8 matches found
GO-2025-4151 SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results in github.com/authzed/spicedb
SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results in github.com/authzed/spicedb...
EUVD-2025-198499
SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...
Insecure Inherited Permissions
Overview Affected versions of this package are vulnerable to Insecure Inherited Permissions in the LookupResources API. An attacker can cause incomplete or missing results to be returned by crafting schemas that define permissions using unions referencing the same relation with different...
SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results
Impact If your schema includes the following characteristics: 1. You have a permission defined in terms of a union + 1. That union references the same relation on both sides, but one side arrows to a different permission Then you might have missing LookupResources results when checking the...
Cvx3CrvOracle misses sanity checks for Chainlink responses
Handle kenzo Vulnerability details When querying Chainlink for stable prices, Cvx3CrvOracle doesn't run sanity checks against stale or incomplete results. This is unlike Yield's ChainlinkMultiOracle, which does execute those checks. Impact Stale or incorrect results might be returned. Proof of...
SUSE: Security Advisory (SUSE-SU-2012:1488-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Non-reliable Nessus scan results
Do you perform massive unauthenticated vulnerability scans with Nessus? It might be a bad idea. It seems that Nessus is not reliable enough to assess hundreds and thousands of hosts in one scan and can lose some valuable information. The thing is that sometimes Nessus does not detect open ports a...
CGI Generic Tests Timeout
Some generic CGI tests ran out of time during the scan. The results may be incomplete. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid39470; scriptversion"1.15"; scriptsetattributeattribute:"pluginmodificationdate"...