a chain split **Component**: CometBFT **Criticality**: Medium ([ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md): I:Moderate; L: Possible) **Affected versions**: >= 0.34.0, <= 0.34.33, >=0.37.0, <= 0.37.10, >= 0.38.0, <= 0.38.11 ### Summary The state sync protocol retrieves a snapshot of the application and installs it in a fresh node. In order for this node to be ready to run consensus and block sync from the installed snapshot height, we also need to install a valid `State` in the node, which is the starting state from which it is able to validate new blocks and append them to the blockchain. The `State` object used by state sync is computed using the light client protocol, which retrieves information about committed blocks from at least two RPC endpoints. The light client protocol performs several state validations and, in particular, compares the state p...

Taskhub version 2.8.8 suffers from an ignored default credential vulnerability.

Ubuntu Security Notice 6982-1 - It was discovered that Dovecot did not not properly have restrictions on the size of address headers. A remote attacker could possibly use this issue to cause denial of service.

Online Musical Instrument Shop IN version 1.0 suffers from a cross site scripting vulnerability.