Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Vulnerability Analysis

CVE-2022-29117: Regular expression denial of service in .NET

CVE-2022-29117 is a regular expression denial-of-service vulnerability in .NET that lets attackers exhaust CPU with crafted input. Here's what to patch and why.

Sep 19, 20258 min read
Vulnerability Management

VEX Adoption in the Enterprise: Lessons From Early Adopters

Vulnerability Exploitability eXchange documents promise to reduce alert fatigue by distinguishing exploitable vulnerabilities from theoretical ones. Here is how enterprises are actually using them.

Sep 18, 20257 min read
Vulnerability Analysis

CVE-2023-29331: Remote code execution in .NET via crafted...

CVE-2023-29331 lets a crafted .NET assembly trigger remote code execution during loading. Here's what's affected, the severity context, and how to remediate it.

Sep 18, 20258 min read
Vulnerabilities

OpenJDK Vulnerabilities: Tracking and Patching

OpenJDK vulnerabilities are disclosed and patched through Oracle's quarterly Critical Patch Update cycle, but tracking them well means watching your specific JDK distribution and version line, not just assuming a generic update covers you.

Sep 17, 20255 min read
Vulnerability Analysis

CVE-2024-0057: Certificate validation bypass in .NET X.50...

CVE-2024-0057 lets attackers forge X.509 certificates that bypass .NET's chain validation, risking spoofing in TLS and code-signing flows.

Sep 17, 20258 min read
Vulnerability Analysis

CVE-2018-1285: XXE in Apache log4net

CVE-2018-1285: Apache log4net before 2.0.10 fails to disable external XML entities, enabling XXE attacks via config files. Impact, fix, and detection.

Sep 16, 20258 min read
Vulnerability Analysis

CVE-2020-29652: Denial of service in golang.org/x/crypto/...

A pre-auth nil pointer dereference in golang.org/x/crypto/ssh let a single crafted request crash Go SSH servers. Here's the impact, fix, and remediation path.

Sep 16, 20258 min read
Vulnerability Analysis

CVE-2021-43565: Denial of service in golang.org/x/crypto/...

A crafted SSH packet could crash Go services using golang.org/x/crypto/ssh before the December 2021 fix. What's affected, the severity context, and how to remediate.

Sep 16, 20257 min read
Application Security

How Snyk Code's PR and MR checks block merges on newly in...

A mechanical look at how Snyk Code's pull and merge request checks isolate net-new vulnerabilities from pre-existing debt and gate merges on policy.

Sep 11, 20257 min read
SecOps

Security Vulnerability Remediation: Process, Prioritization, and SLAs

Finding vulnerabilities is the easy half. A working remediation program needs ownership, evidence-based prioritization, and SLAs that engineering teams can actually hit.

Sep 9, 20255 min read
Container Security

How Snyk Container detects a Dockerfile's base image with...

Snyk Container identifies a Dockerfile's true base image by comparing layer digests against a registry database, no docker run required.

Sep 8, 20258 min read
Buyer's Guides

How Snyk Container recommends minor, major, and alternati...

A mechanical look at how Snyk Container ranks minor, major, and alternative base image upgrades using vulnerability counts and registry metadata.

Sep 7, 20256 min read
vulnerability-management (Page 41) — Safeguard Blog