WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

CVE-2024-23380 Use After Free in Graphics

Memory corruption while handling user packets during VBO bind...

CVE-2024-23380 Use After Free in Graphics

Memory corruption while handling user packets during VBO bind...

CVE-2024-23373 Use After Free in Graphics

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...

CVE-2024-23373 Use After Free in Graphics

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...

CVE-2024-23372 Integer Overflow or Wraparound in Graphics

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...

CVE-2024-23372 Integer Overflow or Wraparound in Graphics

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...

CVE-2024-23368 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Qualcomm IPC

Memory corruption when allocating and accessing an entry in an SMEM...

CVE-2024-23368 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Qualcomm IPC

Memory corruption when allocating and accessing an entry in an SMEM...

CVE-2024-21482 Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Boot Loader

Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs...

CVE-2024-21482 Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Boot Loader

Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs...

CVE-2024-21469 Permissions, Privileges, and Access Control issues in TZ Secure OS

Memory corruption when an invoke call and a TEE call are bound for the same trusted...

CVE-2024-21469 Permissions, Privileges, and Access Control issues in TZ Secure OS

Memory corruption when an invoke call and a TEE call are bound for the same trusted...

CVE-2024-21466 Integer Underflow (Wrap or Wraparound) in WLAN Host Communication

Information disclosure while parsing sub-IE length during new IE...

CVE-2024-21466 Integer Underflow (Wrap or Wraparound) in WLAN Host Communication

Information disclosure while parsing sub-IE length during new IE...

CVE-2024-21465 Buffer Over-read in Trusted Execution Environment

Memory corruption while processing key blob passed by the...

CVE-2024-21465 Buffer Over-read in Trusted Execution Environment

Memory corruption while processing key blob passed by the...

CVE-2024-21462 Buffer Over-read in TZ Secure OS

Transient DOS while loading the TA ELF...

CVE-2024-21462 Buffer Over-read in TZ Secure OS

Transient DOS while loading the TA ELF...

CVE-2024-21461 Double Free in HLOS

Memory corruption while performing finish HMAC operation when context is freed by...

CVE-2024-21461 Double Free in HLOS

Memory corruption while performing finish HMAC operation when context is freed by...

CVE-2024-21460 Use of Insufficiently Random Values in Core

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...

CVE-2024-21460 Use of Insufficiently Random Values in Core

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...

CVE-2024-21458 Buffer Over-read in WLAN HOST

Information disclosure while handling SA query action...

CVE-2024-21458 Buffer Over-read in WLAN HOST

Information disclosure while handling SA query action...

CVE-2024-21457 Buffer Over-read in WLAN Host Communication

INformation disclosure while handling Multi-link IE in beacon...

CVE-2024-21457 Buffer Over-read in WLAN Host Communication

INformation disclosure while handling Multi-link IE in beacon...

CVE-2024-21456 Buffer Over-read in WLAN HOST

Information Disclosure while parsing beacon frame in...

CVE-2024-21456 Buffer Over-read in WLAN HOST

Information Disclosure while parsing beacon frame in...

CVE-2023-43554 Improper Restriction of Operations withing the Bounds of a Memory Buffer in DSP Services

Memory corruption while processing IOCTL handler in...

CVE-2023-43554 Improper Restriction of Operations withing the Bounds of a Memory Buffer in DSP Services

Memory corruption while processing IOCTL handler in...

CVE-2024-4007

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly...

CVE-2024-4007

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly...

CVE-2024-4007 Hard coded default credential contained in install package

Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly...

End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities

At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research,...

Security Bulletin: IBM Automation Decision Services for May 2024 - Multiple CVEs addressed

Summary "IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed." Vulnerability Details ** CVEID:...

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH's...

Juniper Networks Releases Critical Security Update for Routers

Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. "An Authentication Bypass Using....

Security Bulletin: User configuration failures in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2023-50312)

Summary IBM Storage Protect Operations Center may be affected by user configuration failures in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than...

Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-27270)

Summary IBM Storage Protect Operations Center may be affected by cross-site scripting vulnerability due to servlet-6.0 feature enabled in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3...

Security Bulletin: Server-side request forgery vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-22329)

Summary IBM Storage Protect Operations Center may be affected by server-side request forgery vulnerability in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...

Security Bulletin: Denial of service caused by jose4j in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center

Summary IBM Storage Protect Operations Center may be affected by denial of service caused by jose4j in IBM WebSphere Application Server Liberty. CVE-2023-51775. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by improper input...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity and availability of host system. This bulletin identifies the steps to address the vulnerabilities. CVE-2023-45285, CVE-2023-39326, CVE-2023-45283...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2023-45283, CVE-2023-45284)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity of host system, caused by failure related with filepath and safefilepath packages. This bulletin identifies the steps to address the vulnerabilities....

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go (CVE-2024-24785, CVE-2023-45289, CVE-2024-24783, CVE-2023-45290, CVE-2024-24784)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to denial of service, loss of confidentiality, integrity and availability of host system. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Storage Protect Server may be vlunerable to machine-in-the-middle attack due to Golang Go (CVE-2023-48795)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. Vulnerability Details ** CVEID:...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to denial of service, loss of confidentiality and availability of host system. This bulletin identifies the steps to address the vulnerabilities. CVE-2023-39318, CVE-2023-39321, CVE-2023-39319,...

Security Bulletin: IBM Storage Protect Server may be susceptible to loss of confidentiality vulnerability due to Golang Go (CVE-2023-45287)

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality caused by timing-side channel attack in RSA based key exchange methods used in crypto/tls. Vulnerability Details ** CVEID: CVE-2023-45287 DESCRIPTION: **Golang Go could...

Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to execution of arbitrary code caused by improper enforvement of line directive restrictions, and denial of service caused by an uncontrolled resource consumption flaw in the net/http and...