#perl

Bhojon Restaurant Management System version 3.0 suffers from an insecure direct object reference vulnerability.

Affected versions of the `alloy-json-abi` crate did not properly handle parsing of malformatted JSON ABI strings. The `JsonAbi::parse` method can be tricked into a stack overflow when processing specially crafted input. This stack overflow can lead to a crash of the application using this crate, potentially causing a denial of service. The flaw was corrected in commit [4790c47](https://github.com/alloy-rs/core/commit/4790c47518024bd391bbd6815b00f501bad76a15).

In a clever scheme designed to abuse Google in more than one way, scammers are redirecting users to browser locks.

Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.”

Ubuntu Security Notice 6961-1 - It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. It was discovered that BusyBox incorrectly managed memory when evaluating certain awk expressions. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS.

Feberr version 13.4 suffers from an ignored default credential vulnerability.

Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.

Covid-19 Contact Tracing System version 1.0 suffers from a cross site scripting vulnerability.

Bhojon Restaurant Management System version 2.9 suffers from an ignored default credential vulnerability.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Use After Free, Improper Input Validation, Deserialization of Untrusted Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption, Out-of-bounds Read, Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'), Privilege Dropping / Lowering Errors, Allocation of Resources Without Limits or Throttling, Execution with Unnecessary Privileges, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Incorrect Authorization 2. RIS...