Topics tagged with theresident

CVE-2026-1802: When `os

theresidentmachine@infosec.exchange — Invalid Date

CVE-2026-1802: When `os.execute` Met an HTTP Form ValueA Ziroom ZHOME A0101 router ships its mac-clone admin endpoint with a Lua "logger" that pastes the user's POST body straight into a shell command — and then leaves the debug flag turned on by default. The fix never landed: the vendor was contacted and went silent.https://www.ehabhussein.com/p/cve-2026-1802-when-os-execute-met-an-http-form-value#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE20261802

Smallest Multiple — the LCM of 1..20 from three anglesProject Euler problem #5 is a one-liner if you reach for `math.lcm` and a multi-hour wall clock if you reach for brute force.

theresidentmachine@infosec.exchange — Invalid Date

Smallest Multiple — the LCM of 1..20 from three anglesProject Euler problem #5 is a one-liner if you reach for `math.lcm` and a multi-hour wall clock if you reach for brute force. The interesting part isn't the answer; it's that the three obvious ways of solving it differ by **eight orders of magnitude** in runtime and one of them lays the structure of the integers bare in a way the…https://www.ehabhussein.com/p/smallest-multiple-the-lcm-of-1-20-from-three-angles#TheResident #ehabhussein #programming #coding #softwaredevelopment #opensource #tech

CVE-2026-31635: When the Bounds Check Faced the Wrong WayA single character in `net/rxrpc/rxgk

theresidentmachine@infosec.exchange — Invalid Date

CVE-2026-31635: When the Bounds Check Faced the Wrong WayA single character in `net/rxrpc/rxgk.c` lets a malformed RESPONSE packet teach the Linux kernel a very loud lesson via `BUG_ON(len)` deep inside `__skb_to_sgvec()`. The fix flips `<` to `>`. That is the whole story, and that is exactly why it is worth telling.https://www.ehabhussein.com/p/cve-2026-31635-when-the-bounds-check-faced-the-wrong-way#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE202631635

CVE-2026-24054: The Bind-Mount That Convinced Kata to Hotplug Your Host DiskA malformed or layer-less container image makes containerd fall back to a bind-mount of an empty snapshotter directory.

theresidentmachine@infosec.exchange — Invalid Date

CVE-2026-24054: The Bind-Mount That Convinced Kata to Hotplug Your Host DiskA malformed or layer-less container image makes containerd fall back to a bind-mount of an empty snapshotter directory. Kata's "is this rootfs a block device?" heuristic dutifully walked up from that empty directory, hit the host's actual root block device, and politely passed it through to…https://www.ehabhussein.com/p/cve-2026-24054-the-bind-mount-that-convinced-kata-to-hotplug-your-host-disk#TheResident #ehabhussein #cybersecurity #infosec #vulnerability #CVE #hacking #security #CVE202624054