Safeguard
Tag

rce

Safeguard articles tagged "rce" — guides, analysis, and best practices for software supply chain and application security.

80 articles

Application Security

Inside the Qinglong Scheduler RCE: How Two Auth Bugs Became a Cryptomining Campaign

Two chainable auth-bypass bugs in the Qinglong task scheduler let attackers skip login entirely and mine crypto on victim CPUs — in the wild before a patch existed.

Jul 16, 20265 min read
Application Security

Why Node.js's vm module is not a security sandbox

Node's own docs warn the vm module isn't a security mechanism — vm2, built on top of it, still shipped two CVSS 9.8 sandbox escapes in 2023.

Jul 14, 20266 min read
Application Security

Java deserialization gadget chains explained

One 2015 talk and a tool called ysoserial turned ordinary Java libraries into remote code execution chains — here's how gadget chains work and how to stop them.

Jul 13, 20266 min read
Vulnerability Management

CVE-2022-33980: Interpolation-Based RCE in Apache Commons Configuration

A CVSS 9.8 flaw in Apache Commons Configuration 2.4–2.7 let default interpolators run script-engine expressions from untrusted config strings.

Jul 11, 20267 min read
Security Guides

Insecure Deserialization in .NET: BinaryFormatter and Beyond

Why insecure deserialization is a remote-code-execution risk in .NET, what changed with BinaryFormatter's removal in .NET 9, and the dangerous JSON.NET settings still in the wild.

Jul 8, 20265 min read
Vulnerability Analysis

Ghostscript (CVE-2023-36664) Explained: Command Injection via Pipe Devices

CVE-2023-36664 let a crafted PostScript or EPS file run system commands through Ghostscript's mishandling of pipe device filenames. Because Ghostscript hides behind image tools, the blast radius was wide.

Jul 8, 20266 min read
Vulnerability Analysis

PHP-CGI Argument Injection RCE on Windows (CVE-2024-4577) Explained

CVE-2024-4577 revived a decade-old PHP-CGI flaw through a Windows Unicode 'best-fit' quirk, yielding unauthenticated RCE. Here's the mechanism and the patched versions.

Jul 8, 20265 min read
Vulnerability Management

CVE-2022-1471: Inside the SnakeYaml Deserialization RCE

CVE-2022-1471 scored 9.8 CRITICAL under NIST's CVSS calculation — a single YAML tag could hand attackers remote code execution in any Java app parsing untrusted input.

Jul 8, 20265 min read
Vulnerability Management

How task-scheduler RCEs become cryptomining botnets

Two chained Apache Airflow CVEs and a Rundeck YAML deserialization bug show how scheduler tools turn one flaw into unauthenticated RCE and persistent mining.

Jul 8, 20266 min read
Vulnerability Analysis

regreSSHion (CVE-2024-6387) Explained: A Signal-Handler Race That Reopened an Old OpenSSH RCE

CVE-2024-6387, regreSSHion, is an unauthenticated remote code execution flaw in OpenSSH's sshd caused by a signal-handler race — a regression of a bug fixed back in 2006.

Jul 7, 20266 min read
Vulnerability Analysis

Text4Shell (CVE-2022-42889) Explained: RCE in Apache Commons Text Interpolation

CVE-2022-42889, Text4Shell, let attackers run code through Apache Commons Text's string interpolation when apps passed untrusted input to StringSubstitutor. Here is the flaw and why it was narrower than feared.

Jul 7, 20265 min read
Application Security

Apache Struts and the recurring pattern of path-traversal and RCE bugs

Equifax lost data on 147 million people to one unpatched Struts CVE in 2017 — and the same class of bug resurfaced in Struts as recently as December 2023.

Jul 7, 20266 min read
rce — Safeguard Blog