Safeguard
Tag

software-supply-chain

Safeguard articles tagged "software-supply-chain" — guides, analysis, and best practices for software supply chain and application security.

526 articles

Vulnerability Analysis

CVE-2021-25122: Request mix-up via Apache Tomcat h2c support

CVE-2021-25122 let Apache Tomcat mix up HTTP responses between concurrent users via the h2c upgrade path. Here's the impact, affected versions, and how to remediate.

Sep 23, 20256 min read
Vulnerability Analysis

CVE-2021-25329: Incomplete fix of Tomcat PersistenceManag...

CVE-2021-25329 shows how Tomcat's PersistenceManager deserialization fix (CVE-2020-9484) was incomplete, still risking RCE in edge-case configs.

Sep 23, 20258 min read
Vulnerability Analysis

CVE-2022-1471: Remote code execution in SnakeYAML deseria...

CVE-2022-1471 exposes SnakeYAML deserialization to remote code execution. Here is what is affected, CVSS context, and how to remediate the flaw.

Sep 23, 20257 min read
Vulnerability Analysis

CVE-2017-18640: Denial of service via SnakeYAML alias ent...

CVE-2017-18640 lets attackers crash Java services by abusing SnakeYAML's YAML alias/anchor expansion. Here's what's affected and how to fix it.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2018-1270: Remote code execution in Spring Messaging ...

CVE-2018-1270 is a critical, unauthenticated RCE in Spring Messaging's STOMP-over-WebSocket support. Here's what's affected, how severe it is, and how to remediate it.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2019-0815: Remote code execution in .NET Core

CVE-2019-0815 is a Microsoft-disclosed remote code execution flaw in .NET Core. Here's what we know about impact, remediation, and supply chain risk.

Sep 20, 20258 min read
Vulnerability Analysis

CVE-2019-0980: .NET Core remote code execution via crafte...

CVE-2019-0980 lets attackers run arbitrary code via a crafted document that abuses how .NET Framework and .NET Core process untrusted input.

Sep 20, 20258 min read
Vulnerability Analysis

CVE-2019-0981: .NET Core remote code execution (second va...

CVE-2019-0981, the second variant of the April 2019 .NET Core RCE pair, let attackers run arbitrary code via a malicious file. Here's what to patch and why.

Sep 20, 20257 min read
Vulnerability Analysis

CVE-2019-1075: Denial of service in .NET Core

CVE-2019-1075 is a 2019 denial-of-service flaw in .NET Core that let unauthenticated attackers crash web apps with crafted requests. Here's what to know.

Sep 20, 20257 min read
Vulnerability Analysis

CVE-2020-1045: Security feature bypass in ASP.NET Core

CVE-2020-1045 lets attackers bypass CORS protections in ASP.NET Core apps. Here's what's affected, the risk context, and how to remediate it for good.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2022-29145: Denial of service in .NET SignalR/Network...

CVE-2022-29145 is a High-severity DoS flaw in .NET's networking stack affecting ASP.NET Core and SignalR. Here's the scope, timeline, and how to remediate it.

Sep 18, 20257 min read
Vulnerability Analysis

CVE-2022-38013: Denial of service in .NET via crafted req...

A denial-of-service flaw in .NET, CVE-2022-38013, let attackers crash apps with crafted requests. Here is what is affected, the risk, and how to remediate it.

Sep 18, 20257 min read
software-supply-chain (Page 34) — Safeguard Blog