CVE ALERT! OpenSSL CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows

After a week of speculation about OpenSSL vulnerabilities, the OpenSSL project disclosed two new CVEs to address buffer overrun vulnerabilities in its cryptographic library that could trigger crashes or lead to remote ...

The No-Fix Mediums? Not Having a High Priority Doesn’t Mean Low Danger

Development teams are using more and more open source component software every day. These components are developed and maintained outside of your organization, and are often analyzed by researchers and the software ...
Why Vulnerability Management Programs Need Visibility Into Over 300,000 Vulnerabilities

Why Vulnerability Management Programs Need Visibility Into Over 300,000 Vulnerabilities

Flashpoint has been identifying and collecting vulnerabilities as they become available—with VulnDB now covering over 300,000 vulnerabilities affecting all manners of IT, IoT, and third-party libraries and dependencies. The post Why Vulnerability ...

Tripwire Patch Priority Index for August 2022

| | CVE, Microsoft, PPI, VERT, Vulnerabilities
Tripwire’s August 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Outlook, and Excel that resolve 4 ...
How to Comply With the US Government’s Strict Software Requirements

How to Comply With the US Government’s Strict Software Requirements

We break down H.R. 7900, a well-intentioned but perhaps unrealistic bill that requires companies working with the DoD to provide a software bill of materials (SBOM) and patch all known vulnerabilities. The ...
How to Comply With the DoD’s Newer and Stricter Software Requirements

How to Comply With the DoD’s Newer and Stricter Software Requirements

We break down H.R. 7900, a well-intentioned but perhaps unrealistic bill that requires companies working with the DoD to provide a software bill of materials (SBOM) and patch all known vulnerabilities. The ...
CVE/NVD Failed to Report and Detail 27.3% of Vulnerabilities in 2022 H1

CVE/NVD Failed to Report and Detail 27.3% of Vulnerabilities in 2022 H1

Today, Flashpoint releases the State of Vulnerability Intelligence: 2022 Midyear Edition, a report designed to help organizations understand and properly contextualize the vulnerability landscape. The post CVE/NVD Failed to Report and Detail ...
CVE/NVD Failed to Report and Detail 27.3% of Vulnerabilities in 2022 H1

CVE/NVD Failed to Report and Detail 27.3% of Vulnerabilities in 2022 H1

Today, Flashpoint releases the State of Vulnerability Intelligence: 2022 Midyear Edition, a report designed to help organizations understand and properly contextualize the vulnerability landscape. The post CVE/NVD Failed to Report and Detail ...
JFrog OMI security vulnerability data breach

JFrog Discloses Config Vulnerability in Envoy Proxy Software

A security research team at JFrog, a provider of a continuous integration/continuous delivery (CI/CD) platform, has discovered a vulnerability in certain compression configurations of open source Envoy proxy software that can be ...
Security Boulevard
Imperva Customers are protected from Atlassian Confluence CVE-2022-26134

Imperva Customers are protected from Atlassian Confluence CVE-2022-26134

This is an evolving storyline. Last update: June 4, 2022. On June 2, 2022, Atlassian published a security advisory regarding a CVE for versions of Confluence Server and Data Center applications greater ...