CVE Archives - Help Net Security

CVE

57% of vulnerabilities in 2020 were classified as critical or high severity

February 17, 2021

NIST logged more than 18,000 vulnerabilities in 2020, over 10,000 of which were critical or high severity – an all-time high. Redscan’s analysis looks beyond severity scores, …

2020 vulnerability disclosures on track to exceed those from 2019

February 12, 2021

2020 vulnerability disclosures are on track to exceed 2019 despite a sharp decrease of 19.2% observed earlier in the year, according to Risk Based Security. The team …

2020 to reach vulnerability disclosure levels similar to those in 2019

December 10, 2020

The number of vulnerability disclosures is back on track to reach or bypass 2019 as we head into 2021, according to Risk Based Security. The team aggregated 17,129 …

Vulnerability reporting is returning to normal

August 28, 2020

Vulnerability reporting, still impacted by COVID-19, is beginning to return to normal, Risk Based Security reveals. Out of 11,121 vulnerabilities aggregated during the first …

Most ICS vulnerabilities disclosed this year can be exploited remotely

August 20, 2020

More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, highlighting the importance of protecting internet-facing ICS devices and …

2019 was a record year for OSS vulnerabilities

June 9, 2020

Total vulnerabilities in OSS more than doubled in 2019 from 421 Common Vulnerabilities and Exposures (CVEs) in 2018 to 968 last year, according to a RiskSense report. Top 10 …

Despite lower number of vulnerability disclosures, security teams have their work cut out for them

May 29, 2020

The number of vulnerabilities disclosed in Q1 2020 has decreased by 19.8% compared to Q1 2019, making this likely the only true dip observed within the last 10 years, Risk …

How secure are open source libraries?

May 21, 2020

Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a …

2020 cybersecurity risks: Insecure security tools, supply chains, abandonware

March 23, 2020

Considerable time and money are invested into looking for dangerous vulnerabilities in the most commonly used elements of IT infrastructure. Popular operating systems, …

For timely vulnerability information, unofficial sources are a better bet

June 7, 2017

From over 12,500 disclosed Common Vulnerabilities and Exposures (CVEs), more than 75% were publicly reported online before they were published to the NIST’s centralized …

MITRE offers temporary solution to the CVE assignment problem

March 18, 2016

MITRE’s short-term solution to the problem of slow CVE assignment is to set up an experimental system for issuing federated CVE IDs using a new format. “(…) …

Infosec pros point at problem with CVE system, offer alternative

March 11, 2016

For the last 17 years, the American not-for-profit MITRE Corporation has been editing and maintaining the list of Common Vulnerabilities and Exposures (CVEs). Researchers who …