Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

Text4Shell Apache Commons Text RCE (CVE-2022-42889)

A deep dive into CVE-2022-42889 (Text4Shell): the Apache Commons Text RCE, its narrower real-world exploitability versus Log4Shell, and how to remediate it.

Jan 14, 20267 min read
Vulnerability Analysis

Trojan Source Unicode bidi-override attack (CVE-2021-42574)

CVE-2021-42574 (Trojan Source) lets Unicode bidi control characters hide malicious logic in plain sight during code review. Here's the full breakdown and fix.

Jan 13, 20267 min read
Vulnerability Analysis

OpenSSL punycode buffer overflow pair (CVE-2022-3602 / CVE-2022-3786)

A deep dive into CVE-2022-3602 and CVE-2022-3786, the OpenSSL punycode buffer overflow pair once dubbed "Heartbleed 2.0" — impact, timeline, and fixes.

Jan 13, 20265 min read
Vulnerability Analysis

Outlook NTLM hash leak zero-day (CVE-2023-23397)

A zero-click Outlook flaw let attackers steal NTLM hashes via crafted calendar reminders — exploited by APT28 for a year before patching. Here's what to do.

Jan 13, 20267 min read
Vulnerability Analysis

MOVEit Transfer SQL injection mass-exploitation (CVE-2023-34362)

CVE-2023-34362, the MOVEit Transfer SQL injection exploited by Cl0p, hit 2,600+ organizations. Impact, timeline, and remediation steps inside.

Jan 13, 20267 min read
Vulnerability Analysis

Apache OFBiz CVE-2024-38856 Pre-Auth RCE Analysis

CVE-2024-38856 is an unauthenticated RCE in Apache OFBiz that bypasses authentication via screen rendering. Exploit chain, detection, and patching.

Jan 13, 20266 min read
Vulnerability Analysis

lodash prototype pollution via zipObjectDeep (CVE-2020-8203)

CVE-2020-8203 lets attackers pollute Object.prototype via lodash's zipObjectDeep. Learn affected versions, CVSS/EPSS context, and remediation steps.

Jan 12, 20267 min read
Vulnerability Analysis

lodash defaultsDeep prototype pollution (CVE-2019-10744)

A critical prototype pollution flaw in lodash's defaultsDeep (CVE-2019-10744) lets attackers corrupt Object.prototype. Here's the impact and how to fix it.

Jan 12, 20268 min read
Vulnerability Analysis

lodash template code injection (CVE-2021-23337)

CVE-2021-23337 lets attackers inject code via lodash's template function. Here's the impact, affected versions, CVSS/EPSS context, and how to remediate it.

Jan 12, 20268 min read
Vulnerability Analysis

Alibaba fastjson deserialization RCE (CVE-2022-25845)

A critical AutoType-bypass RCE in Alibaba fastjson (CVSS 9.8, EPSS ~99th pct) hits any app parsing untrusted JSON. Here's how to detect and fix it.

Jan 11, 20267 min read
Vulnerability Analysis

Struts2 REST plugin XStream deserialization RCE (CVE-2017-9805)

CVE-2017-9805 lets attackers RCE Struts2 REST APIs via unsafe XStream XML deserialization. Learn impact, affected versions, and remediation steps.

Jan 11, 20267 min read
Vulnerability Analysis

Apache Commons Collections deserialization gadget RCE (CVE-2015-7501)

A decade-old Apache Commons Collections deserialization gadget chain still enables unauthenticated RCE across legacy Java middleware. Here's how to find and fix it.

Jan 11, 20268 min read
vulnerability-analysis (Page 12) — Safeguard Blog