Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
F5 BIG-IP CVE-2022-1388 Explained: The iControl REST Authentication Bypass
CVE-2022-1388 is an authentication bypass in the F5 BIG-IP iControl REST interface that leads to unauthenticated remote code execution, rated CVSS 9.8. Here is the timeline, root cause, and patched versions.
Jenkins CLI Arbitrary File Read (CVE-2024-23897) Explained
CVE-2024-23897 turned a convenience feature in Jenkins' CLI argument parser into an arbitrary file read that can escalate to full RCE. Here's the mechanism and the fix.
VMware vCenter (CVE-2021-21985) Explained: The vSAN Plugin RCE
CVE-2021-21985 is a CVSS 9.8 unauthenticated RCE in VMware vCenter Server's vSAN Health plugin, enabled by default on every install. Here is how it works and the patched builds to run.
Confluence OGNL Injection (CVE-2022-26134) Explained
CVE-2022-26134 is a CVSS 9.8 unauthenticated OGNL injection in Atlassian Confluence, exploited as a zero-day before the patch. Here is how the flaw works and which versions fixed it.
Confluence CVE-2021-26084 Explained: The Webwork OGNL Injection RCE
CVE-2021-26084 is an unauthenticated OGNL injection in Confluence Server and Data Center that allows remote code execution, rated CVSS 9.8. Here is the timeline, root cause, detection, and patched versions.
GitLab Account Takeover via Password Reset (CVE-2023-7028) Explained
CVE-2023-7028 let attackers send GitLab password-reset links to an address they controlled — a zero-interaction account takeover scored 10.0. Here's the flaw and the fix.
MOVEit Transfer (CVE-2023-34362) Explained: The SQL Injection Behind the Cl0p Mass Breach
CVE-2023-34362 is a SQL injection in Progress MOVEit Transfer that let unauthenticated attackers reach the database and drop a web shell. Cl0p used it to breach thousands of organizations.
Shellshock (CVE-2014-6271) Explained: RCE Hiding in Bash Environment Variables
CVE-2014-6271, Shellshock, let attackers run commands by smuggling code into environment variables that Bash parsed as function definitions. Reachable over HTTP, DHCP, and SSH. Here is how.
Fastjson AutoType Bypass RCE (CVE-2022-25845) Explained
CVE-2022-25845 defeated Fastjson's autoType protection and reopened a deserialization RCE path. Here's how the bypass worked and how to lock the library down.
Follina (CVE-2022-30190) Explained: Code Execution From a Word Document With Macros Off
CVE-2022-30190, Follina, abused the Windows MSDT protocol handler so a Word document could run PowerShell — no macros, no enable-content click. Here is the ms-msdt mechanism.
FortiOS CVE-2024-21762 Explained: The SSL VPN Out-of-Bounds Write RCE
CVE-2024-21762 is a pre-authentication out-of-bounds write in the FortiOS SSL VPN daemon that allows remote code execution. Here is the timeline, root cause, detection, and the full list of fixed versions.
Baron Samedit (CVE-2021-3156) Explained: The Sudo Root Overflow
CVE-2021-3156, Baron Samedit, is a heap overflow in sudo that gives any local user root and hid in plain sight for nearly a decade. Here is the root cause, a one-line test, and the patched version.