vulnerability-analysis
Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.
360 articles
Spring4Shell (CVE-2022-22965): root cause and remote code...
Spring4Shell (CVE-2022-22965) let attackers manipulate Java class loaders via Spring data binding to achieve RCE on Tomcat-deployed apps. Root cause, timeline, and fixes.
Veeam Backup CVE-2024-40711 Unauth RCE Walkthrough
CVE-2024-40711 is a critical unauth RCE in Veeam Backup & Replication. Deserialization flaw, exploit chain, and ransomware operator abuse.
What is a Vulnerability Database
CVE, NVD, OSV, GHSA, KEV — vulnerability databases power every scanner's severity score. Here's how they're built, enriched, and where they fall short.
Log4Shell RCE in Apache Log4j (CVE-2021-44228)
A deep dive into CVE-2021-44228 (Log4Shell): the critical Log4j RCE vulnerability, its timeline, affected versions, and concrete remediation steps.
Apache Struts2 RCE behind the Equifax breach (CVE-2017-5638)
CVE-2017-5638, the Apache Struts2 RCE behind the Equifax breach, exposed 147.9M records. Here's the flaw, timeline, and how to remediate it.
Heartbleed OpenSSL memory disclosure (CVE-2014-0160)
Heartbleed (CVE-2014-0160) let attackers silently read server memory over TLS. Here's the impact, timeline, remediation, and how to detect lingering exposure today.
Sudo Baron Samedit heap overflow (CVE-2021-3156)
A decade-old sudo heap overflow, CVE-2021-3156 (Baron Samedit), let any local user gain root. Here's what's affected and how to fix it.
Spring4Shell RCE in Spring Framework (CVE-2022-22965)
A deep dive into CVE-2022-22965 (Spring4Shell): the critical Spring Framework RCE, its exploitation chain, timeline, and how to remediate it fast.
Log4j second RCE bypass (CVE-2021-45046)
The Log4j 2.15.0 patch for Log4Shell was incomplete. CVE-2021-45046 shows how attackers bypassed it to achieve remote code execution.
Struts2 OGNL injection RCE (CVE-2018-11776)
CVE-2018-11776 lets remote attackers achieve full RCE in Apache Struts2 via OGNL injection in URL namespaces. Impact, timeline, and fixes inside.
PHP-FPM/Nginx path disclosure RCE (CVE-2019-11043)
CVE-2019-11043 let attackers gain unauthenticated RCE on PHP-FPM/Nginx stacks via a PATH_INFO underflow. Here's the impact, timeline, and fixes.
Ghostcat Apache Tomcat AJP file read/RCE (CVE-2020-1938)
CVE-2020-1938 'Ghostcat' exposes Apache Tomcat's AJP connector to file read and RCE. Here's the ghostcat tomcat AJP vulnerability impact and how to fix it.