vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
CVE-2022-29117: Regular expression denial of service in .NET
CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.
VEX Adoption in the Enterprise: Lessons From Early Adopters
Vulnerability Exploitability eXchange documents promise to reduce alert fatigue by distinguishing exploitable vulnerabilities from theoretical ones. Here is how enterprises are actually using them.
CVE-2023-29331: Remote code execution in .NET via crafted...
CVE-2023-29331 lets a crafted .NET assembly trigger remote code execution during loading. Here's what's affected, the severity context, and how to remediate it.
OpenJDK Vulnerabilities: Tracking and Patching
OpenJDK vulnerabilities are disclosed and patched through Oracle's quarterly Critical Patch Update cycle, but tracking them well means watching your specific JDK distribution and version line, not just assuming a generic update covers you.
CVE-2024-0057: Certificate validation bypass in .NET X.50...
CVE-2024-0057 lets attackers forge X.509 certificates that bypass .NET's chain validation, risking spoofing in TLS and code-signing flows.
CVE-2018-1285: XXE in Apache log4net
CVE-2018-1285: Apache log4net before 2.0.10 fails to disable external XML entities, enabling XXE attacks via config files. Impact, fix, and detection.
CVE-2020-29652: Denial of service in golang.org/x/crypto/...
A pre-auth nil pointer dereference in golang.org/x/crypto/ssh let a single crafted request crash Go SSH servers. Here's the impact, fix, and remediation path.
CVE-2021-43565: Denial of service in golang.org/x/crypto/...
A crafted SSH packet could crash Go services using golang.org/x/crypto/ssh before the December 2021 fix. What's affected, the severity context, and how to remediate.
How Snyk Code's PR and MR checks block merges on newly in...
A mechanical look at how Snyk Code's pull and merge request checks isolate net-new vulnerabilities from pre-existing debt and gate merges on policy.
Security Vulnerability Remediation: Process, Prioritization, and SLAs
Finding vulnerabilities is the easy half. A working remediation program needs ownership, evidence-based prioritization, and SLAs that engineering teams can actually hit.
How Snyk Container detects a Dockerfile's base image with...
Snyk Container identifies a Dockerfile's true base image by comparing layer digests against a registry database, no docker run required.
How Snyk Container recommends minor, major, and alternati...
A mechanical look at how Snyk Container ranks minor, major, and alternative base image upgrades using vulnerability counts and registry metadata.