OpenSCAP is a framework that provides tools for vulnerability assessment, measurement, and scanning. It was developed by the community for vulnerability management, and in addition to scanning the framework can
Common Vulnerabilities and Exposures is the catalog of known vulnerabilities, whereas Common Weakness Enumeration (CWE) is a list of various types of software and hardware weaknesses. Simply put, the CWE lists weaknesses that might lead to a vulnerability. CWE acts as a dictionary that enumerates ...
The severity level of a vulnerability is assigned based on the security risk posed to an organization should the vulnerability be exploited, as well as the degree of difficulty involved in exploiting it. The result of a successful attack by exploiting a vulnerability could vary from denial of ser...
A stack has a finite size and overflow to store input when it exceeds the stack size. Stack buffer overflow isn't necessarily a problem but a vulnerability that when exploited by a threat actor becomes a security issue. Heap-based buffer overflow attack The heap is a memory structure used t...
The discovery ofZenbleedwas relatively alarming, given that it’s a critical vulnerability in AMD’s Zen 2 microarchitecture. The vulnerability was discovered by Tavis Ormandy, a Google security researcher, who found that it could lead to the ...
The lookup function has an obvious vulnerability to a buffer overflow since the parameter n is not checked for negative values before use as array index. Negative values can cause an out-of-bounds array index, expose restricted information, or allow modification of the contents of a restricted ...
Heartbleed is probably the most widely publicized security vulnerability to date. It affected so many machines in the Internet domain (the OpenSSL package). And it had a potential direct impact on all of us. Heartbleed is an example of a buffer overread defect. This means that a malicious at...
Misconfiguration of applications in the cloud is a common security challenge, and it can be difficult to recognize right away because of the lack of visibility into cloud data. Misconfiguration of security tools, such as firewalls and access control, can also increase vulnerability to attack or dat...
When a new vulnerability is disclosed, it can be reported to MITRE (or one of the otherCVE Numbering Authorities), which can confirm the issue is real and assign it a CVE number. From that point on, the CVE number can be used as a cross-system identifier of the this flaw, allowing ...
OWASP XXE Vulnerability OWASP Cheat Sheet: XXE Prevention OWASP Cheat Sheet: XML Security CWE-611: Improper Restriction of XXE Billion Laughs Attack SAML Security XML External Entity Attack Detecting and exploiting XXE in SAML Interfaces 5. Broken Access Control Access control refers to the systems ...