patch-management
Safeguard articles tagged "patch-management" — guides, analysis, and best practices for software supply chain and application security.
53 articles
CVE-2025-31133 in runc: Patch Posture & SBOM Response
runc container-escape via /proc mount manipulation affects Docker, Kubernetes, and every CRI runtime. Defender playbook below.
CVE-2025-64446 in Fortinet FortiWeb: Patch Posture & SBOM Response
FortiWeb path traversal + RCE scored CVSS 9.1 and entered CISA KEV after months of targeted exploitation. Defender playbook for the WAF emergency.
NIST SP 800-53 Release 5.2.0: Three New Controls You Cannot Ignore
NIST released SP 800-53 5.2.0 on August 27, 2025 with three new controls focused on patch root-cause analysis, structured logging, and cyber resiliency. Here is what it means for compliance teams.
CVE-2025-20333 in Cisco ASA: Patch Posture & SBOM Response
Cisco Secure Firewall ASA/FTD buffer overflow scored CVSS 9.9 and was added to CISA KEV the day Cisco published the advisory. Here is the defender playbook.
CVE-2020-11652: Directory traversal in SaltStack salt-master
CVE-2020-11652 lets remote attackers read files outside SaltStack file_roots via a salt-master directory traversal flaw. Impact, timeline, and fixes inside.
CVE-2021-25122: Request mix-up via Apache Tomcat h2c support
CVE-2021-25122 let Apache Tomcat mix up HTTP responses between concurrent users via the h2c upgrade path. Here's the impact, affected versions, and how to remediate.
CVE-2019-0980: .NET Core remote code execution via crafte...
CVE-2019-0980 lets attackers run arbitrary code via a crafted document that abuses how .NET Framework and .NET Core process untrusted input.
CVE-2021-26701: Remote code execution in .NET Core
CVE-2021-26701 is a 2021 .NET Core remote code execution flaw tied to text encoding. Here's what was affected, how it was patched, and how to stay protected.
CVE-2022-38013: Denial of service in .NET via crafted req...
A denial-of-service flaw in .NET, CVE-2022-38013, let attackers crash apps with crafted requests. Here is what is affected, the risk, and how to remediate it.
CVE-2023-29331: Remote code execution in .NET via crafted...
CVE-2023-29331 lets a crafted .NET assembly trigger remote code execution during loading. Here's what's affected, the severity context, and how to remediate it.
OpenJDK Vulnerabilities: Tracking and Patching
OpenJDK vulnerabilities are disclosed and patched through Oracle's quarterly Critical Patch Update cycle, but tracking them well means watching your specific JDK distribution and version line, not just assuming a generic update covers you.
CVE-2023-36799: Denial of service in .NET Core
CVE-2023-36799 is a denial-of-service flaw in the .NET runtime powering .NET Core-descended apps. Here's what's affected and how to remediate it.