222 matches found
SecIC3: Customizing IC3 for Hardware Security Verification
Recent years have seen significant advances in using formal verification to check hardware security properties. Of particular practical interest are checking confidentiality and integrity of secrets, by checking that there is no information flow between the secrets and observable outputs. A...
CVE-2020-24582
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface...
libpng: LIBPNG out-of-bounds read in png_image_read_composite
An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger...
A Comprehensive Study on the Impact of Vulnerable Dependencies on Open-Source Software
Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source libraries, it becomes even more imperative to comprehend and...
lw-cnapp-microservices-iac
Project 2: Microservices with Infrastructure as Code ⚠️ WAR...
CVE-2025-0504
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-0504
Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...
CVE-2025-64530
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
Incorrect Authorization
Overview @apollo/composition is an Apollo Federation composition utilities Affected versions of this package are vulnerable to Incorrect Authorization via the composition logic, which failed to validate that fields have the same access control requirements as the data they reference. An attacker...
EUVD-2025-180542
@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields...
GHSA-MX7M-J9XF-62HW @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
Summary A vulnerability in Apollo Federation's composition logic allowed some queries to Apollo Router to improperly bypass access controls on types/fields. Apollo Federation incorrectly allowed user-defined access control directives on interface types/fields, which could be bypassed by instead...
@apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
Summary A vulnerability in Apollo Federation's composition logic allowed some queries to Apollo Router to improperly bypass access controls on types/fields. Apollo Federation incorrectly allowed user-defined access control directives on interface types/fields, which could be bypassed by instead...
Authentication Bypass Using an Alternate Path or Channel
Overview @apollo/composition is an Apollo Federation composition utilities Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel. An attacker can gain unauthorized access to restricted interface types or fields by crafting queries that target...
CVE-2025-64530
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
CVE-2025-64530
The CVE describes a vulnerability in Apollo Federation’s composition logic: in versions prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1, queries could bypass access controls on interface types/fields by querying implementing object types/fields via inline fragments, due to user-defined access control ...
CVE-2025-64530 @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
CVE-2025-64530 @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
CVE-2025-64530 @apollo/composition has Improper Enforcement of Access Control on Interface Types and Fields
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and 2.12.1 allowed some queries to Apollo Router to improperly bypass access controls on types/fields...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: media: vivid: The size of the composition has been changed. syzkaller discovered a bug: BUG: KASAN: vmalloc-out-of-bounds in tpgfillplanepattern, drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 inline BUG: KASAN:...
EUVD-2005-3430
Malware in sbrugna...