Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

Spring4Shell (CVE-2022-22965) Explained: RCE Through Spring Data Binding

CVE-2022-22965, Spring4Shell, let attackers write a JSP web shell to Spring MVC apps on JDK 9+ by abusing data binding. Here is the ClassLoader trick and the exact conditions required.

Jul 2, 20265 min read
Vulnerability Analysis

Log4j Log4Shell vulnerability explained CVE-2021-44228

Log4Shell (CVE-2021-44228) let attackers gain RCE via a single logged string. Here's the CVSS/EPSS/KEV context, timeline, and how to remediate it.

Jul 2, 20267 min read
Vulnerability Analysis

ActiveMQ CVE-2023-46604 Explained: The OpenWire Deserialization RCE

CVE-2023-46604 is an unauthenticated remote code execution flaw in Apache ActiveMQ's OpenWire protocol, rated CVSS 10.0. Here is how it works, how ransomware crews weaponized it, and how to remediate.

Jul 1, 20265 min read
Vulnerability Analysis

EternalBlue (CVE-2017-0144) Explained: The SMBv1 Flaw Behind WannaCry

CVE-2017-0144 is the SMBv1 remote code execution bug that powered WannaCry and NotPetya. Here is how the EternalBlue exploit works, why it spread, and how to stay clear of it today.

Jul 1, 20266 min read
Vulnerability Analysis

Ghostcat: Apache Tomcat AJP File Read and RCE (CVE-2020-1938) Explained

CVE-2020-1938 turned Tomcat's default AJP connector into a file-disclosure and RCE primitive. Here's how the request-attribute abuse works and how to shut it down.

Jul 1, 20266 min read
Vulnerability Analysis

GitLab ExifTool RCE (CVE-2021-22205) Explained

An unauthenticated attacker could run code on a GitLab server just by uploading an image. The bug was not in GitLab at all — it was in ExifTool. Here is the full story.

Jul 1, 20265 min read
Vulnerability Analysis

Heartbleed (CVE-2014-0160) Explained: When OpenSSL Leaked Memory to Anyone

CVE-2014-0160, Heartbleed, let remote attackers read up to 64KB of an OpenSSL server's memory per request — private keys, sessions, passwords. Here is the missing bounds check that caused it.

Jul 1, 20266 min read
Vulnerability Analysis

HTTP/2 Rapid Reset (CVE-2023-44487) Explained

A protocol-level flaw in HTTP/2 turned a normal feature into the largest DDoS attacks ever recorded. Here is how Rapid Reset works and which library versions fix it.

Jul 1, 20266 min read
Vulnerability Analysis

ProxyLogon (CVE-2021-26855) Explained: The Exchange SSRF That Opened a Pre-Auth Door

CVE-2021-26855, ProxyLogon, is a server-side request forgery in Microsoft Exchange that let unauthenticated attackers impersonate the server — the first link in a chain to full remote code execution.

Jul 1, 20265 min read
Vulnerability Analysis

PwnKit (CVE-2021-4034) Explained: Root From a 12-Year-Old Polkit Bug

CVE-2021-4034, aka PwnKit, is a memory-corruption flaw in polkit's pkexec that gives any local user reliable root on nearly every Linux distribution. Here is how it works and how to close it.

Jul 1, 20265 min read
Vulnerability Analysis

Inside the GitHub Advisory Database: how vulnerability re...

How vulnerability records actually get into the GitHub Advisory Database — curation, CNA status, GHAS enrichment, and the gaps in severity and version data teams should watch for.

Jul 1, 20267 min read
Vulnerability Analysis

Cybersecurity Research Center (CyRC): vulnerability resea...

What is Black Duck's CyRC, how does it research and disclose vulnerabilities, and where do its coverage gaps leave your open source supply chain exposed?

Jun 10, 20267 min read
Vulnerability Analysis (Page 4) — Supply Chain Security Blog | Safeguard