kev-catalog
Safeguard articles tagged "kev-catalog" — guides, analysis, and best practices for software supply chain and application security.
7 articles
What is a known vulnerability?
A known vulnerability is a publicly disclosed, CVE-tracked flaw — and disclosure alone doesn't mean it's fixed, patched, or harmless.
HTTP/2 Rapid Reset zero-day vulnerability CVE-2023-44487
CVE-2023-44487 "HTTP/2 Rapid Reset" enabled record-breaking DDoS attacks via stream-reset abuse. Impact, affected stacks, and remediation steps.
What is Spring4Shell
Spring4Shell (CVE-2022-22965) let attackers gain unauthenticated RCE on Java apps via Spring data binding. Here's the full breakdown and fix.
F5 BIG-IP iControl REST RCE (CVE-2022-1388)
A critical iControl REST auth bypass let attackers gain root RCE on BIG-IP within days of disclosure. Impact, KEV status, timeline, and fixes.
Outlook NTLM hash leak zero-day (CVE-2023-23397)
A zero-click Outlook flaw let attackers steal NTLM hashes via crafted calendar reminders — exploited by APT28 for a year before patching. Here's what to do.
Spring Cloud Gateway actuator RCE (CVE-2022-22947)
A critical SpEL injection flaw in Spring Cloud Gateway's actuator API let unauthenticated attackers run code. Here's the impact, timeline, and fixes.
CVE-2020-11652: Directory traversal in SaltStack salt-master
CVE-2020-11652 lets remote attackers read files outside SaltStack file_roots via a salt-master directory traversal flaw. Impact, timeline, and fixes inside.