Highest Voted 'cve' Questions

1

vote

2 answers

How to check if our system has been exploited by log4j vulnerability?

Recently there was a log4j vulnerability reported: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 https://www.randori.com/blog/cve-2021-44228/ https://www.lunasec.io/docs/blog/log4j-zero-day/ How do I know exactly my system has been attacked or…

log4j log4j2 cve

asked Dec 13 '21 at 14:26

Maxx

421
5
9

1

vote

1 answer

react-dev-utils latest version installs a vulnerable version of browserslist

react-dev-utils@11.0.4 installing a vulnerable version of browserlist, browserslist@4.14.2, although we have updated package on github. https://github.com/facebook/create-react-app/blob/main/packages/react-dev-utils/package.json#L57 [to test out,…

node.js npm dependencies package.json cve

asked Dec 10 '21 at 18:15

Hari Kishore

2,201
2
19
28

1

vote

1 answer

What does this vulnerability means CVE-2020-36460?

The description says : An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type. What is model crate? Sorry if its stupid…

security cve

asked Aug 19 '21 at 08:44

dname

153
2
10

1

vote

1 answer

Security vulnerability in Node.js server

I have website running on node.js & express server. I get to know that website have the following vulnerability. A remote attacker can send specially crafted HTTP request and force it to make logging statements on wrong connection for certain…

node.js express security nginx cve

asked Apr 01 '21 at 14:04

Meet Siraja

173
1
10

1

vote

0 answers

Not able to find the root cause for CVE-2020-13956

I am running an spring boot application with below parent org.springframework.boot spring-boot-starter-parent 2.4.2.RELEASE …

spring-boot docker security docker-image cve

asked Feb 25 '21 at 15:19

Shiva-kss

21
2

1

vote

0 answers

spring-boot 2.3.7 spring-boot-starter-integration CVE-2019-3772

I am getting from the tool Dependency-Checker on Sonar following: Filename: spring-boot-starter-integration-2.3.7.RELEASE.jar | Reference: CVE-2019-3772 | CVSS Score: 9.8 | Category: CWE-611 | Spring Integration (spring-integration-xml and…

spring spring-boot spring-integration cve

asked Jan 07 '21 at 13:41

Michael Hegner

5,555
9
38
64

1

vote

0 answers

JQuery vulnerabilities with the latest Jenkins and how to fix them?

I'm on Jenkins version 2.234. Our audit team reported that the latest jQuery plugin used by Jenkins is version 1.12.4 which is fairly old and has a lot of vulnerabilities. They found the 1.12.4 jQuery plugin on the below…

jquery security jenkins updates cve

asked Jun 30 '20 at 19:53

Ashar

2,942
10
58
122

1

vote

1 answer

Extracting CVE Info with a Python 3 regular expression

I frequently need a list of CVEs listed on a vendor's security bulletin page. Sometimes that's simple to copy off, but often they're mixed in with a bunch of text. I haven't touched Python in a good while, so I thought this would be a great…

regex python-3.x cve

asked Feb 11 '20 at 23:22

Brian

161
1
9

1

vote

0 answers

TITLE Search cve scanner for coreOs

I search a scanner for "cve" , to scan coreOS ( host , not containers ). do you know any ? Big thanks.

coreos cve

asked Jan 30 '20 at 16:46

thomas10_10

21
1

1

vote

1 answer

Why are Android versions older than 5.0 not vulnerable to CVE-2017-13156?

I was just reading about the Janus vulnerability (CVE-2017-13156) and there is one thing I cannot understand. The vulnerability lies in the implementation of the installation of the APK and Signature Scheme v1 (JAR signature). It allows you to craft…

android security apk jar-signing cve

asked Jan 28 '20 at 09:36

Topper Harley

375
4
17

1

vote

1 answer

"CVE-2018-5712" appears many times in PHP changelogs, which makes me confused

"CVE-2018-5712" appears many times in PHP changelogs, which makes me confused. Could someone explain this phenomenon?…

php cve

asked Dec 02 '19 at 08:03

Box

2,432
1
18
20

0

votes

0 answers

Fixed in Version not shown in harbor for trivy scan results of CVE

I am using trivy to scan docker images in #harbor . For some CVE it shows Current Version and Fixed in Version and some it doesn't shows. So I would like to know what may be the reason? Does that means it's not able to detect in which specific…

harbor cve trivy devsecops cve-2022-41903

asked Jul 19 '23 at 02:44

Ashish Karpe

5,087
7
41
66

0

votes

0 answers

Bulk CVE requests to NIST json APIs

I have a list of CVEs. Do you know a way to look for details about all the CVEs in bulk via the NIST json API (or a free alternative) without performing an http request for each single CVE?

cve nist

asked Jul 03 '23 at 01:20

user2461515

339
1
3
8

0

votes

0 answers

i can't find an attribute that i used to work with in python

did the "cpe" attribute of the object CVE from the nvdlib in python has been removed? i wrote a code weeks ago to get the cpe assigned to a cve and it worked, now i get an error mentionning that the cpe attribute dosen't exist, here is my…

python security cve

asked May 23 '23 at 12:51

Doskiy

1

0

votes

1 answer

How to resolve spring-boot-starter-mail:3.0.6 dependency vulnerabilities?

My project is importing: implementation 'org.springframework.boot:spring-boot-starter-mail:3.0.6' My SonarQube OWASP Dependency Scan is reporting vulnerabilities: app.jar: jakarta.mail-1.0.0.jar (shaded: org.eclipse.angus:angus-core:1.0.0) …

spring spring-boot jakarta-mail cve

asked May 17 '23 at 21:05

galfstad

1

Questions tagged [cve]