CI Fuzz - Monthly Coffee Hour
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
April 2023
Code Intelligence Finds Vulnerability in MySQL JDBC Driver - CVE-2023-21971
Affected applications are at a higher risk of severe availability issues.
New Vulnerability in MySQL JDBC Driver: RCE and Unauthorized DB Access
We have found a new vulnerability in MySQL Connector/J (CVE-2023-21971). Oracle issued a critical path update that fixed the issue on April 18, 2023. The vulnerability was found as part of our collaboration with Google’s OSS-Fuzz.
CI DevSecOps Series - Level Up Your Tests
Building secure and reliable APIs is an essential and challenging endeavor. Traditional API testing approaches perform blackbox testing and test the application through the network. This is both slow and lacks deep insights into how the tested application handles API requests. Also, it happens late in the software development lifecycle as it requires a complete application deployment.
Code Intelligence Uncovers Another Expression Denial of Service Vulnerability in Spring - CVE-2023-20863
Affected applications are at a higher risk of severe availability issues.
Another Expression DoS Vulnerability Found in Spring - CVE-2023-20863
Just recently, our open-source fuzzing engine Jazzer found an Expression DoS vulnerability in Spring (CVE-2023-20861). Now, three weeks later, Jazzer found another similar Expression DoS in the Spring framework, labeled CVE-2023-20863. This new finding has an even higher CVSS score of 7.5 (high), compared to the previous finding which came in at 5.3 (medium).
CI Fuzz - Monthly Coffee Hour
Join us for a weekly chat about all things fuzzing, live demos, Q&A's, and more.
Integrating Fuzzing Into Automotive Security
Fuzz testing is a popular testing approach used to find bugs in C/C++ and embedded software, particularly memory corruptions. It has proven effective for identifying obscure bugs that are difficult to find through other testing methods. This testing approach is increasingly being adopted by automotive companies to comply with new security standards, save time, mitigate costs, and improve software quality. Let's have a look at how fuzzing is helping all of these automotive companies.