Safeguard
Tag

cve-analysis

Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.

134 articles

Vulnerability Analysis

CVE-2019-0815: Remote code execution in .NET Core

CVE-2019-0815 is a Microsoft-disclosed remote code execution flaw in .NET Core. Here's what we know about impact, remediation, and supply chain risk.

Sep 20, 20258 min read
Vulnerability Analysis

CVE-2019-0981: .NET Core remote code execution (second va...

CVE-2019-0981, the second variant of the April 2019 .NET Core RCE pair, let attackers run arbitrary code via a malicious file. Here's what to patch and why.

Sep 20, 20257 min read
Vulnerability Analysis

CVE-2019-1075: Denial of service in .NET Core

CVE-2019-1075 is a 2019 denial-of-service flaw in .NET Core that let unauthenticated attackers crash web apps with crafted requests. Here's what to know.

Sep 20, 20257 min read
Vulnerability Analysis

CVE-2020-0602: Denial of service in ASP.NET Core

A denial of service flaw in ASP.NET Core 3.0/3.1, patched January 2020. Unauthenticated, network-exploitable, high-severity impact on availability.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2020-1045: Security feature bypass in ASP.NET Core

CVE-2020-1045 lets attackers bypass CORS protections in ASP.NET Core apps. Here's what's affected, the risk context, and how to remediate it for good.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2022-29117: Regular expression denial of service in .NET

CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2023-29331: Remote code execution in .NET via crafted...

CVE-2023-29331 lets a crafted .NET assembly trigger remote code execution during loading. Here's what's affected, the severity context, and how to remediate it.

Sep 18, 20258 min read
Vulnerability Analysis

CVE-2024-0057: Certificate validation bypass in .NET X.50...

CVE-2024-0057 lets attackers forge X.509 certificates that bypass .NET's chain validation, risking spoofing in TLS and code-signing flows.

Sep 17, 20258 min read
Vulnerability Analysis

CVE-2018-1285: XXE in Apache log4net

CVE-2018-1285: Apache log4net before 2.0.10 fails to disable external XML entities, enabling XXE attacks via config files. Impact, fix, and detection.

Sep 16, 20258 min read
Vulnerability Analysis

CVE-2020-29652: Denial of service in golang.org/x/crypto/...

A pre-auth nil pointer dereference in golang.org/x/crypto/ssh let a single crafted request crash Go SSH servers. Here's the impact, fix, and remediation path.

Sep 16, 20258 min read
Vulnerability Analysis

CVE-2021-43565: Denial of service in golang.org/x/crypto/...

A crafted SSH packet could crash Go services using golang.org/x/crypto/ssh before the December 2021 fix. What's affected, the severity context, and how to remediate.

Sep 16, 20257 min read
Open Source Security

How Snyk Container prioritizes OS package vulnerabilities...

A technical look at how Snyk Container ranks OS package vulnerabilities using exploit maturity signals, CVSS, and EPSS instead of severity alone.

Sep 5, 20258 min read
cve-analysis (Page 11) — Safeguard Blog