Collaborate Disseminate
This week, news has broken of the Mother of All Breaches, MOAB. It’s 12 terabytes and 26 billion records, averaging about 500 bytes each. Now note that a record here …read more Continue reading This Week in Security: MOAB, Microsoft, and Printers
I am failing to understand why this CVE in Apache Tomcat is rated as High.
Here is the CVE in NVD:
https://nvd.nist.gov/vuln/detail/CVE-2022-45143
According to a medium article:
This vulnerability is caused by a flaw in the way the softwar… Continue reading Understanding criticality of CVE 2022-45143 [closed]
I am failing to understand why this CVE in Apache Tomcat is rated as High.
Here is the CVE in NVD:
https://nvd.nist.gov/vuln/detail/CVE-2022-45143
According to a medium article:
This vulnerability is caused by a flaw in the way the softwar… Continue reading Understanding criticality of CVE 2022-45143 [closed]
I am failing to understand why this CVE in Apache Tomcat is rated as High.
Here is the CVE in NVD:
https://nvd.nist.gov/vuln/detail/CVE-2022-45143
According to a medium article:
This vulnerability is caused by a flaw in the way the softwar… Continue reading Understanding criticality of CVE 2022-45143 [closed]
Global attack attempts more than doubled in 2023, increasing 104%, according to Armis. Blind spots and critical vulnerabilities are worsening, with 45% of critical CVEs remaining unpatched. Utilities (over 200% increase) and manufacturing (165% increas… Continue reading 45% of critical CVEs left unpatched in 2023
I am trying to understand the implication of CVE-2023-40791. The CVE reads:
"Linux kernel before 6.4.12 fails to unpin pages in certain situations".
NetApp says this could lead to modification of data or denial of service. Is t… Continue reading What are the security concerns from failing to unpin memory?
Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions 8.5.4… Continue reading Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)
How do I find the right CPE for my vendor and product?
for example. I use org.hibernate » hibernate-core » 5.3.16.Final Maven dependency. However, when searching on NVD site(https://nvd.nist.gov/vuln/search) for hibernate-core or hibernate… Continue reading How to find the right CPE for your vendor and product [closed]
In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset inventorie… Continue reading Creating a formula for effective vulnerability prioritization
Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were fixed… Continue reading December 2023 Patch Tuesday: 33 fixes to wind the year down