#perl

Ubuntu Security Notice 6990-1 - Johannes Kuhn discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server.

It’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally

Ubuntu Security Notice 6985-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.

Ubuntu Security Notice 6988-1 - It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. It was discovered that Twisted did not properly sanitize certain input. An attacker could use this vulnerability to possibly execute an HTML injection leading to a cross-site scripting attack.

**Name**: ASA-2024-009: State syncing validator from malicious node may lead to a chain split **Component**: CometBFT **Criticality**: Medium ([ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md): I:Moderate; L: Possible) **Affected versions**: >= 0.34.0, <= 0.34.33, >=0.37.0, <= 0.37.10, >= 0.38.0, <= 0.38.11 ### Summary The state sync protocol retrieves a snapshot of the application and installs it in a fresh node. In order for this node to be ready to run consensus and block sync from the installed snapshot height, we also need to install a valid `State` in the node, which is the starting state from which it is able to validate new blocks and append them to the blockchain. The `State` object used by state sync is computed using the light client protocol, which retrieves information about committed blocks from at least two RPC endpoints. The light client protocol performs several state validations and, in particular, compares the state p...

Taskhub version 2.8.8 suffers from an ignored default credential vulnerability.

Ubuntu Security Notice 6982-1 - It was discovered that Dovecot did not not properly have restrictions on the size of address headers. A remote attacker could possibly use this issue to cause denial of service.

Online Musical Instrument Shop IN version 1.0 suffers from a cross site scripting vulnerability.

Loan Management System 2024 version 1.0 suffers from an ignored default credential vulnerability.

This Metasploit module exploits a directory traversal flaw found in A10 Networks (Soft) AX Loadbalancer version 2.6.1-GR1-P5/2.7.0 or less. When handling a file download request, the xml/downloads class fails to properly check the filename parameter, which can be abused to read any file outside the virtual directory. Important files include SSL certificates. This Metasploit module works on both the hardware devices and the Virtual Machine appliances. IMPORTANT NOTE: This Metasploit module will also delete the file on the device after downloading it. Because of this, the CONFIRM_DELETE option must be set to true either manually or by script.