(www.bleepingcomputer.com)

174 points andy99 | 2 comments | 06 Apr 25 17:21 UTC | HN request time: 0.002s | source

Show context

nikanj ◴[06 Apr 25 18:18 UTC] No.43603575[source]▶

"Maximum severity RCE" no longer means "unauthenticated RCE by any actor", it now means "the vulnerability can only be exploited if a malicious file is imported"

Grumbling about CVE inflation

replies(3): >>43603718 #>>43604364 #>>43604433 #

1. tptacek ◴[06 Apr 25 19:57 UTC] No.43604433[source]▶

>>43603575 #

There's no such thing as CVE inflation because CVEs don't have scores. You're grumbling about CVSS inflation. But: CVSS has always been flawed, and never should have been taken seriously.

replies(1): >>43609370 #

2. sean_flanigan ◴[07 Apr 25 09:08 UTC] No.43609370[source]▶

>>43604433 (TP) #

Those CVE numbers go up every year… Sounds like inflation to me! ;-)

↑

Max severity RCE flaw discovered in widely used Apache Parquet