WooCommerce – Product Importer Security Vulnerabilities

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated,...

CVE-2023-44487 affecting package containerized-data-importer for versions less than 1.55.0-15

CVE-2023-44487 affecting package containerized-data-importer for versions less than 1.55.0-15. A patched version of the package is...

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Application Server Liberty shipped with with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issues. Vulnerability Details ** CVEID: CVE-2024-25026 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

Security Bulletin: TSSC/IMC is vulnerable to low availability, low integrity and low confidentiality due to Java SE

Summary TSSC/IMC is vulnerable to low availability, low integrity and low confidentiality due to Java SE. A patch has been provided that updates the Java SE library. CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193. Vulnerability Details ** CVEID:...

Security Bulletin: TSSC/IMC is vulnerable to aritrary code execution due to Linux Kernel

Summary TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel. A patch that updates the Kernel library has been provided. CVE-2023-2002, CVE-2023-3090, CVE-2023-3390, CVE-2023-3776, CVE-2023-4004, CVE-2023-20593, CVE-2023-35001, CVE-2023-35788. Vulnerability Details ** CVEID:...

Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to systemd

Summary TSSC/IMC is vulnerable to arbitrary code execution due to systemd. A patch has been provided that updates the systemd library. CVE-2023-26604. Vulnerability Details ** CVEID: CVE-2023-26604 DESCRIPTION: **systemd could allow a local authenticated attacker to gain elevated privileges on...

Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel

Summary TSSC/IMC is vulnerable to aritrary code excecution due to kernel. A patch has been provided that updates the kernel library. CVE-2022-42896, CVE-2023-1281, CVE-2023-1829, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235. Vulnerability Details ** CVEID: CVE-2022-42896 DESCRIPTION: **Linux...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to stored cross-site scripting (CVE-2024-28794)

Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28794 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

Security Bulletin: Denial of service and password enumeration might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2023-45288, CVE-2024-25031, CVE-2024-38322, CVE-2024-33883. Vulnerability Details ** CVEID: CVE-2023-45288 ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21094 DESCRIPTION: **An unspecified vulnerability in Java SE related...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to denial of service due to IBM WebSphere Application Server Liberty (CVE-2024-25026)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-38355]

Summary Socket.IO is used by IBM App Connect Enterprise Certified Container for real-time UI updates. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service.(CVE-2024-25026)

Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. (CVE-2024-27268)

Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to XML External Entity Injection attack due to IBM WebSphere Application Server Liberty (CVE-2024-22354)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to cross-site scripting due to IBM WebSphere Application Server Liberty (CVE-2024-27270)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to denial of service due to IBM WebSphere Application Server Liberty (CVE-2024-22353)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to server-side request forgery due to IBM WebSphere Application Server Liberty (CVE-2024-22329)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to denial of service due to IBM WebSphere Application Server Liberty (CVE-2024-27268)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to denial of service due to IBM WebSphere Application Server Liberty (CVE-2023-51775)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery. (CVE-2024-22329)

Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID:...

CVE-2024-23372

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...

CVE-2024-23373

Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...

CVE-2024-23380

Memory corruption while handling user packets during VBO bind...

CVE-2024-23372

Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...

CVE-2024-23380

Memory corruption while handling user packets during VBO bind...

CVE-2024-21482

Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs...

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted...

CVE-2024-21466

Information disclosure while parsing sub-IE length during new IE...

CVE-2024-21482

Memory corruption during the secure boot process, when the bootm command is used, it bypasses the authentication of the kernel/rootfs...

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM...

CVE-2024-21469

Memory corruption when an invoke call and a TEE call are bound for the same trusted...

CVE-2024-23368

Memory corruption when allocating and accessing an entry in an SMEM...

CVE-2024-21466

Information disclosure while parsing sub-IE length during new IE...

CVE-2024-21465

Memory corruption while processing key blob passed by the...

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by...

CVE-2024-21461

Memory corruption while performing finish HMAC operation when context is freed by...

CVE-2024-21460

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...

CVE-2024-21462

Transient DOS while loading the TA ELF...

CVE-2024-21460

Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...

CVE-2024-21462

Transient DOS while loading the TA ELF...

CVE-2024-21465

Memory corruption while processing key blob passed by the...

CVE-2024-21456

Information Disclosure while parsing beacon frame in...

CVE-2024-21456

Information Disclosure while parsing beacon frame in...

CVE-2024-21458

Information disclosure while handling SA query action...

CVE-2023-43554

Memory corruption while processing IOCTL handler in...

CVE-2023-43554

Memory corruption while processing IOCTL handler in...

CVE-2024-21457

INformation disclosure while handling Multi-link IE in beacon...