Hacker News
- Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 https://nvd.nist.gov/vuln/detail/CVE-2024-0519 100 comments
- Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-23415 12 comments
- Java Apache Commons Text vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-42889 37 comments
- CVE-2022-23812: node-ipc contains malicious code targeting Russia and Belarus https://nvd.nist.gov/vuln/detail/CVE-2022-23812 2 comments
- CVE-2021-27135: xterm flaw may allow remote code execution, CVSS 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-27135 61 comments
- Python 3.x has a buffer overflow which may lead to remote code execution https://nvd.nist.gov/vuln/detail/CVE-2021-3177 2 comments
- Remote code execution in Apache Tomcat 7.0 https://nvd.nist.gov/vuln/detail/CVE-2017-12615 11 comments
- Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code https://nvd.nist.gov/vuln/detail/CVE-2017-9417 42 comments
- Udp.c in Linux kernel pre-4.5 allows remote attackers to execute arbitrary code https://nvd.nist.gov/vuln/detail/CVE-2016-10229#vulnDescriptionTitle 65 comments
Lobsters
- CVE-2016-10229 remote code execution via UDP https://nvd.nist.gov/vuln/detail/CVE-2016-10229 7 comments linux , security
- Vulnerability in ip package in node https://nvd.nist.gov/vuln/detail/CVE-2023-42282 7 comments node
- XZ issue is being investigated by the US government as a critical national security issue https://nvd.nist.gov/vuln/detail/CVE-2024-3094 4 comments linux
- Vulnerability `Leaky Vessels` CVE-2024-21626 https://nvd.nist.gov/vuln/detail/CVE-2024-21626 4 comments kubernetes
- Ah f... CVSS 10.0 dropped. Absolute meltdown incoming https://nvd.nist.gov/vuln/detail/CVE-2023-5129 254 comments sysadmin
- Barracuda breach https://nvd.nist.gov/vuln/detail/CVE-2023-2868 17 comments sysadmin
- CVE-2023-23415 - ICMP Remote Code Execution https://nvd.nist.gov/vuln/detail/CVE-2023-23415 49 comments netsec
- CVE-2022-42889 - Important Vulnerability in Apache Commons with a Score 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-42889 5 comments java
- 9.8 Critical issue in Apache Commons Text https://nvd.nist.gov/vuln/detail/CVE-2022-42889 4 comments netsec
- Need Help Installing Outdated Apache Version https://nvd.nist.gov/vuln/detail/CVE-2021-41773 5 comments centos
- Vulnerability in WhatsApp mobile apps could result in remote code execution in an established video call (CVSS 9.8) https://nvd.nist.gov/vuln/detail/CVE-2022-36934 14 comments netsec
- Gitlab 9.9 CVE https://nvd.nist.gov/vuln/detail/CVE-2022-2185 35 comments sysadmin
- NVD - CVE-2022-23812 - A 9.8 critical vulnerability caused by a node library author adding code into his package which has a 1 in 4 chance of wiping the files of a system if it's IP comes from Russia or Belarus https://nvd.nist.gov/vuln/detail/CVE-2022-23812 232 comments programming
- CVE-2022-25636 : New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access https://nvd.nist.gov/vuln/detail/CVE-2022-25636 3 comments netsec
- Pentest report and residual risk https://nvd.nist.gov/vuln/detail/CVE-2021-44228 2 comments pentesting
- what is distro has better security debian stable or ubuntu LTS? https://nvd.nist.gov/vuln/search/statistics?form_type=Advanced&results_type=statistics&search_type=all&isCpeNameSearch=false&cpe_vendor=cpe%3A%2F%3Adebian 19 comments debian
- CVE-2002-20001 - disable Diffie-Hellman (DHE) key exchange on everything https://nvd.nist.gov/vuln/detail/CVE-2002-20001 11 comments netsec
- Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. https://nvd.nist.gov/vuln/detail/cve-2021-30481 36 comments netsec
- WebLogic RCE - CVE-2020-14882 - Single GET Request https://nvd.nist.gov/vuln/detail/cve-2020-14882 8 comments netsec
- NVD - CVE-2020-2021: When SAML auth is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources https://nvd.nist.gov/vuln/detail/cve-2020-2021 4 comments netsec
- Why CVE-2019-18848 is considered an security issue? Which risks it can bring for those who use this gem? https://nvd.nist.gov/vuln/detail/CVE-2019-18848 3 comments ruby
- WhatsApp flaw CVE-2019-11931 could be exploited to install spyware https://nvd.nist.gov/vuln/detail/cve-2019-11931 4 comments netsec
- How do you stay current on vulnerabilities https://nvd.nist.gov/ 13 comments sysadmin
- Alpine Linux Docker Image root User Hard-Coded Credential Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2019-5021 49 comments selfhosted
- Polkit privilege escalation for users with larger UIDs https://nvd.nist.gov/vuln/detail/cve-2018-19788 24 comments netsec
- CVE-2018-5390 - Linux kernel TCP Vulnerability https://nvd.nist.gov/vuln/detail/cve-2018-5390 8 comments linux
- Trying to remove local admin rights in my organization, needing "backup" https://nvd.nist.gov/800-53/Rev4/control/AC-6 60 comments sysadmin
- That "Systemd invalid username runs service as root" CVE has been assessed as 9.8 Critical https://nvd.nist.gov/vuln/detail/cve-2017-1000082#vulndescriptiontitle 201 comments linux
- CVE assigned for systemd username issue https://nvd.nist.gov/vuln/detail/cve-2017-1000082 112 comments linux
- UDP remote code execution in Linux <4.5 https://nvd.nist.gov/vuln/detail/cve-2016-10229 52 comments linux
- CVE-2016-10229 - Linux kernel (< 4.5) remote code execution via UDP recv() using MSG_PEEK flag https://nvd.nist.gov/vuln/detail/cve-2016-10229 5 comments netsec
Linking pages
- Software with the most vulnerabilities in 2015: Mac OS X, iOS, and Flash | VentureBeat http://venturebeat.com/2015/12/31/software-with-the-most-vulnerabilities-in-2015-mac-os-x-ios-and-flash/ 278 comments
- Why the World Needs a Software Bill Of Materials Now | by Dr. Sybe Izaak Rispens | Medium https://drrispens.medium.com/why-the-world-needs-a-software-bill-of-materials-now-5a565df65dff 136 comments
- GitHub - future-architect/vuls: Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices https://github.com/future-architect/vuls 67 comments
- PHP just grows & grows | Netcraft News http://news.netcraft.com/archives/2013/01/31/php-just-grows-grows.html 63 comments
- Top GitHub Apps You Should Know About - by DevOps Editorial https://devops.substack.com/p/top-github-apps-you-should-know-about 61 comments
- Huginn: An Open-Source, Self-Hosted IFTTT - DZone Web Dev https://dzone.com/articles/huginn-an-open-source-self-hosted-ifttt 52 comments
- XSS Attacks: The Next Wave | Snyk https://snyk.io/blog/xss-attacks-the-next-wave/ 43 comments
- Bogus CVE follow-ups | daniel.haxx.se https://daniel.haxx.se/blog/2023/09/05/bogus-cve-follow-ups/ 27 comments
- GitHub - opencve/opencve: CVE Alerting Platform https://github.com/opencve/opencve 22 comments
- GitHub - mikkolehtisalo/cvesync: CVE feed synchronization to issue management system https://github.com/mikkolehtisalo/cvesync 17 comments
- The Enchiridion of Impetus Exemplar https://shellsharks.com/threat-modeling 9 comments
- GitHub - Exein-io/kepler: NIST-based CVE lookup store and API powered by Rust. https://github.com/Exein-io/kepler 7 comments
- NVD makes up vulnerability severity levels | daniel.haxx.se https://daniel.haxx.se/blog/2023/03/06/nvd-makes-up-vulnerability-severity-levels/ 7 comments
- Chapter 9. Scanning the system for configuration compliance and vulnerabilities Red Hat Enterprise Linux 8 | Red Hat Customer Portal https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening 5 comments
- Apple, Linux, not Windows, most vulnerable operating systems in 2014 | CSO Online http://www.networkworld.com/article/2887240/microsoft-subnet/apple-linux-not-windows-most-vulnerable-operating-systems-in-2014-ie-wins-worst-app.html 5 comments
- Analyzing Docker Image Security. Docker containers are far less secure… | by Martin Heinz | Towards Data Science https://towardsdatascience.com/analyzing-docker-image-security-ed5cf7e93751 4 comments
- Apple's OS X and iOS were among the most vulnerable operating systems in 2014 | TechSpot http://www.techspot.com/news/59846-apple-os-x-ios-among-most-vulnerable-operating.html 4 comments
- best-practices-badge/criteria.md at main · coreinfrastructure/best-practices-badge · GitHub https://github.com/linuxfoundation/cii-best-practices-badge/blob/master/doc/criteria.md 4 comments
- SBOM 101 - All the questions you were afraid to ask Software Bill of Materials https://sysdig.com/blog/sbom-101-software-bill-of-materials/ 3 comments
- The Python Vulnerability Landscape | by Andrew Scott | Geek Culture | Medium https://medium.com/geekculture/the-python-vulnerability-landscape-3904494eec67 3 comments