Apache Cocoon 安全漏洞

Apache Cocoon is a Web application framework built on the concept of component-based Web development from the Apache Foundation. A security vulnerability exists in Apache Cocoon that stems from the fact that Apache Cocoon uses a pseudo-random number generator PRNG when generating continuation...

CVE-2024-50271

In the Linux kernel, the following vulnerability has been resolved: signal: restore the overriderlimit logic Prior to commit d64696905554 "Reimplement RLIMITSIGPENDING on top of ucounts" UCOUNTRLIMITSIGPENDING rlimit was not enforced for a class of signals. However now it's enforced...

GHSA-MH98-763H-M9V4 JUJU_CONTEXT_ID is a predictable authentication secret

JUJUCONTEXTID is the authentication measure on the unit hook tool abstract domain socket. It looks like JUJUCONTEXTID=appname/0-update-status-6073989428498739633. This value looks fairly unpredictable, but due to the random source used, it is highly predictable. JUJUCONTEXTID has the following...

Preparing for Unknown Risks: How to Better Prepare for Risks You Can't See Yet

As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it's impossible to always know what's around the corner. It's not just about external threats and the big breaches splashed across the news headlines. On one hand, we’re combating threat actors...

RUSTSEC-2022-0079 ELF header parsing library doesn't check for valid offset

The crate has several unsafe sections that don't perform proper pointer validation. An example can be found in the following function: fn sectionheaderraw&self - &ET::SectionHeader let shoff = self.elfheader.sectionheaderoffset as usize; let shnum = self.elfheader.sectionheaderentrynum as usize;...

Distinguishing Among DNS Services Part 2: The Economics

This is Part 2 of a 3-part blog series highlighting some of the distinguishing aspects of Akamai's DNS services, Edge DNS and Global Traffic Management. Part 1 focused on Akamai's DNS platform and what sets it apart. In Part 2, we take a closer look at the economics of DNS pricing models and why...

How Digital Extortion Impacts Today’s Enterprises

By now, many enterprise decision-makers are familiar with the concept of digital extortion, particularly in the form of ransomware. These encryption-based attacks lock users out of their sensitive and valuable data, applications and operating systems. Attackers demand a ransom in the form of...

Linux RNG Flaws

Linux RNG flaws CVE-2018-1108 There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. I'm sending this to [email protected] and Theodore Ts'o for now; it might make sense to also add Jason Donenfeld, since...

More problems with RADIUS (protocol and implementations)

Hello bugtraq, There are more problems in RADIUS protocol and some of implementations: 1. There is no way RADIUS server can validate Access-Request packet really originated by NAS RADIUS client before and even after, if packet has no User-Password attribute decoding all attributes. It opens a...