Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
Shellshock Bash environment variable RCE (CVE-2014-6271)
A 2014 parsing flaw in Bash's function-export handling let attackers run arbitrary commands via environment variables — and it's still exploited today.
EternalBlue SMBv1 RCE (CVE-2017-0144)
EternalBlue (CVE-2017-0144) turned a Windows SMBv1 flaw into WannaCry and NotPetya. Here's the risk context, timeline, and fix.
BlueKeep RDP wormable RCE (CVE-2019-0708)
A deep dive into CVE-2019-0708 (BlueKeep), the wormable, pre-auth RDP RCE affecting legacy Windows — impact, timeline, and remediation steps.
CurveBall Windows CryptoAPI spoofing flaw (CVE-2020-0601)
CVE-2020-0601 (CurveBall) let attackers spoof trusted certificates via a Windows CryptoAPI flaw. Impact, timeline, and remediation steps inside.
Log4j JDBC Appender RCE (CVE-2021-44832)
CVE-2021-44832 lets attackers with logging-config write access achieve RCE via Log4j2's JDBC Appender — and Log4Shell fixes alone don't stop it.
Text4Shell Apache Commons Text RCE (CVE-2022-42889)
A deep dive into CVE-2022-42889 (Text4Shell): the Apache Commons Text RCE, its narrower real-world exploitability versus Log4Shell, and how to remediate it.
Trojan Source Unicode bidi-override attack (CVE-2021-42574)
CVE-2021-42574 (Trojan Source) lets Unicode bidi control characters hide malicious logic in plain sight during code review. Here's the full breakdown and fix.
OpenSSL punycode buffer overflow pair (CVE-2022-3602 / CVE-2022-3786)
A deep dive into CVE-2022-3602 and CVE-2022-3786, the OpenSSL punycode buffer overflow pair once dubbed "Heartbleed 2.0" — impact, timeline, and fixes.
Outlook NTLM hash leak zero-day (CVE-2023-23397)
A zero-click Outlook flaw let attackers steal NTLM hashes via crafted calendar reminders — exploited by APT28 for a year before patching. Here's what to do.
MOVEit Transfer SQL injection mass-exploitation (CVE-2023-34362)
CVE-2023-34362, the MOVEit Transfer SQL injection exploited by Cl0p, hit 2,600+ organizations. Impact, timeline, and remediation steps inside.
Apache OFBiz CVE-2024-38856 Pre-Auth RCE Analysis
CVE-2024-38856 is an unauthenticated RCE in Apache OFBiz that bypasses authentication via screen rendering. Exploit chain, detection, and patching.
systeminformation npm package command injection (CVE-2021-21315)
A critical command injection flaw in the systeminformation npm package (CVE-2021-21315) let attackers run OS commands via unsanitized shell calls. Here's the full breakdown.