Apache Superset, a data exploration and visualization platform that helps users build and visualize interactive dashboards, has been recently found vulnerable to an insecure default configuration issue. A recent vulnerability discovered in Apache Superset, CVE-2023-27524, has the potential to allow attackers to remotely execute code on vulnerable systems. In this post, we’ll discuss what CVE-2023-27524… Continue reading CVE-2023-27524 in Apache Superset: what you need to know
Note on CVE-2021-44228 and CVE-2021-45046: On December 14, 2021, Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). Fortunately, the solutions described below address both CVE-2021-44228 and CVE-2021-45046, without the need to… Continue reading Log4shell Mitigation Actions | How to fix CVE-2021-44228 in Production Environments
Note on Log4shell: On December 14, 2021 Apache foundation released a new advisory for patching new CVE-2021-45046. This new security advisory instructs Log4j users to update their libraries’ versions to either 2.16.0 or 2.12.2 (depends on the Java version). If you are about to follow the vendors’ advisories and update your product – great –… Continue reading CVE-2021-44228: How to fix the critical zero day Log4shell vulnerability
However you flip the number of recorded vulnerabilities in a given year, the number is at once humbling and noteworthy. We know that both actions – remediating all vulnerabilities and prioritizing a high-severity security flaw in a little-used, low-value system over a medium-severity security hole in a mission-critical system – leave your company’s most important… Continue reading Looking Back – The Top Vulnerabilities of 2018