Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

The XZ Utils Backdoor (CVE-2024-3094) Explained: A Near-Miss Supply Chain Catastrophe

CVE-2024-3094 was a deliberately planted backdoor in xz-utils 5.6.0/5.6.1 targeting sshd. It was caught by a 500ms delay one engineer refused to ignore. Here is how the attack worked.

Jul 4, 20266 min read
Vulnerability Analysis

Cisco IOS XE CVE-2023-20198 Explained: The Web UI Privilege Escalation Zero-Day

CVE-2023-20198 is an unauthenticated privilege escalation in the Cisco IOS XE Web UI, rated CVSS 10.0, that let attackers implant tens of thousands of devices in days. Here is how it worked and how to remediate.

Jul 3, 20266 min read
Vulnerability Analysis

Drupalgeddon2 (CVE-2018-7600) Explained: Drupal's Form API RCE

CVE-2018-7600, known as Drupalgeddon2, is a CVSS 9.8 unauthenticated remote code execution flaw in Drupal core's Form API. Here is how the renderable-array bug works and which versions to run.

Jul 3, 20266 min read
Vulnerability Analysis

Jackson-databind Polymorphic Deserialization Gadget (CVE-2019-12384) Explained

CVE-2019-12384 chained a logback gadget with H2's RUNSCRIPT to turn default typing into code execution. Here's the mechanism, the classpath caveat, and how to fix it for good.

Jul 3, 20265 min read
Vulnerability Analysis

PrintNightmare (CVE-2021-34527) Explained: When the Windows Print Spooler Ran Code as SYSTEM

CVE-2021-34527, PrintNightmare, let an authenticated attacker load a malicious printer driver through the Windows Print Spooler and execute code as SYSTEM — locally or across a domain.

Jul 3, 20265 min read
Vulnerability Analysis

WebP (CVE-2023-4863) Explained: The libwebp Heap Overflow That Patched the Web

CVE-2023-4863 was an actively exploited heap buffer overflow in libwebp's Huffman decoder. Because the codec is vendored everywhere, one bug forced emergency patches across browsers and apps.

Jul 3, 20266 min read
Vulnerability Analysis

GitHub Advisory Database: 30,000+ curated advisories beyo...

GitHub's Advisory Database curates 30,000+ entries beyond raw CVE data. Here's what it actually covers, where GHAS inherits its limits, and where correlation across sources closes the gaps.

Jul 3, 20267 min read
Vulnerability Analysis

Apache Struts (CVE-2017-5638) Explained: The OGNL Header That Breached Equifax

CVE-2017-5638 let attackers run commands on Apache Struts 2 servers through a crafted Content-Type header. It is the unpatched flaw behind the Equifax breach. Here is the OGNL mechanism.

Jul 2, 20265 min read
Vulnerability Analysis

BlueKeep (CVE-2019-0708) Explained: The Wormable RDP Vulnerability

CVE-2019-0708, known as BlueKeep, is a pre-authentication use-after-free in Windows Remote Desktop Services rated CVSS 9.8. Here is how it works and why Microsoft patched Windows XP to fix it.

Jul 2, 20266 min read
Vulnerability Analysis

PaperCut CVE-2023-27350 Explained: Auth Bypass to Unauthenticated RCE

CVE-2023-27350 is an authentication bypass in PaperCut MF and NG that hands an attacker admin access and remote code execution, rated CVSS 9.8. Here is the timeline, root cause, and how to remediate.

Jul 2, 20265 min read
Vulnerability Analysis

ProxyShell (CVE-2021-34473) Explained: The Exchange Path Confusion Behind a Pre-Auth RCE Chain

CVE-2021-34473 is the path-confusion flaw at the head of ProxyShell — a three-bug Microsoft Exchange chain that took unauthenticated attackers all the way to remote code execution.

Jul 2, 20265 min read
Vulnerability Analysis

Zerologon: The Netlogon Cryptographic Flaw (CVE-2020-1472) Explained

CVE-2020-1472 let an unauthenticated attacker seize a domain controller in seconds by exploiting an all-zero AES-CFB8 initialization vector. Here's the real mechanism and the fix.

Jul 2, 20266 min read
Vulnerability Analysis (Page 3) — Supply Chain Security Blog | Safeguard