Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

Windows LDAP LSASS CVE-2024-49113 (LDAPNightmare)

CVE-2024-49113 crashes LSASS over LDAP referrals and pairs with CVE-2024-49112 for RCE. Exploit chain, detection, and domain controller hardening.

Jan 25, 20267 min read
Vulnerability Analysis

Spring4Shell Retrospective: What CVE-2022-22965 Actually Cost the Industry

Spring4Shell was hyped as the next Log4Shell and turned out to be neither as broad nor as harmless as the early coverage suggested. A 2026 look back at the real numbers.

Jan 22, 20265 min read
Vulnerability Analysis

Log4Shell (CVE-2021-44228) and the supply chain lessons o...

A Log4Shell CVE-2021-44228 analysis covering the JNDI lookup flaw, CVSS 10.0 severity, KEV status, patch timeline, remediation steps, and the transitive dependency lessons it taught.

Jan 22, 20268 min read
Vulnerability Analysis

Spring4Shell (CVE-2022-22965): root cause and remote code...

Spring4Shell (CVE-2022-22965) let attackers manipulate Java class loaders via Spring data binding to achieve RCE on Tomcat-deployed apps. Root cause, timeline, and fixes.

Jan 22, 20269 min read
Vulnerability Analysis

Veeam Backup CVE-2024-40711 Unauth RCE Walkthrough

CVE-2024-40711 is a critical unauth RCE in Veeam Backup & Replication. Deserialization flaw, exploit chain, and ransomware operator abuse.

Jan 21, 20267 min read
Vulnerability Analysis

What is a Vulnerability Database

CVE, NVD, OSV, GHSA, KEV — vulnerability databases power every scanner's severity score. Here's how they're built, enriched, and where they fall short.

Jan 20, 20266 min read
Vulnerability Analysis

Log4Shell RCE in Apache Log4j (CVE-2021-44228)

A deep dive into CVE-2021-44228 (Log4Shell): the critical Log4j RCE vulnerability, its timeline, affected versions, and concrete remediation steps.

Jan 19, 20267 min read
Vulnerability Analysis

Apache Struts2 RCE behind the Equifax breach (CVE-2017-5638)

CVE-2017-5638, the Apache Struts2 RCE behind the Equifax breach, exposed 147.9M records. Here's the flaw, timeline, and how to remediate it.

Jan 19, 20267 min read
Vulnerability Analysis

Heartbleed OpenSSL memory disclosure (CVE-2014-0160)

Heartbleed (CVE-2014-0160) let attackers silently read server memory over TLS. Here's the impact, timeline, remediation, and how to detect lingering exposure today.

Jan 19, 20268 min read
Vulnerability Analysis

Sudo Baron Samedit heap overflow (CVE-2021-3156)

A decade-old sudo heap overflow, CVE-2021-3156 (Baron Samedit), let any local user gain root. Here's what's affected and how to fix it.

Jan 18, 20267 min read
Vulnerability Analysis

Spring4Shell RCE in Spring Framework (CVE-2022-22965)

A deep dive into CVE-2022-22965 (Spring4Shell): the critical Spring Framework RCE, its exploitation chain, timeline, and how to remediate it fast.

Jan 18, 20267 min read
Vulnerability Analysis

Log4j second RCE bypass (CVE-2021-45046)

The Log4j 2.15.0 patch for Log4Shell was incomplete. CVE-2021-45046 shows how attackers bypassed it to achieve remote code execution.

Jan 18, 20267 min read
Vulnerability Analysis (Page 15) — Supply Chain Security Blog | Safeguard