Safeguard
Tag

remote-code-execution

Safeguard articles tagged "remote-code-execution" — guides, analysis, and best practices for software supply chain and application security.

55 articles

Vulnerability Analysis

CVE-2017-18342: Arbitrary code execution via PyYAML yaml....

CVE-2017-18342 lets attackers achieve remote code execution via PyYAML's yaml.load(), which deserialized untrusted YAML into live Python objects by default.

Oct 6, 20258 min read
Vulnerability Analysis

CVE-2018-11776: Remote code execution in Apache Struts2 v...

CVE-2018-11776 lets attackers achieve unauthenticated RCE in Apache Struts2 via crafted namespace/OGNL injection. Affected versions, timeline, and fixes.

Oct 1, 20257 min read
Vulnerability Analysis

CVE-2019-0230: OGNL remote code execution in Apache Struts2

CVE-2019-0230 lets attackers chain forced double OGNL evaluation in Struts2 tag attributes into remote code execution. Here's what's affected, the CVSS/EPSS context, and how to remediate it.

Oct 1, 20258 min read
Vulnerability Analysis

CVE-2020-17530: Forced OGNL evaluation RCE in Apache Struts2

CVE-2020-17530 lets attackers achieve unauthenticated RCE in Apache Struts2 via forced OGNL evaluation. Here's the scope, timeline, and how to remediate it.

Sep 30, 20257 min read
Vulnerability Analysis

CVE-2019-0232: Remote code execution in Apache Tomcat CGI...

CVE-2019-0232 lets attackers execute arbitrary commands on Windows-hosted Apache Tomcat via the CGI Servlet. Here's the CVSS 9.8 detail, affected versions, and fixes.

Sep 24, 20258 min read
Vulnerability Analysis

CVE-2022-1471: Remote code execution in SnakeYAML deseria...

CVE-2022-1471 exposes SnakeYAML deserialization to remote code execution. Here is what is affected, CVSS context, and how to remediate the flaw.

Sep 23, 20257 min read
Vulnerability Analysis

CVE-2016-1000027: Remote code execution via Spring HttpIn...

A decade-old flaw in Spring's HttpInvokerServiceExporter enables unauthenticated RCE via Java deserialization. Severity, timeline, and remediation for CVE-2016-1000027.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2018-1270: Remote code execution in Spring Messaging ...

CVE-2018-1270 is a critical, unauthenticated RCE in Spring Messaging's STOMP-over-WebSocket support. Here's what's affected, how severe it is, and how to remediate it.

Sep 22, 20257 min read
Vulnerability Analysis

CVE-2016-4977: Remote code execution in Spring Security O...

CVE-2016-4977 let attackers achieve remote code execution against Spring Security OAuth's whitelabel views via SpEL injection. Here's what shipped, why, and how to fix it.

Sep 21, 20258 min read
Vulnerability Analysis

CVE-2019-0815: Remote code execution in .NET Core

CVE-2019-0815 is a Microsoft-disclosed remote code execution flaw in .NET Core. Here's what we know about impact, remediation, and supply chain risk.

Sep 20, 20258 min read
Vulnerability Analysis

CVE-2019-0980: .NET Core remote code execution via crafte...

CVE-2019-0980 lets attackers run arbitrary code via a crafted document that abuses how .NET Framework and .NET Core process untrusted input.

Sep 20, 20258 min read
Vulnerability Analysis

CVE-2019-0981: .NET Core remote code execution (second va...

CVE-2019-0981, the second variant of the April 2019 .NET Core RCE pair, let attackers run arbitrary code via a malicious file. Here's what to patch and why.

Sep 20, 20257 min read
remote-code-execution (Page 4) — Safeguard Blog