Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Vulnerability Analysis

CVE-2022-29117: Regular expression denial of service in .NET

CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.

Sep 19, 20258 min read
Vulnerability Analysis

CVE-2023-33170: Denial of service in .NET SocketsHttpHandler

A memory-allocation flaw in .NET's SocketsHttpHandler (CVE-2022-23267) let malicious HTTP responses trigger denial of service in HttpClient-based apps.

Sep 17, 20258 min read
Vulnerability Analysis

CVE-2023-36799: Denial of service in .NET Core

CVE-2023-36799 is a denial-of-service flaw in the .NET runtime powering .NET Core-descended apps. Here's what's affected and how to remediate it.

Sep 17, 20257 min read
Vulnerability Analysis

CVE-2024-0056: Security bypass in Microsoft.Data.SqlClient

CVE-2024-0056 lets attackers bypass TLS protections in Microsoft.Data.SqlClient/System.Data.SqlClient. Affected versions, remediation, and masking as defense in depth.

Sep 17, 20257 min read
Vulnerability Analysis

CVE-2024-0057: Certificate validation bypass in .NET X.50...

CVE-2024-0057 lets attackers forge X.509 certificates that bypass .NET's chain validation, risking spoofing in TLS and code-signing flows.

Sep 17, 20258 min read
Vulnerability Analysis

CVE-2018-1285: XXE in Apache log4net

CVE-2018-1285: Apache log4net before 2.0.10 fails to disable external XML entities, enabling XXE attacks via config files. Impact, fix, and detection.

Sep 16, 20258 min read
Vulnerability Analysis

CVE-2020-29652: Denial of service in golang.org/x/crypto/...

A pre-auth nil pointer dereference in golang.org/x/crypto/ssh let a single crafted request crash Go SSH servers. Here's the impact, fix, and remediation path.

Sep 16, 20258 min read
Supply Chain

What Is a Software Ingredient Label?

Food gets an ingredient panel; software gets an SBOM. What a software ingredient label contains, who is demanding one, and how to generate yours automatically.

Sep 9, 20256 min read
Buyer's Guides

How Snyk Container recommends minor, major, and alternati...

A mechanical look at how Snyk Container ranks minor, major, and alternative base image upgrades using vulnerability counts and registry metadata.

Sep 7, 20256 min read
Container Security

How Snyk Container's Base Image filter isolates OS-level ...

How Snyk Container's Base Image filter separates OS-level vulnerabilities from application dependencies, how it identifies base images, and where attribution breaks down.

Sep 7, 20257 min read
Container Security

How Snyk Container scans distroless and minimal (Wolfi-st...

Distroless and Wolfi-style images strip out package managers, breaking traditional scanners. Here's how Snyk Container identifies vulnerable packages anyway.

Sep 7, 20258 min read
Container Security

How Snyk Container integrates with Kubernetes workloads f...

How Snyk Container's Kubernetes integration uses a read-only controller to continuously re-check running workload images as new CVEs are disclosed.

Sep 6, 20257 min read
supply-chain-security (Page 76) — Safeguard Blog