Vulnerability Analysis
In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.
568 articles
PaperCut CVE-2023-27350: When Print Management Software Becomes a Ransomware Gateway
CVE-2023-27350 in PaperCut NG/MF allowed unauthenticated RCE through the print management server. Cl0p and LockBit ransomware groups jumped on it within days.
Fortinet FortiProxy CVE-2023-25610: Buffer Underwrite in Network Security Infrastructure
CVE-2023-25610 allowed unauthenticated RCE on FortiOS and FortiProxy through a buffer underwrite vulnerability. Another critical flaw in perimeter security appliances.
Jira Service Management CVE-2023-22501: Broken Authentication Exposes Enterprise Workflows
A critical authentication vulnerability in Jira Service Management allowed attackers to impersonate users and gain access to sensitive service desk instances. The flaw bypassed email verification controls.
Log4j One Year Later: What We Learned and What We Didn't Fix
A year after Log4Shell shook the internet, many organizations still had vulnerable instances. Here's what the anniversary revealed about our industry.
FortiGate SSL-VPN Zero-Day (CVE-2022-42475): How a Heap Overflow Gave Attackers the Keys
A heap-based buffer overflow in Fortinet's SSL-VPN was actively exploited before disclosure. State-sponsored actors used it to deploy custom implants on critical infrastructure.
GitHub Code Signing Bypass: When the Trust Anchor Fails
A vulnerability in GitHub's commit signature verification allowed attackers to forge signed commits. The flaw undermined the integrity guarantees that code signing is supposed to provide.
OpenSSL CVE-2022-3602: The Critical That Wasn't (But Still Matters)
OpenSSL pre-announced a critical vulnerability that was later downgraded to high severity. The incident revealed as much about our processes as the bug itself.
Text4Shell (CVE-2022-42889): Apache Commons Text and the Haunting Echo of Log4Shell
A critical RCE vulnerability in Apache Commons Text drew immediate comparisons to Log4Shell. While less severe in practice, it highlighted how deeply embedded utility libraries create systemic risk.
GitLab Critical RCE (CVE-2022-2884): Remote Code Execution via GitHub Import
A critical vulnerability in GitLab's GitHub import feature allowed authenticated attackers to execute arbitrary code on the server. The flaw highlighted risks in platform migration features.
Atlassian Questions for Confluence CVE-2022-26138: A Hardcoded Password That Gave Away the Keys
CVE-2022-26138 exposed a hardcoded password in the Questions for Confluence app, granting unauthenticated access to Confluence data. A preventable disaster.
Retbleed: The Spectre Variant That Haunts Modern CPUs (CVE-2022-29900)
Retbleed exploits return instructions to bypass Spectre mitigations on AMD and Intel processors. Here's what it means for your infrastructure.
Follina (CVE-2022-30190): The Microsoft Zero-Day That Bypassed Macro Protections
A Word document, no macros enabled, and full remote code execution. Follina exploited the Microsoft Support Diagnostic Tool via ms-msdt protocol handlers, rendering years of macro-blocking defenses irrelevant.