Stack Overflow
Stack Overflow

Questions tagged [cve]

74 questions
0
votes
1 answer

Looking for intentionally vulnerable nuget package for testing purposes

I am looking for one or more nuget packages that intentionally contain vulnerabilities. I want to test some security tools that should be able to pick up such nugets in my projects automatically and notify me, but I am having trouble finding any.
Luk164
  • 657
  • 8
  • 22
0
votes
1 answer

NVD API for multiple CVEs

While looking into specs of NVD APIs, the documentation mentions The CVE API is used to easily retrieve information on a single CVE or a collection of CVE from the NVD. However, the API documentation does not mention any means of providing data for…
Pavan Kumar
  • 4,182
  • 1
  • 30
  • 45
0
votes
0 answers

run CVE-2019-13272 POC failed

when i run CVE-2019-13272 POC,a message like this appears: [.] Checking environment ... [~] Done, looks good [.] Searching policies for useful helpers ... [.] Ignoring helper (does not exist): /opt/pbis/bin/config [.] Ignoring helper (does not…
lelouny
  • 1
  • 1
0
votes
0 answers

Does there exist a tool that checks my entire linux configuration for vulnerabilities using the CVE database

I would like to be able to do something such as yum list installed > SOME_FILE.txt or the equivalent in any other distribution and then upload SOME_FILE.txt to this tool and have it check the CVE database for any vulnerabilities. A stretch goal…
Jeff Silverman
  • 692
  • 1
  • 8
  • 15
0
votes
1 answer

PrismaCloud CVE-2022-36437

Prisma Cloud reports Vulnerability in hazelcast CVE-2022-36437 The thing is that the project does not use hazelcast. It uses payara-micro 6.2023.1 What is the connection between hazlecast and payara-micro? How to solve this vulnerability?
Farrukh Nabiyev
  • 346
  • 2
  • 11
0
votes
0 answers

how to exploit vulnerability CVE-2022-20006 in Android Studio

I need to demonstrate this vulnerability being exploited for my mobile cybersecurity class. It should be possible in the following Android versions: Android-10, Android-11, Android-12, Android-12L (with security patch levels older than June 5…
Thomas Todt
  • 3
  • 2
0
votes
0 answers

com.fasterxml.jackson.core:jackson-databand upgraded to latest 2.14.2 version, yet application war shows vulnerabilities

I'm using 6.9.2 version for gradle wrapper and my application war file is flagged with the following Jackson-databand vulnerabilities CVE-2022-42004, CVE-2022-42003, CVE-2020-36518, CVE-2022-25649 in WIZ Security scanning. To solve this I have…
curious_cat16
  • 1
  • 2
0
votes
1 answer

How to check the compatibility of a transitive dependency with its direct dependency in a Spring Boot Maven project?

My organization started to scan all our application for vulnerabilities and the scanner show up with lots of findings. Some CVE are easy to fix, but some require extra steps, and I wonder how to properly fix CVE in transitive dependencies,…
Aleson
  • 332
  • 2
  • 9
0
votes
1 answer

Please explain OpenSSL CVE-2022-3786 'sizeof' change

What is difference between these 2 sizeof operator uses? From here: https://github.com/openssl/openssl/commit/680e65b94c916af259bfdc2e25f1ab6e0c7a97d6?diff=split unsigned int *pDecoded ... memmove(pDecoded + i + 1, pDecoded + i, (written_out - i) *…
philcolbourn
  • 4,042
  • 3
  • 28
  • 33
0
votes
0 answers

Do CVEs against netty apply to reactor netty?

My security tool is detecting a reactor netty package and flagging it with a netty CVEs. Details: My server has reactor netty v1.0.23 installed (v1.0.23 was released Sep 30, 2022) My security tool identifies CVE-2019-20445 CVE-2019-20445 was…
topstair
  • 41
  • 3
0
votes
1 answer

Was Ruby On Rails affected by CVE-2019-16201?

I didn't find a short answer to my question,CVE-2019-16201 was a vulnerability on WEBrick on Ruby, was RubyOnRails affected by this vulnerability as well? I say yes because I found RubyOnRails used WEBrick as mentionned Here. I say no because on…
E Epsylon
  • 56
  • 1
  • 6
0
votes
1 answer

Using Sonarqube, can I get alert when there is a CVE on a dependency

Using Sonarqube, can I get alert when there is a CVE on a dependency ? I track software quality on Sonarqube and I have read about the dependency check integration. But it seems quite different from the dependency track platform where notifications…
Jean
  • 1,707
  • 3
  • 24
  • 43
0
votes
1 answer

is it now save to use python ftblib in passive mode

i found this vulnerability CVE-2021-4189 (https://bugzilla.redhat.com/show_bug.cgi?id=2036020) in ftblib library in python CVE description : A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV…
Anne Yo
  • 13
  • 2
0
votes
0 answers

is my app using jackson-databind exploitable to CVE-2019-12384?

I am analyzing this CVE and I came across this link: https://github.com/FasterXML/jackson-databind/issues/2334. it states that If service has jar logback-classic in its classpath then vulnerabilitiy applies. What is meant by this? does it mean that…
ethicalhacker
  • 119
  • 9
0
votes
0 answers

How to fix sonar vulnerability in spring-boot Reference: CVE-2022-31569 CVSS Score: 9.3 Category: CWE-22

I have a Vulnerability Blocker : Filename: ...spring-boot-2.4.5.jar | Reference: CVE-2022-31569 | CVSS Score: 9.3 | Category: CWE-22 | The RipudamanKaushikDal/projects repository through 2022-04-03 on GitHub allows absolute path traversal because…
R722443
  • 1
  • 2
1 2
3
4 5