Items tagged with: cve

Search

Items tagged with: cve

Top #CWE reasons used in #curl #CVE reports. In the 161 CVEs we have published over 25+ years so far, we have used 59 different CWEs.

The graph shows all CWEs that have been used more than once.

#curl #cve #cwe

The number of CNAs over time (#CVE Numbering Authorities). At 385 right now. Over 20,000 CVEs published in the first half of 2024.

From the "CVE Program and CNA Quarterly Report"

#cve

✅ Achievement unlocked - Got a minor credit in a CVE.

mcphail wrote:

"I recently found a bug in Snap, a package manager for Ubuntu and other Linux distributions, which allows the snap to escape the sandbox and run arbitrary code (as the user) if the home permission is set. This exploit could be run on a vanilla install of Ubuntu and was patched in commit aa191f9 on 13th March 2024."

gld.mcphail.uk/posts/explainin…

cve.mitre.org/cgi-bin/cvename.…

#cve #snapcraft #linux

CVE - CVE-2024-1724

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
cve.mitre.org
#linux #cve #snapcraft

#linux #opensource #OpenBSD #freebsd #netbsd #posix #IP #developers #curl #cve #programmers #daniel #stenberg #fedor #indutny #phenomena #panic #bogus

#curl #cve

#curl #cve

#cybersecurity #vulnerability #cve #CNA #vulnerabilitymanagement

100% agreed that the CVSS scoring system and "assume the worst" guidance makes for scores that do not accurately reflect importance. Especially for very broad-use things.

My take on this is that. like it or not, more open source projects of note need to become "CNA" (certificate numbering authorities) of their own which I understand can given them some control over the content of CVEs filed against their project. cve.org/ProgramOrganization/CN…

#cve #cvss #cna #oss

cve-website

www.cve.org
#oss #cve #cvss #CNA