Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

ProxyLogon Microsoft Exchange RCE chain (CVE-2021-26855)

A deep dive into ProxyLogon (CVE-2021-26855 and chain): the unauthenticated Exchange RCE that enabled HAFNIUM and mass ransomware attacks.

Jan 17, 20267 min read
Vulnerability Analysis

PrintNightmare Windows Print Spooler RCE (CVE-2021-34527)

A critical Print Spooler flaw (CVE-2021-34527) enabled unauthenticated SYSTEM-level RCE on nearly every Windows host. Here's what happened and how to fix it.

Jan 17, 20268 min read
Vulnerability Analysis

WinRAR CVE-2025-0411 Mark-of-the-Web Bypass

CVE-2025-0411 lets WinRAR archives bypass Windows Mark-of-the-Web when extracted. Here is the flaw, the observed campaigns, and the patching path.

Jan 17, 20267 min read
Vulnerability Analysis

F5 BIG-IP iControl REST RCE (CVE-2022-1388)

A critical iControl REST auth bypass let attackers gain root RCE on BIG-IP within days of disclosure. Impact, KEV status, timeline, and fixes.

Jan 16, 20267 min read
Vulnerability Analysis

HTTP/2 Rapid Reset DDoS technique (CVE-2023-44487)

CVE-2023-44487 (HTTP/2 Rapid Reset) fueled record DDoS attacks by abusing stream resets. Here's the impact, timeline, and how to remediate it.

Jan 16, 20267 min read
Vulnerability Analysis

OpenSSH forwarded ssh-agent RCE (CVE-2023-38408)

CVE-2023-38408 lets a malicious SSH server hijack a forwarded ssh-agent to run code on the client. Impact, affected versions, and fixes.

Jan 15, 20267 min read
Vulnerability Analysis

OpenSSH agent forwarding RCE (CVE-2016-10009)

A malicious or compromised SSH server could abuse forwarded ssh-agent connections to load arbitrary PKCS#11 modules and run code on the client.

Jan 15, 20267 min read
Vulnerability Analysis

Shellshock Bash environment variable RCE (CVE-2014-6271)

A 2014 parsing flaw in Bash's function-export handling let attackers run arbitrary commands via environment variables — and it's still exploited today.

Jan 15, 20268 min read
Vulnerability Analysis

EternalBlue SMBv1 RCE (CVE-2017-0144)

EternalBlue (CVE-2017-0144) turned a Windows SMBv1 flaw into WannaCry and NotPetya. Here's the risk context, timeline, and fix.

Jan 15, 20267 min read
Vulnerability Analysis

BlueKeep RDP wormable RCE (CVE-2019-0708)

A deep dive into CVE-2019-0708 (BlueKeep), the wormable, pre-auth RDP RCE affecting legacy Windows — impact, timeline, and remediation steps.

Jan 14, 20267 min read
Vulnerability Analysis

CurveBall Windows CryptoAPI spoofing flaw (CVE-2020-0601)

CVE-2020-0601 (CurveBall) let attackers spoof trusted certificates via a Windows CryptoAPI flaw. Impact, timeline, and remediation steps inside.

Jan 14, 20268 min read
Vulnerability Analysis

Log4j JDBC Appender RCE (CVE-2021-44832)

CVE-2021-44832 lets attackers with logging-config write access achieve RCE via Log4j2's JDBC Appender — and Log4Shell fixes alone don't stop it.

Jan 14, 20267 min read
vulnerability-analysis (Page 11) — Safeguard Blog