GHSA-VJ4M-83M8-XPW5 OpenFGA Authorization Bypass via tupleset wildcard

Overview During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions. Am I affected? You are affected by this vulnerability if you are using openfga/openfga version v0.2.3 and you added a tuple...

OpenFGA Authorization Bypass

Overview During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version v0.2.3 or prior, and your mode...

GHSA-F4MM-2R69-MG5F OpenFGA Authorization Bypass

Overview During our internal security assessment, it was discovered that OpenFGA versions v0.2.3 and prior are vulnerable to authorization bypass under certain conditions. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version v0.2.3 or prior, and your mode...

OpenFGA subject to Information Disclosure via streamed-list-objects endpoint

Overview During our internal security assessment, it was discovered that streamed-list-objects endpoint was not validating the authorization header resulting in the disclosure of objects in the store. Am I Affected? You are affected by this vulnerability if you are using openfga/openfga version...

[SECURITY] [DLA 3159-1] libbluray bugfix update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3159-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 25, 2022 https://wiki.debian.org/LTS -...

SUSE-SU-2022:3706-1 Security update for google-gson

This update for google-gson fixes the following issues: Fixed security issue: - CVE-2022-25647: Deserialization of Untrusted Data bsc1199064 Other non security fixes: - Build with Java = 9 in order to produce a modular jar by compiling the module-info.java sources with all other classes built wit...

Four Big Reasons to Update Your Software

ABP To shamelessly paraphrase the 1992 crime drama Glengarry Glen Ross, “Always be patching.” Any home computer needs to be updated regularly. Drives and software updates are critical to the smooth running of the average home PC, and can often be overlooked. Business and professional computers ar...

OPENSUSE-SU-2022:10150-1 Security update for seamonkey

This update for seamonkey fixes the following issues: Update to SeaMonkey 2.53.14 Updates to the following DOM HTML element interfaces: Embed, Object, Anchor, Area, Button, Frame, Canvas, IFrame, Link, Image, MenuItem, TextArea, Source, Select, Option, Script and Html. Please test add-ons. Contin...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2022:10148-1 Rating: important References: 1180132 1180399 Cross-References: CVE-2019-10740 CVE-2020-12641 CVE-2020-16145 CVE-2020-35730 CVSS scores: CVE-2019-10740 NVD : 4.3...

Veeam ONE Compatibility Patch for Cloud Director 10.4

The hotfix on this page was built specifically for Veeam ONE v11a 11.0.1.1880. Requirements Before installing this hotfix, ensure you are running Veeam ONE v11a 11.0.1.1880. You can check the version under Help | About in the Veeam ONE Client. Resolved Issues When attempting to add VMware Cloud...

[SECURITY] Fedora 35 Update: python3.6-3.6.15-5.fc35

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2021-35561)

Summary There is a vulnerability in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: A vulnerability in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2022-21496)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID:CVE-2022-21496 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could allow...

VMware Cloud Director 10.4 Compatibility Patches

Hotfix for Veeam Backup & Replication 11.0.1.1261 P20230227 The hotfix on this article has been rebuilt as of 2023-11-24 to be compatible only with Veeam Backup & Replication build 11.0.1.1261 P20230227. This is the second such rebuild; the last rebuild was on 2023-03-16. Note: If an older versio...

CVE-2022-39242

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

CVE-2022-39242 Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

GSD-2022-1005333 arm64: errata: Remove AES hwcap for COMPAT tasks

arm64: errata: Remove AES hwcap for COMPAT tasks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...

typemap is Unmaintained

The maintainer seems unreachable. The crate may or may not be usable as-is despite no maintenance and may not work in future versions of Rust. The last release seems to have been seven years ago...

PT-2022-33591 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue is related to the removal of AES hwcap for COMPAT tasks on arm64. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to v5.19.2...

PT-2022-23068 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The implementation of Conv2DBackpropInput requires input sizes to be...