Stack Overflow
Stack Overflow

Questions tagged [cve]

74 questions
0
votes
1 answer

Java CVE-2021-26291 on maven-core-3.0.jar maven-core-3.1.0.jar

Small question regarding CVE-2021-26291 on maven-core-3.0.jar maven-core-3.1.0.jar please. On a very simple project, which pom file below (please feel free to copy paste) Maven versin is: Apache Maven 3.6.3
PatPanda
  • 3,644
  • 9
  • 58
  • 154
0
votes
0 answers

Does MySQL CVE-2017-15945 affects Oracle's .Net5 connector in any way?

Our SAST scanner has reported that CVE-2017-15945 (https://bugs.gentoo.org/630822) is impacting the .Net 5 connector that we use (https://www.nuget.org/packages/MySql.EntityFrameworkCore/, version 5.0.5). I do not have more information on how the…
Florin Nedelcu
  • 31
  • 4
0
votes
0 answers

Making and Applying Linux Security Patches

Apologies in advance if this is off topic or posted in the wrong place Just started hosting my own media server (CentOS Stream 8) and I'm trying to learn how to secure it. How would you apply changes from git to your kernel? in this case it would be…
Codename Jinn
  • 27
  • 1
  • 8
0
votes
2 answers

Microsoft CVRF API

It has come to my attention that, starting from February 9, 2021, Microsoft Security Response Center has removed registrations requirements to their CVRF API. That could be a nice way to programmatically identify, download and apply security…
antonio
  • 10,629
  • 13
  • 68
  • 136
0
votes
3 answers

Block instances of a class at the JVM level?

Is there a way to configure the JVM to block instances of a class being created? I'd like to do this to ensure no service running in the JVM is allowed to create instances of a class that has been identified as a security risk in a CVE, lets call…
Brad Parks
  • 66,836
  • 64
  • 257
  • 336
0
votes
0 answers

Play framework 2.8.2 triggers SBT OWASP scanner for vuln CVE-2015-2156 fixed in 2.3.9

I have a Play Framework Scala app using version 2.8.2 (current) When I run the OWASP scanner from https://github.com/albuch/sbt-dependency-check (ver 2.0.0), it flags the following CVE, which was apparently fixed in Play…
Rich
  • 15,048
  • 2
  • 66
  • 119
0
votes
0 answers

How do you request updating Hyperledger Fabric Docker files to address security vulnerabilities in the operating system

The latest tagged (amd64-1.4.4) hyperledger fabric-peer and hyperledger fabric-tools hosted on hub.docker.com have linux security vulnerabilities. { "CVE": "CVE-2019-18224", "Package": "libidn2", "Version": "2.0.5-1", …
Carrie
  • 1
-1
votes
1 answer

I want to fix security vulnerability in my docker image

I had uploaded a Docker image in Google container Registry. It scanned the image and shows me many vulnerabilities I want to fix atleast critical ones and of high priority so how can I fix it also is there any automatic way of scanning and fixing…
Robin
  • 1
  • 2
-1
votes
1 answer

How can we get cve list under one cwe id?

I want to fetch a list of CVEs using the CWE ID but could not find any references. Any help will be appreciated.
Mahesh
  • 54
  • 4
-1
votes
1 answer

Test jquery for vulnerabilities,

I am a bug hunter and founded CVE-2020-11022 through an automated scan on a domain.But there's a problem i don't know how to test jquery manually.You can recommend me blog etc or anything related to it.I shall be very thankful to you.
M Tabarik Asif
  • 1
  • 1
-1
votes
1 answer

Search manual software inventory software with matching of known vulnerabilities from public sources

I'm looking for an application where I can manually enter my chosen software - no automatic software inventory - and this software is automatically scanned for known vulnerabilities (from public sources) as soon as I open the program. At best it…
Matthias
  • 1
-1
votes
2 answers

Does CVE always has a fixed patch?

I'm not sure if there is always a patch to the corresponding CVE ? And what if patch_a doesn't fix the CVE properly and then here comes patch_b, so there are two patches to fix one certain CVE. In this case will the CVE reference updated?
hukeping
  • 665
  • 7
  • 12
-2
votes
0 answers

CVE-2022-29581 to Root Z Flip 5

I had a thought about rooting my z flip 5 by exploiting the kernel (5.15.78). After some surface level research I found CVE-2022-29581 which allows local privilege escalation and it looks like it's a vuln that might work for this kernel version not…
K1ll4n1c
  • 1
-2
votes
1 answer

CVE-2021-24112, CVE-2021-26701 showing severity score as 9.8 on Restsharp upgrade

I upgraded the restSharp from 106.13.0 to 108.0.2 on .Net Framework 4.7.2 and, since then, I'm getting both CVE-2021-24112, CVE-2021-26701 Severity as CRITICAL with score of 9.8 on Dependency Scan Results (dotnet) I also observed Fixed version as…
Manoj Buddy
  • 1
1 2 3 4
5