9 matches found
CVE-2026-55771
CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals has inverted null/self branches which could lead to incorrect equality comparisons. The EntityIdentifier.equals meth...
CVE-2026-55771
CVE-2026-55771 affects CedarJava prior to 4.9.0, where EntityIdentifier.equals() has inverted null/self-reference checks, causing incorrect equality results in custom integrations. The bug does not alter Cedar’s authorization decisions (computed in Rust from JSON) but could affect external code p...
EUVD-2026-36443
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx CVE-2023-37903 introduced a check in nodevm.js line 263 that blocks the combination nesting: true + require: false. However, the check uses strict equality options.require === false, which is...
CVE-2026-44928
A flaw was found in uriparser. The EqualsUri function can incorrectly identify distinct Uniform Resource Identifiers URIs as identical. This misclassification can lead to improper URI handling within applications that use uriparser, potentially compromising data integrity. Mitigation Mitigation f...
EUVD-2026-28537
In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...
CVE-2026-44928
In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal...
USN-7901-1: CRaC JDK 21 vulnerabilities
Jinfeng Guo discovered that the Security component of CRaC JDK 21 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. CVE-2025-53057 Darius Bohni discovered that the JA...
ruby: OpenSSL::X509:: Name equality check does not work correctly
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one...
A writable configured share might get read only
Description Due to a assignment vs equality bug a share reference might get overwritten. This can lead to 'read only = no' from another share to leak into a 'read only = yes' share for a subsequent connections. This is a re-evaluation of an already fixed bug. Workaround Update to 3.6.6 and higher...