Collaborate Disseminate
By Deeba Ahmed
40% of 2024 CVEs Missing Key Info: NVD Data Gap Raises Security Risks!
This is a post from HackRead.com Read the original post: NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged
Continue reading NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged
I have developed a tool that can find Maven Central JAR artifacts that contain classes from known vulnerable JAR artifacts. This includes but is not limited to fat (uber) JARs, JAR bundles, and artifacts tagged with the -all identifier.
In… Continue reading Should Maven Central artifacts containing known vulnerable artifacts be reported?
White House calls for the “timely, complete, and consistent” publication of CVE and CWE data to help solve the security metrics problem.
The post US Gov Says Software Measurability is ‘Hardest Problem to Solve’ appeared first on SecurityWeek.
Continue reading US Gov Says Software Measurability is ‘Hardest Problem to Solve’
[Originally posted on ServerFault, was told it would fit better here]
Our vulnerability scanner (AWS Inspector V2) in the last couple of weeks started reporting ~10 High severity CVEs with the Linux kernel in our version of Debian (Bookwor… Continue reading Current (Feb 2024) High-Severity unfixed Linux Kernel CVEs
The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month. Sharp CVE increase heightens… Continue reading CVE count set to rise by 25% in 2024
I am trying to analyze CVE-2023-34453. As per the NVD description, there is an integer overflow error in snappy-java, specifically in the method shuffle(int[] input) in BitShuffle.java.
In a huge codeline this CVE was detected, and I want … Continue reading If a library has a vulnerable function, but my code doesn’t call it, is my code at risk? Do I need to update?
VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven… Continue reading VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)
CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects… Continue reading CVE Prioritizer: Open-source tool to prioritize vulnerability patching
Consider CVE-2023-21385 which was discovered in AOSP. In this security bulletin they mentioned that this issue was fixed. Is there any chance to know what kind of fix was given to this CVE (Code changes done) that I can take a look at as i… Continue reading How do I know what kind of code fix was given to a specific CVE for Android [migrated]
CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and user-friendly interface for navigating vulnerability databases. Although C… Continue reading CVEMap: Open-source tool to query, browse and search CVEs