CVE-2022-23542 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...

OpenFGA Authorization Bypass

Overview During our internal security assessment, it was discovered that OpenFGA versions v0.3.0 is vulnerable to authorization bypass under certain conditions. Am I Affected? You are affected by this vulnerability if all of the following applies: 1. You are using OpenFGA v0.3.0 2. You created a...

SUSE-RU-2022:4567-1 Recommended update for python-crcmod, python-cryptography, python-cryptography-vectors

This update for python-crcmod, python-cryptography, python-cryptography-vectors contains the following fixes: python-cryptography: - Update in SLE-15 bsc1177083, jscPM-2730, jscSLE-18312 - Refresh patches for new version Using the Fernet class to symmetrically encrypt multi gigabyte values...

Getting the correct HTML codecs parameter for an AV1 video

This post is mostly for my own reference, but I couldn't find a good guide elsewhere, so here we go! I wanted to embed a screencast in a web page, and I wanted it to be as efficient as possible. To achieve this, I created two version of the video, and embedded it like this: The MP4 version uses t...

Getting the correct HTML codecs parameter for an AV1 video

This post is mostly for my own reference, but I couldn't find a good guide elsewhere, so here we go! I wanted to embed a screencast in a web page, and I wanted it to be as efficient as possible. To achieve this, I created two version of the video, and embedded it like this: The MP4 version uses t...

Tokens are expected to have 18 decimals but not all have them

Lines of code Vulnerability details Tokens are expected to have 18 decimals but not all have them Summary Pairs doesn't consider tokens with less or more than 18 decimals Impact Tokens not compatible Proof of Concept Mitigation Don't use hardcoded 18 decimals --- The text was updated successfully...

[SECURITY] Fedora 37 Update: protobuf-3.19.6-1.fc37

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

Update 18.18 for Microsoft Dynamics 365 Business Central 2021 Release Wave 1 (Application Build 18.18.49460, Platform Build 18.0.49352)

None None...

Update 16.19 for Microsoft Dynamics 365 Business Central 2020 Release Wave 1 (Application Build 16.19.49472, Platform Build 16.0.49350)

None None...

Cumulative Update 42 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.43.49498, Platform Build 14.0.49494)

None None...

Update 21.2 for Microsoft Dynamics 365 Business Central (on-premises) 2022 Release Wave 2 (Application Build 21.2.49990, Platform Build 21.0.49984)

None None...

Cumulative Update 61 for Microsoft Dynamics NAV 2017 (Build 30699)

None None...

Cumulative Update 67 for Microsoft Dynamics NAV 2016 (Build 52168)

None None...

[SECURITY] Fedora 35 Update: python3.8-3.8.16-1.fc35

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

Security update for matio (important)

openSUSE Security Update: Security update for matio Announcement ID: openSUSE-SU-2022:10235-1 Rating: important References: 1193873 1193874 Cross-References: CVE-2020-36428 CVE-2021-36977 CVSS scores: CVE-2020-36428 NVD : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-36977 NVD : 6.5...

OPENSUSE-SU-2022:10235-1 Security update for matio

This update for matio fixes the following issues: Update to version 1.5.23: Fixed testsuite regression from version 1.5.22. Changes from version 1.5.22: Added support for reading large MAT file. Updated cmake-conan to version 0.17.0. Fixed CMake build with Conan MATIOUSECONAN:BOOL=ON. Fixed data...

SUSE-SU-2022:4351-1 Security update for osc

This update for osc fixes the following issues: osc was updated to version 0.182.0 bsc1154972, bsc1144211, bsc1142662, bsc1140697, bsc1138165: - Added MFA support jscOBS-203. - CVE-2019-3681: Fixed vulnerability where osc stored downloaded RPMs in network controlled paths bsc1122675. -...

SUSE-SU-2022:4290-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - CVE-2022-21626: An unauthenticated attacker with network access via HTTPS can compromise Oracle Java SE, Oracle GraalVM Enterprise Edition bsc1204471. - CVE-2022-21618: An unauthenticated attacker with network access via Kerberos can...

CLSA-2022-1669241032 Fix CVE(s): CVE-2022-45061

SECURITY UPDATE: Uncontrolled resource consumption - debian/patches/CVE-2022-45061-v2.7.patch: Fix quadratic time idna decoding - CVE-2022-45061 Make tests to be compatible with expat 2.1.0 from tuxcare.els: - debian/patches/expat-regression-v2.7.patch: Make test suite support Expat =2.4.5...

CLSA-2022-1669240479 python: Fix of CVE-2022-45061

CVE-2022-45061: Fix quadratic time idna decoding - fix tests to be compatible with expat 2.0.1-tuxcare.els...