IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [vulnerability-management]

67 questions
1
vote
2 answers

How does Server-side Handle the same multiple requests at the same time?

According this YouTube video: https://www.youtube.com/watch?v=oIkhgagvrjI&feature=youtu.be&t=7m19s YouTube Videos views are frozen at 300 until they're verified, sometimes at 301 or even up to 310 due to multiple same requests at the same time. in…
user111609
0
votes
0 answers

Vulnerability: Standalone Library vs. Same Code Elsewhere

Are libraries inherently more vulnerable than in-house application code? The speaker of this talk generally advises folks against creating wrapper libraries for Erlang in Elixir rather than just writing the code in Erlang. One of the reasons he…
stk1234
  • 142
  • 5
0
votes
1 answer

Security for a Windows application running in a corporate network

I know security is pretty important for the web application, but what about windows applications running in a corporate environment, network, not accessible from outside. Do we need to treat security issues as "high" there, or because that is…
Yaplex
  • 101
  • 2
0
votes
1 answer

How to manage my vulnerability scan reports efficiently

My company uses multiple tools for vulnerability scanning. We have Nessus Pro for network scanning, White Source Bolt and GitHub Dependabot for dependencies, and SonarQube for source code, and Burp Suite Pro for web applications. These make us very…
Toan Ha
  • 29
  • 2
0
votes
2 answers

Manually Validating Vulnerabilities from a Vulnerability Scan

How do you manually validate vulnerabilities from a vulnerability scan or a vulnerability release from a vendor? Say you received a report with a high vulnerability. The vulnerability scanner used a version check of the header. If there are no…
brad_huntington
  • 1
0
votes
2 answers

Is OpenLDAP version 2.4.24 at risk and what site should I check for known vulnerabilities with the used version?

We use OpenLDAP version 2.4.24 $ /usr/local/libexec/slapd -VV @(#) $OpenLDAP: slapd 2.4.24 (Mar 5 2011 06:36:43) $ steve@sunblade2500:/bigdisk/SOURCES/S10/openldap-2.4.24/servers/slapd OpenLDAP version 2.4.33 is currently available…
Sybil
  • 1,435
  • 2
  • 15
  • 29
0
votes
0 answers

Chrome Vulnerabilities are detected in vulnerability scan even after upgraded with latest versions

Had few chrome vulnerabilities [CVE-2020-6420] detected by BI(Retina). Upgraded the affected machines to chrome version 84.0.4147.89. After re-scan still the same vulnerabilities are detected. Anyone experienced it before ? please help to resolve
GMtech
  • 1
0
votes
3 answers

Vulnerability management benchmarks

Despite the continuous effort in our company to resolve vulnerabilities, we are still reporting a significant number of vulnerabilities after each scan we perform. We would like to understand if there are industry benchmarks or ratios, like number…
Satrapa
  • 1
0
votes
2 answers

How Vulnerability scanners assign CVE codes to Vulnerability found

I just want to know how CVE codes are assigned by the vulnerability scanners, while it found the particular vulnerability.
Ezekiel Kottarathil
  • 9
  • 1
0
votes
0 answers

How to check security and other updates avaliable on linux distro automaticaly?

Let suppose we have network of 10 plus Linux machines having different distro (debian, Centos , Redhat and Arch etc ). Can we implement some centralized system where we have update about update on all of these machines(there could be security ,…
Usman Ali Maan
  • 111
  • 2
0
votes
1 answer

What is the difference when scanning external IP's from my LAN vs cloud/external scanner?

Im concerned if I am scanning effectively. When I scan our external IP's with the scanner on my laptop the packets are leaving my network through my firewall and routing across the internet to hit my public IP's. If this can be done why would I…
errMSG
  • 177
  • 2
  • 10
0
votes
0 answers

Determining clients connecting to IIS using CBC ciphers. (preparing for Lucky13 remediation)

I am trying to determine the impact of re-mediating a lucky 13 vulnerability; which i understand requires disabling CBC cipher modes. So far i have added custom logging to my IIS instance to capture and translate the algorithms that clients are…
MaCuban
  • 1
0
votes
0 answers

Can I get hold of malicious npm packages?

the npm advisories site lists quite a lot of malicious packages which - in my understanding - are not packages with vulnerabilities but malicious per se. These packages were removed from the npm repo for good reason, but is there a possibility to…
pinas
  • 161
  • 8
0
votes
1 answer

Can a CVE be removed from NVD database?

Normally, CVEs are added to the NVD CVE database and never removed. But can a CVE ID just disappear from the database after being there for a while? (Maybe because the entry was a complete mistake, or by whatever else reason.) NVD description…
Konstantin Shemyak
  • 639
  • 5
  • 12
0
votes
0 answers

Can OpenVAS do a scan on a scanner device?

I know OpenVAS can scan printers with just tweaking some scan configuration. I try to scan a scanner device but I only get one result which is OS Detection Consolidation and Reporting. I have an Epson Scanner for reference. Are there any settings…
Finn
  • 13
  • 5
1 2 3
4
5