154 matches found
kernel: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace in...
kernel: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace in...
Security Bulletin: The IBM® Engineering Lifecycle Engineering displays sensitive Information on ADMIN page (CVE-2022-34355).
Summary Application displays Sensitive Information related to the backend technologies like JVM, DB Version, Application Server on ADMIN page. Vulnerability Details CVEID:CVE-2022-34355 DESCRIPTION: IBM Jazz Foundation could disclose sensitive version information to a user that could be used in...
PT-2025-40745
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0+ 132 Description A stack-out-of-bounds read issue exists in the brcmfmac component of the Linux kernel. This occurs when a CLM version string, which is not null-terminated, is passed as an argument to the...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using Liberty are vulnerable to denial of service due to GraphQL Java CVE-2022-37734
Summary The IBM® Engineering Lifecycle Engineering products using Liberty are vulnerable to denial of service due to GraphQL Java, affected features are mpGraphQL-1.0 or mpGraphQL-2.0 . Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products...
CVE-2022-41273
CVE-2022-41273 affects SAP Sourcing and SAP Contract Lifecycle Management (CLM) version 1100, due to improper input sanitization in the affected components. The vulnerability allows an attacker to lure a user into clicking a manipulated link via email, leading the user to log in and subsequently ...
kernel: brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path
In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Release firmwares in the brcmfpciesetup error path This avoids leaking memory if brcmfchipgetraminfo fails. Note that the CLM blob is released in the device remove path...
Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for Denial of Service due to Neko HTML in WebSphere Application Server Liberty (CVE-2022-24839)
Summary The IBM® Engineering Lifecycle Management products on WebSphere Application Server Liberty versions 17.0.0.3 - 22.0.0.10, vulnerbale to Denial of Service due to Neko HTML CVE-2022-24839. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for IBM Java XML vulnerability CVE-2022-21299
Summary A flaw in the XML component allows attackers to inflict a denial-of-service and/or access external entities which should be inaccessible. Vulnerability is identified in Java versions 7.0.11.5 and earlier, 7.1.5.5 and earlier, 8.0.7.5 and earlier. Vulnerability Details Refer to the securit...
Security Bulletin: The IBM® Engineering Lifecycle Management products recommendation for Java CPU CVE-2021-35561
Summary Java version 7.0.11.5 and earlier, 7.1.5.5 and earlier, 8.0.7.6 and earlier are affected by a flaw in the java.util component allows an attacker to inflict a denial of service via malicious serialized data which triggers an OutOfMemoryError. Vulnerability Details Refer to the security...
HARDCODED PRICES FOR STABLECOINS
Lines of code Vulnerability details Impact Hardcoded prices of stablecosins may open some arbitrage opportunities and produce many bad loans in CLM. Proof of Concept Hardcoding price of cUSDT and cUSDC as 1 may open some arbitrage opportunities when real price for each token is a little bit...
Security Bulletin: The IBM® SDK Java Technology Edition 8.0.7.5 contains additional security fixes that can be applied to IBM Continuous Engineering products based on IBM Jazz Technology
Summary There are security vulnerabilities that are addressed in the IBM® SDK Java Technology Edition 8.0.7.5. The following products: IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management CLM, Engineering Lifecycle Management ELM...
Cynet's Keys to Extend Threat Visibility
We hear about the need for better visibility in the cybersecurity space – detecting threats earlier and more accurately. We often hear about the dwell time and the time to identify and contain a data breach. Many of us are familiar with IBM's Cost of a Data Breach Report that has been tracking th...
Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects Engineering Lifecycle Management and IBM Engineering products
Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Workflow Management EWM, IBM Engineering Systems...
Security Bulletin: WebSphere Application Server is vulnerable to a denial of service which can impact IBM Engineering Lifecycle Management (ELM) products based on IBM Jazz technology
Summary WebSphere Application Server is vulnerable to a denial of service CVE-2021-38951. This may affect IBM Engineering Products based on IBM Jazz technology. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Product Overview - Cynet Centralized Log Management
For most organizations today, the logs produced by their security tools and environments provide a mixed bag. On the one hand, they can be a trove of valuable data on security breaches, vulnerabilities, attack patterns, and general security insights. On the other, organizations don't have the rig...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Appilcation Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.
Summary There are multiple vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty that affect IBM Engineering Products based on IBM Jazz technology. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Product...
Security Bulletin: Vulnerability in WebSphere Application Server affects multiple IBM Rational products based on IBM Jazz technology (CVE-2016-3092)
Summary Apache Commons Fileupload vulnerability in WebSphere Application Server bundled with IBM Jazz Team Server based Applications affects multiple products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team...
Security Bulletin: Information disclosure vulnerability in WebSphere Application Server Liberty affects multiple IBM Rational products based on IBM Jazz technology
Summary Information disclosure vulnerability in WebSphere Application Server Liberty bundled with IBM Jazz Team Server based Applications affects multiple products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational...
Security Bulletin: Vulnerabilities affect multiple IBM Rational products based on IBM Jazz technology (CVE-2015-7440, CVE-2015-7453, CVE-2015-7471)
Summary Vulnerabilities in the IBM Jazz Foundation affects the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management CLM, Rational Requirements Composer RRC, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC...