Safeguard
Tag

patch-management

Safeguard articles tagged "patch-management" — guides, analysis, and best practices for software supply chain and application security.

53 articles

Vulnerability Response

CVE-2025-31133 in runc: Patch Posture & SBOM Response

runc container-escape via /proc mount manipulation affects Docker, Kubernetes, and every CRI runtime. Defender playbook below.

Nov 19, 20257 min read
Vulnerability Response

CVE-2025-64446 in Fortinet FortiWeb: Patch Posture & SBOM Response

FortiWeb path traversal + RCE scored CVSS 9.1 and entered CISA KEV after months of targeted exploitation. Defender playbook for the WAF emergency.

Nov 15, 20257 min read
Standards

NIST SP 800-53 Release 5.2.0: Three New Controls You Cannot Ignore

NIST released SP 800-53 5.2.0 on August 27, 2025 with three new controls focused on patch root-cause analysis, structured logging, and cyber resiliency. Here is what it means for compliance teams.

Oct 13, 20257 min read
Vulnerability Response

CVE-2025-20333 in Cisco ASA: Patch Posture & SBOM Response

Cisco Secure Firewall ASA/FTD buffer overflow scored CVSS 9.9 and was added to CISA KEV the day Cisco published the advisory. Here is the defender playbook.

Oct 2, 20256 min read
Vulnerability Analysis

CVE-2020-11652: Directory traversal in SaltStack salt-master

CVE-2020-11652 lets remote attackers read files outside SaltStack file_roots via a salt-master directory traversal flaw. Impact, timeline, and fixes inside.

Oct 1, 20258 min read
Vulnerability Analysis

CVE-2021-25122: Request mix-up via Apache Tomcat h2c support

CVE-2021-25122 let Apache Tomcat mix up HTTP responses between concurrent users via the h2c upgrade path. Here's the impact, affected versions, and how to remediate.

Sep 23, 20256 min read
Vulnerability Analysis

CVE-2019-0980: .NET Core remote code execution via crafte...

CVE-2019-0980 lets attackers run arbitrary code via a crafted document that abuses how .NET Framework and .NET Core process untrusted input.

Sep 20, 20258 min read
Vulnerability Analysis

CVE-2021-26701: Remote code execution in .NET Core

CVE-2021-26701 is a 2021 .NET Core remote code execution flaw tied to text encoding. Here's what was affected, how it was patched, and how to stay protected.

Sep 19, 20257 min read
Vulnerability Analysis

CVE-2022-38013: Denial of service in .NET via crafted req...

A denial-of-service flaw in .NET, CVE-2022-38013, let attackers crash apps with crafted requests. Here is what is affected, the risk, and how to remediate it.

Sep 18, 20257 min read
Vulnerability Analysis

CVE-2023-29331: Remote code execution in .NET via crafted...

CVE-2023-29331 lets a crafted .NET assembly trigger remote code execution during loading. Here's what's affected, the severity context, and how to remediate it.

Sep 18, 20258 min read
Vulnerabilities

OpenJDK Vulnerabilities: Tracking and Patching

OpenJDK vulnerabilities are disclosed and patched through Oracle's quarterly Critical Patch Update cycle, but tracking them well means watching your specific JDK distribution and version line, not just assuming a generic update covers you.

Sep 17, 20255 min read
Vulnerability Analysis

CVE-2023-36799: Denial of service in .NET Core

CVE-2023-36799 is a denial-of-service flaw in the .NET runtime powering .NET Core-descended apps. Here's what's affected and how to remediate it.

Sep 17, 20257 min read
patch-management (Page 3) — Safeguard Blog