Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

Linux AF_PACKET privilege escalation (CVE-2020-14386)

CVE-2020-14386 lets a local attacker with CAP_NET_RAW corrupt Linux kernel heap memory via AF_PACKET and escalate privileges. Here's the fix and impact.

Jan 8, 20268 min read
Vulnerability Analysis

PwnKit polkit pkexec local privilege escalation (CVE-2021-4034)

PwnKit (CVE-2021-4034) is a 12-year-old polkit pkexec flaw giving any local user instant root on most Linux distros. Here's the full breakdown and fix.

Jan 7, 20267 min read
Vulnerability Analysis

zlib heap buffer overflow via crafted input (CVE-2022-37434)

CVE-2022-37434: a heap buffer overflow in zlib's gzip header parsing. Affected versions, CVSS/EPSS/KEV context, timeline, and how to remediate it.

Jan 7, 20268 min read
Vulnerability Analysis

Express qs library prototype pollution DoS (CVE-2022-24999)

CVE-2022-24999 lets attackers pollute Object.prototype through qs, the query-string parser Express relies on, crashing Node.js applications.

Jan 6, 20267 min read
Vulnerability Analysis

lodash merge/mergeWith prototype pollution (CVE-2018-3721)

A deep dive into CVE-2018-3721, the lodash merge/mergeWith prototype pollution flaw: its real-world impact, affected versions, and how to remediate it fast.

Jan 6, 20269 min read
Vulnerability Analysis

minimist prototype pollution (CVE-2020-7598)

A deep dive into CVE-2020-7598, the minimist prototype pollution vulnerability that rippled across the npm ecosystem, with impact, timeline, and remediation steps.

Jan 6, 20267 min read
Vulnerability Analysis

EJS template engine RCE via client option (CVE-2022-29078)

CVE-2022-29078 lets attackers achieve remote code execution in EJS via unsanitized render options. Affected versions, severity, and fixes inside.

Jan 5, 20267 min read
Vulnerability Analysis

Apache Struts CVE-2024-53677: The Path Traversal RCE

CVE-2024-53677 lets attackers abuse Struts file upload parameter pollution to plant webshells. Here is the chain, detection logic, and patch guidance.

Jan 5, 20267 min read
Vulnerability Analysis

socket.io-parser denial of service (CVE-2020-28477)

A remote, unauthenticated attacker could crash Socket.IO servers with one malformed packet. Here's the CVE-2020-28477 breakdown and how to fix it.

Jan 4, 20267 min read
Vulnerability Analysis

path-parse regular expression denial of service (CVE-2021-23343)

A ReDoS flaw in path-parse (CVE-2021-23343) lurks deep in webpack and resolve dependency trees. Here's the impact, timeline, and how to fix it.

Jan 3, 20267 min read
Vulnerability Analysis

browserslist ReDoS vulnerability (CVE-2021-23364)

A ReDoS flaw in browserslist (CVE-2021-23364) let crafted query strings stall builds across the JS ecosystem. Here's the full breakdown and fix.

Jan 3, 20267 min read
Vulnerability Analysis

minimatch regular expression denial of service (CVE-2022-3517)

A ReDoS flaw in minimatch (CVE-2022-3517) lets a single crafted string hang Node.js processes. Here's what's affected, the risk context, and how to fix it.

Jan 3, 20267 min read
vulnerability-analysis (Page 14) — Safeguard Blog