remote-code-execution
Safeguard articles tagged "remote-code-execution" — guides, analysis, and best practices for software supply chain and application security.
55 articles
CVE-2023-29331: Remote code execution in .NET via crafted...
CVE-2023-29331 lets a crafted .NET assembly trigger remote code execution during loading. Here's what's affected, the severity context, and how to remediate it.
CUPS Vulnerability Chain: Remote Code Execution via Linux Printing
A chain of vulnerabilities in the CUPS printing system allows unauthenticated attackers to achieve remote code execution on Linux systems by exploiting how printers are discovered and configured.
regreSSHion: CVE-2024-6387 OpenSSH Remote Code Execution
A regression in OpenSSH's signal handler reintroduced a vulnerability from 2006, enabling unauthenticated remote code execution on glibc-based Linux systems. Here's what you need to know.
The SnakeYAML Deserialization Vulnerability, Explained
SnakeYAML's default Constructor could instantiate arbitrary Java classes from YAML input — CVE-2022-1471 turned a config-parsing library into a remote code execution path.
Insecure Deserialization: Why Untrusted Data Should Never Become Objects
Deserialization vulnerabilities turn data into code execution. Here is how they work, which languages are most affected, and how to defend against them.
Citrix NetScaler Zero-Day CVE-2023-3519: Mass Exploitation in the Wild
CVE-2023-3519 allowed unauthenticated remote code execution on Citrix NetScaler ADC and Gateway devices, leading to widespread exploitation and CISA emergency directives.
Shellshock, Five Years On: The Lessons That Stuck
Five years after CVE-2014-6271, Shellshock remains the clearest case study in how one interpreter bug becomes thousands of downstream holes.