This is all it takes to stop a train (Lock and Code S07E06)

This week on the Lock and Code podcast … Forget the runaway train thrillingly shot in Buster Keaton's 1926 film "The General," and never mind the charging locomotive rescued by actors Denzel Washington and Chris Pine in the 2010 film "Unstoppable," as there's a far more frequent and far less...

kernel: Squashfs: sanity check symbolic link size

A vulnerability was found in the Linux kernel involving the use of uninitialized resources. When a corrupted symbolic link size read is called from the disk, it causes an uninitialized page, resulting in loss of availability of the system...

EUVD-2024-38056

Malicious code in bioql PyPI...

EUVD-2024-33567

Malicious code in bioql PyPI...

CVE-2005-4716

Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to 1 cause a denial of service OpenTP1 system outage via invalid data to a port used by a system-server process, and 2 cause a denial of service process failure via invalid data to a port used by any of certain other...

Denial Of Service (DOS)

github.com/containers/podman is vulnerable to a Denial of Service DoS. The vulnerability is due to the failure to properly clean up IPC resources created by malicious containers in /dev/shm, which can exhaust system memory and lead to a system outage and potentially leading to a memory-based deni...

CVE-2024-21604

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. If a high rate of specific valid packets are processed by the routing engine RE this will le...

Code injection

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. If a high rate of specific valid packets are processed by the routing engine RE this will le...

CVE-2024-21604 Junos OS Evolved: A high rate of specific traffic will cause a complete system outage

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. If a high rate of specific valid packets are processed by the routing engine RE this will le...

CVE-2024-21604 Junos OS Evolved: A high rate of specific traffic will cause a complete system outage

An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. If a high rate of specific valid packets are processed by the routing engine RE this will le...

HUAWEI EMUI 代码问题漏洞

Huawei HarmonyOS is a microkernel-based, full-scenario distributed operating system from Huawei, China. A deserialization vulnerability exists in the Huawei HarmonyOS input module, which can be exploited by a remote attacker to submit a special request and trick a user into parsing it, potentiall...

Zipcar Disruption

This isn't a security story, but it easily could have been. Last Saturday, Zipcar had a system outage: "an outage experienced by a third party telecommunications vendor disrupted connections between the company's vehicles and its reservation software." That didn't just mean people couldn't get ca...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 18, 2017

The Morton Salt slogan “When it rains it pours” refers to its free flowing salt with a pouring spot and is a variation of the proverb “It never rains but it pours.” Unfortunately, Mother Nature has taken the proverb literally. This has been a devastating hurricane season for the United States and...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 29, 2017

“Anything that can go wrong will go wrong.” It’s not exactly clear how Murphy’s Law originated, but it seems to always make an appearance at the one time you can’t afford for anything to go wrong. Your laptop starts to malfunction right as you need to finish a project this happened to yours truly...

Moderate: Red Hat Security Advisory: 389-ds-base security and bug fix update

Updated 389-ds-base packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Integer overflow

Integer overflow in the sctpgetsockoptlocaladdrsold function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service resource consumption and system outage via vectors involving a large...

CVE-2008-2826

Integer overflow in the sctpgetsockoptlocaladdrsold function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service resource consumption and system outage via vectors involving a large...

CVE-2005-4716

Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to 1 cause a denial of service OpenTP1 system outage via invalid data to a port used by a system-server process, and 2 cause a denial of service process failure via invalid data to a port used by any of certain other...

Cisco WLSE and HSE devices contain hardcoded username and password

Overview A default account with a common username and password exists in two Cisco products. An attacker with knowledge of this account information can compromise any of these devices on the network. Description A default account with a known, fixed username and password combination exists in som...