KIWIZ Invoices Certification & PDF System Security Vulnerabilities

JA4+ - Suite Of Network Fingerprinting Standards

JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session.....

[SECURITY] [DLA 3819-1] fossil security update

Debian LTS Advisory DLA-3819-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 25, 2024 https://wiki.debian.org/LTS Package : fossil Version : 1:2.8-1+deb10u1 CVE ID :...

[SECURITY] [DLA 3818-1] apache2 security update

Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS Package : apache2 Version : 2.4.59-1~deb10u1 CVE ID :...

K000139525: Libexpat vulnerability CVE-2022-43680

Security Advisory Description In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680) Impact System performance degradation can occur until the process is forced to restart.....

Foxit PDF Editor < 13.1.2 Vulnerability

According to its version, the Foxit PDF Editor application (previously named Foxit PhantomPDF) installed on the remote Windows host is prior to 13.1.2. It is, therefore affected by vulnerability: Addressed potential issues where the application could be exposed to Time-of-Check Time-of-Use...

Debian dla-3818 : apache2 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3818 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3818-1 [email protected] ...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details ** CVEID: CVE-2023-34054 DESCRIPTION: **VMware Tanzu Reactor Netty is vulnerable to a denial of service, caused by a flaw when built-in integration with Micrometer is enabled. By sending...

BIT-hubble-relay-2022-29178

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000....

Jenkins Report Info Plugin Path Traversal vulnerability

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permission....

Jenkins Report Info Plugin Path Traversal vulnerability

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files. Additionally, Report Info Plugin does not support distributed builds. This results in a path traversal vulnerability, allowing attackers with Item/Configure permission....

Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation

Summary A privilege escalation vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4185 DESCRIPTION: IBM InfoSphere Information Server containers are vulnerable to privilege escalation due to an insecurely configured component. CVSS Base Score:...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details ** CVEID: CVE-2024-25180 DESCRIPTION: **pdfmake could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input....

[SECURITY] [DSA 5699-1] redmine security update

Debian Security Advisory DSA-5699-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2024 https://www.debian.org/security/faq Package : redmine CVE ID : CVE-2023-47258 CVE-2023-47259...

[SECURITY] [DSA 5698-1] ruby-rack security update

Debian Security Advisory DSA-5698-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 24, 2024 https://www.debian.org/security/faq Package : ruby-rack CVE ID : CVE-2024-25126 CVE-2024-26141...

[SECURITY] [DSA 5697-1] chromium security update

Debian Security Advisory DSA-5697-1 [email protected] https://www.debian.org/security/ Andres Salomon May 24, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-5274 A security issue...

CVE-2021-47563

In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue count on an...

CVE-2021-47554

In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: avoid putting an uninitialized iova_domain The system will crash if we put an uninitialized iova_domain, this could happen when an error occurs before initializing the iova_domain in vdpasim_create(). BUG: kernel NULL...

CVE-2021-47553

In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringup_cpu() To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left around for each of the....

CVE-2021-47563 ice: avoid bpf_prog refcount underflow

In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue count on an...

CVE-2021-47554 vdpa_sim: avoid putting an uninitialized iova_domain

In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: avoid putting an uninitialized iova_domain The system will crash if we put an uninitialized iova_domain, this could happen when an error occurs before initializing the iova_domain in vdpasim_create(). BUG: kernel NULL...

CVE-2021-47553 sched/scs: Reset task stack state in bringup_cpu()

In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringup_cpu() To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left around for each of the....

Dolibarr vulnerable to SQL Injection

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters in...

Dolibarr vulnerable to SQL Injection

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters in...

Dolibarr vulnerable to SQL Injection

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...

Dolibarr vulnerable to SQL Injection

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...

CVE-2024-35593

An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-35592

An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-35595

An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-35591

An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by.....

CVE-2024-35592

An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-35591

An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by.....

CVE-2024-35593

An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2024-35595

An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF...

CVE-2023-49574

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

CVE-2023-49575

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....

CVE-2023-49572

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...

CVE-2023-49573

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....

CVE-2023-49575 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....

CVE-2023-49574 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

CVE-2023-49573 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....

CVE-2023-49572 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...

CVE-2024-5315

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in...

CVE-2024-5314

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...

CVE-2024-5315 Multiple vulnerabilities in DOLIBARR's ERP CMS

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in...

CVE-2024-5314 Multiple vulnerabilities in DOLIBARR's ERP CMS

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...

BIT-git-2024-32002

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory......

BIT-git-2024-32004

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...

BIT-git-2024-32020

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...