Hi, we have received notifications for the following vulnerabilities and related CVE's:
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Apache Struts Could Allow for Remote Code Execution
But could not find the CVE's in the Threat Vault. Would like to understand how PaloAlto determines which CVE's should be included in the Threat Updates.
some CVE may not have identifiable factors in the network packets: there may be legitimate packets that are able to buffer overflow a certain vulnerable version of client/server but are not malicious in nature, or they may not have been disclosed publicly yet
i've tried to review these CVE but they are marked as reserved on mitre, I then tried tracing the original bug bt I don't appear to have access to chromium bugs 😉
My assumption is these have not been disclosed yet, to allow google to fix the bugs
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!