CVE
CVE ALERT! OpenSSL CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
After a week of speculation about OpenSSL vulnerabilities, the OpenSSL project disclosed two new CVEs to address buffer overrun vulnerabilities in its cryptographic library that could trigger crashes or lead to remote ...
The No-Fix Mediums? Not Having a High Priority Doesn’t Mean Low Danger
Development teams are using more and more open source component software every day. These components are developed and maintained outside of your organization, and are often analyzed by researchers and the software ...

Why Vulnerability Management Programs Need Visibility Into Over 300,000 Vulnerabilities
Flashpoint has been identifying and collecting vulnerabilities as they become available—with VulnDB now covering over 300,000 vulnerabilities affecting all manners of IT, IoT, and third-party libraries and dependencies. The post Why Vulnerability ...
Tripwire Patch Priority Index for August 2022
Tripwire’s August 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Outlook, and Excel that resolve 4 ...

How to Comply With the US Government’s Strict Software Requirements
We break down H.R. 7900, a well-intentioned but perhaps unrealistic bill that requires companies working with the DoD to provide a software bill of materials (SBOM) and patch all known vulnerabilities. The ...

How to Comply With the DoD’s Newer and Stricter Software Requirements
We break down H.R. 7900, a well-intentioned but perhaps unrealistic bill that requires companies working with the DoD to provide a software bill of materials (SBOM) and patch all known vulnerabilities. The ...

CVE/NVD Failed to Report and Detail 27.3% of Vulnerabilities in 2022 H1
Today, Flashpoint releases the State of Vulnerability Intelligence: 2022 Midyear Edition, a report designed to help organizations understand and properly contextualize the vulnerability landscape. The post CVE/NVD Failed to Report and Detail ...

CVE/NVD Failed to Report and Detail 27.3% of Vulnerabilities in 2022 H1
Today, Flashpoint releases the State of Vulnerability Intelligence: 2022 Midyear Edition, a report designed to help organizations understand and properly contextualize the vulnerability landscape. The post CVE/NVD Failed to Report and Detail ...

JFrog Discloses Config Vulnerability in Envoy Proxy Software
A security research team at JFrog, a provider of a continuous integration/continuous delivery (CI/CD) platform, has discovered a vulnerability in certain compression configurations of open source Envoy proxy software that can be ...

Imperva Customers are protected from Atlassian Confluence CVE-2022-26134
This is an evolving storyline. Last update: June 4, 2022. On June 2, 2022, Atlassian published a security advisory regarding a CVE for versions of Confluence Server and Data Center applications greater ...