2013年7月20日 · An ID (eg : CVE-2020-1403) ; A description of the vulnerability ; A CVSS score (I will talk about it after) ; A CWE (the kind / family of vulnerability) ; A list of CPE (The impacted …

2014年7月23日 · The CWE List was created to better address those additional needs. CVE are akin to an inventory of traffic accidents while the CWE are analogous to the conditions (e.g. …

2020年6月9日 · CWE is a categorization system for vulnerability types, while CVE is a reference to a specific vulnerability. But a specific vulnerability can be references by a CVE and also be …

2018年6月6日 · The CAPEC schema contains a field - RelatedWeaknessesType or Related Weaknesses (version 3.0) which references one or more CWE ids related to the specific …

2017年7月6日 · In order to avoid Veracode CWE 117 vulnerability I have used a custom logger class which uses HtmlUtils.htmlEscape() function to mitigate the vulnerablity. Recommended …

2020年11月5日 · My question is on Cyber Threat Intelligence (CTI). I want to know the difference between Attack Patterns (as in MITRE CAPEC) and Tactics, Techniques and Procedures (as …

2020年11月4日 · test.c:xx: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). test.c:xx: [1] (buffer) read: Check buffer boundaries if …

2023年6月16日 · In this case, the finding in question is CVE-2016-20012, which is marked on the CVE database as **DISPUTED**. There are many CVEs like this. The vendor does not want …

2016年5月30日 · An alternative to vendor specific CVE API's is CIRCL's Common Vulnerabilities and Exposure Web Interface and API. Its web interface can be found at https://cve.circl.lu/ and …

2022年7月18日 · Ask questions, find answers and collaborate at work with Stack Overflow for Teams. Try Teams for free Explore Teams