Highest Voted 'vulnerability-management' Questions

0

votes

1 answer

Server vulnerability scanning

How can I discover server vulnerabilities without using a scanning software such as openVas? is there any manual ways or steps to follow to assure server security. Thanks in advance

asked Aug 16 '18 at 07:06

user181612

0

votes

3 answers

Is it recommended to patch announced vulnerability for unused services or features?

Sometimes vendors announce software upgrade to patch some discovered vulnerability in some feature or service which is not enabled in your system. Is it recommended to upgrade your software although you are theoretically not affected by?

vulnerability known-vulnerabilities incident-response patching vulnerability-management

asked Oct 25 '17 at 08:24

Mr.lock

345
5
14

0

votes

1 answer

Are CVE identifiers assigned for proprietary software packages?

If I find a vulnerability while using a proprietary software package can I request a CVE identifier. Or rather vulnerabilities in proprietary software packages are a matter of me reporting issue to vendor and vendor looking into it?

vulnerability cve vulnerability-management

asked Aug 30 '17 at 13:40

sob

215
2
10

0

votes

4 answers

Where can I find real life examples of software vulnerabilities in OSS?

I am looking for a repository of real life vulnerabilities (in this specific situation, buffer overflows in C & C++) that have been detected in open source software. Ideally it would show exactly where in the code the vulnerabilities have occurred…

known-vulnerabilities cve vulnerability-management

asked May 15 '16 at 10:02

user1116933

101
1

-1

votes

2 answers

Which database is used by npm-audit

you probably know the npm-audit tool which informs you about vulns in your node.js projects dependencies. I'd like to know what database npm-audit is using and how I get access to this data. Thank you :)

vulnerability node.js vulnerability-management npm

asked Jul 13 '19 at 15:39

pinas

161
8

-1

votes

1 answer

Can browser emulation create vulnerabilities?

If a browser is not authorized on a network, can browser emulation within an authorized browser create vulnerabilities? For instance, Chrome is unauthorized but if I run IE, press F12 to get into Developer mode, and then have it emulate Chrome, will…

risk-management threat-mitigation risk-analysis vulnerability-management

asked Jun 15 '17 at 13:28

Rincewind

209
1
2
5

-2

votes

1 answer

Why is MITRE not changing CVE entries that are clearly incorrect?

Why is MITRE not changing some CVE entries that are clearly wrong? I have deeply analysed and highly tested some specific vulnerabilities. The CVE reports of them are in some cases inconsistent, incorrect or even registered to one CPE while I…

vulnerability cve vulnerability-management

asked Jun 26 '16 at 23:10

Bob Ortiz

6,234
8
43
90

Questions tagged [vulnerability-management]

Server vulnerability scanning

Is it recommended to patch announced vulnerability for unused services or features?

Are CVE identifiers assigned for proprietary software packages?

Where can I find real life examples of software vulnerabilities in OSS?

Which database is used by npm-audit

Can browser emulation create vulnerabilities?

Why is MITRE not changing CVE entries that are clearly incorrect?