Lucene search
K

234 matches found

Github Security Blog
Github Security Blog
added 2024/04/16 10:57 p.m.38 views

OpenFGA Authorization Bypass

Overview Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. Am I Affected? You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. a and b and you have any cyclical relationships. If...

9.8CVSS6.8AI score0.00656EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.13 views

openSUSE: Security Advisory for freeciv (openSUSE-SU-2022:10102-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/13 3:4 p.m.30 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to QOS.ch Sarl Logback denial of service vulnerability ( CVE-2023-6378)

Summary Potential QOS.ch Sarl Logback denial of service vulnerability CVE-2023-6378 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-6378...

7.5CVSS7.2AI score0.009EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/01/17 2:6 p.m.47 views

Important: Red Hat Security Advisory: OpenJDK 17.0.10 security update

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

7.5CVSS6.9AI score0.00918EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.2 views

kernel: regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode

In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Use the new numconfigregs property in regmapaddirqchipfwnode Commit faa87ce9196d "regmap-irq: Introduce config registers for irq types" added the numconfigregs, then commit 9edd4f5aee84 "regmap-irq: Deprecate type...

6.8AI score0.00193EPSS
Exploits0References5
NVD
NVD
added 2023/10/17 11:15 p.m.45 views

CVE-2023-45810

OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of ListObjects calls are executed, in some scenarios, those calls are not releasing resources even...

7.5CVSS5.9AI score0.00509EPSS
Exploits0References1
OSV
OSV
added 2023/08/25 7:45 p.m.25 views

GHSA-JCF2-MXR2-GMQP OpenFGA Authorization Bypass

Overview Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. This means that the API sometimes returns more objects than it should. Am I Affected? The vulnerability affects customers using ListObjects with specific models. The...

6.5CVSS6.4AI score0.00451EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/08/25 7:45 p.m.42 views

OpenFGA Authorization Bypass

Overview Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. This means that the API sometimes returns more objects than it should. Am I Affected? The vulnerability affects customers using ListObjects with specific models. The...

6.5CVSS6.5AI score0.00451EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/28 10:49 p.m.37 views

OpenFGA vulnerable to denial of service due to circular relationship

Overview OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when certain Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Am I Affected? You are affected by this vulnerability if you are using OpenFGA v1.1.0 or...

7.5CVSS6.3AI score0.01133EPSS
Exploits1References6Affected Software1
Schneier on Security
Schneier on Security
added 2023/05/17 11:1 a.m.64 views

Microsoft Secure Boot Bug

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has...

4CVSS6.9AI score0.10561EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/21 7:11 p.m.35 views

Security Bulletin: Vulnerabilities in jsonwebtoken affects IBM Watson Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in Jsonwebtoken has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.3 views

SUSE CVE-2016-2383

The adjustbranches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions...

5.5CVSS7.9AI score0.00374EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.3 views

SUSE CVE-2017-2615

Quick emulator QEMU built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or...

5.5CVSS9.4AI score0.03648EPSS
Exploits0References16
Prion
Prion
added 2022/12/20 9:15 p.m.16 views

Authorization

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...

7.5CVSS9.5AI score0.0091EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/20 8:15 p.m.9 views

CVE-2022-23542 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...

7.7CVSS9.5AI score0.0091EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/20 8:15 p.m.52 views

CVE-2022-23542 OpenFGA Authorization Bypass

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and...

7.7CVSS9.8AI score0.0091EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/12/20 7:33 p.m.37 views

OpenFGA Authorization Bypass

Overview During our internal security assessment, it was discovered that OpenFGA versions v0.3.0 is vulnerable to authorization bypass under certain conditions. Am I Affected? You are affected by this vulnerability if all of the following applies: 1. You are using OpenFGA v0.3.0 2. You created a...

9.8CVSS3AI score0.0091EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/20 12:0 a.m.6 views

PT-2022-16063 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA version 0.3.0 Description: OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA is vulnerable to authorization bypas...

9.8CVSS7AI score0.0091EPSS
Exploits0References11
Fedora
Fedora
added 2022/12/18 1:43 a.m.66 views

[SECURITY] Fedora 37 Update: protobuf-3.19.6-1.fc37

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

7.5CVSS6.8AI score0.01191EPSS
Exploits0
Mageia
Mageia
added 2022/11/17 8:45 p.m.40 views

Updated systemd packages fix security vulnerability

buffer overrun in formattimespan function bsc1204968 CVE-2022-3821 Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 0469b9f2bc pstore: do not try to load all known pstore modules ad05f54439 pstore: Run after modules are loaded ccad817445 core: Add trigger limit for path units 281d818fe3...

5.5CVSS0.7AI score0.00412EPSS
Exploits1References3
Rows per page
Query Builder