17 matches found
EUVD-2010-4320
Malware in sbrugna...
SUSE CVE-2025-49011
SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow'ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, reques...
CVE-2024-46989
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resourc...
GHSA-JHG6-6QRX-38MR SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Background Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected For example, given this schema: definition user caveat somecaveatsomefield int somefield == 42 definition group relation member: user...
CVE-2024-46989
CVE-2024-46989 affects SpiceDB (spicedb): having multiple caveats on resources of the same indirect subject type within the same relation can cause CheckPermission to return NO_PERMISSION instead of PERMISSION when expected. The issue can occur when a resource has multiple groups and each is cave...
CVE-2024-46989 Multiple caveats on resources of the same type can result in no permission when permission is expected
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resourc...
CVE-2024-38361
Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...
CVE-2024-38361 Permissions processing error in spacedb
Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...
CVE-2024-38361 Permissions processing error in spacedb
Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...
CVE-2024-38361
SpiceDB (spicedb) vulnerability CVE-2024-38361 affects the permission-check flow: an exclusion under an arrow with multiple resources may cause a NO_PERMISSION response when PERMISSION is expected on CheckPermission, due to a failure in the exclusion dispatcher to query all folders a user can acc...
CVE-2024-38361 Permissions processing error in spacedb
Spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. If the resource exists under multiple...
SpiceDB exclusions can result in no permission returned when permission expected
Background Use of an exclusion under an arrow that has multiple resources may resolve to NOPERMISSION when permission is expected. For example, given this schema: zed definition user definition folder relation member: user relation banned: user permission view = member - banned definition resourc...
CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
CVE-2024-27101 Integer overflow in chunking helper causes dispatching to miss elements or panic
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 6553...
SpiceDB Security Vulnerabilities
SpiceDB is a fine-grained permission database inspired by Google Zanzibar. A security vulnerability exists in SpiceDB versions prior to 1.29.2 that stems from an integer overflow vulnerability in the CheckPermission, BulkCheckPermission, and LookupSubjects API methods...
从ThinkPHP谈基于框架开发程序的安全性(从SQL注入到代码执行)
简要描述: 从ThinkPHP谈基于框架开发程序的安全性,以ThinkPHP,ThinkSNS,大米CMS等最新版漏洞证明为例 详细说明: 从ThinkPHP谈基于框架开发程序的安全性,以ThinkPHP,ThinkSNS,大米CMS等为例 之前在看ThinkPHP开发手册的时候看到这个: 字符串方式 字符串方式条件即以字符串的方式将条件作为 where 方法的参数,例子: $Dao = M"User"; $List = $Dao-where'uidfind; 实际执行的 SQL 为: SELECT FROM user WHERE uidwhere'role='.$role-find;...
CVE-2010-4351
The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...