vulnerability-analysis
Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.
360 articles
CVE-2021-22112: Improper authorization in Spring Security...
CVE-2021-22112 let Spring Security lose SecurityContext changes mid-request, an improper authorization flaw exposing OAuth2-secured apps to privilege escalation.
CVE-2019-0815: Remote code execution in .NET Core
CVE-2019-0815 is a Microsoft-disclosed remote code execution flaw in .NET Core. Here's what we know about impact, remediation, and supply chain risk.
CVE-2019-0980: .NET Core remote code execution via crafte...
CVE-2019-0980 lets attackers run arbitrary code via a crafted document that abuses how .NET Framework and .NET Core process untrusted input.
CVE-2019-1075: Denial of service in .NET Core
CVE-2019-1075 is a 2019 denial-of-service flaw in .NET Core that let unauthenticated attackers crash web apps with crafted requests. Here's what to know.
CVE-2021-26701: Remote code execution in .NET Core
CVE-2021-26701 is a 2021 .NET Core remote code execution flaw tied to text encoding. Here's what was affected, how it was patched, and how to stay protected.
CVE-2022-29145: Denial of service in .NET SignalR/Network...
CVE-2022-29145 is a High-severity DoS flaw in .NET's networking stack affecting ASP.NET Core and SignalR. Here's the scope, timeline, and how to remediate it.
CVE-2022-29148: Denial of service in .NET Kestrel HTTP stack
CVE-2022-21986 is a CVSS 7.5 denial-of-service flaw in .NET Kestrel's HTTP/2 and HTTP/3 handling. Here's what's affected and how to remediate it.
CVE-2022-38013: Denial of service in .NET via crafted req...
A denial-of-service flaw in .NET, CVE-2022-38013, let attackers crash apps with crafted requests. Here is what is affected, the risk, and how to remediate it.
CVE-2023-33170: Denial of service in .NET SocketsHttpHandler
A memory-allocation flaw in .NET's SocketsHttpHandler (CVE-2022-23267) let malicious HTTP responses trigger denial of service in HttpClient-based apps.
CVE-2023-36799: Denial of service in .NET Core
CVE-2023-36799 is a denial-of-service flaw in the .NET runtime powering .NET Core-descended apps. Here's what's affected and how to remediate it.
CVE-2024-0056: Security bypass in Microsoft.Data.SqlClient
CVE-2024-0056 lets attackers bypass TLS protections in Microsoft.Data.SqlClient/System.Data.SqlClient. Affected versions, remediation, and masking as defense in depth.
How the Snyk Vulnerability Database sources and verifies ...
A look at how Snyk's Vulnerability Database sources, verifies, and scores new disclosures, from GHSA feeds and silent fixes to CVSS overrides and embargo timing.