CVE-2024-41003 bpf: Fix reg_set_min_max corruption of fake_reg

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsetminmax corruption of fakereg Juan reported that after doing some changes to buzzer 0 and implementing a new fuzzing strategy guided by coverage, they noticed the following in one of the probes: ... 13: 79 r6 = u64 ...

Malicious code in active-model_validates_intersection_of (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Authorization Bypass

github.com/openfga/openfga is vulnerable to Authorization Bypass. The vulnerability is due to improper handling of exclusion or intersection models, leading to potential bypass when calling certain APIs...

GHSA-8CPH-M685-6V6R OpenFGA Authorization Bypass

Overview Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. Am I Affected? You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. a and b and you have any cyclical relationships. If...

OpenFGA Authorization Bypass

Overview Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. Am I Affected? You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. a and b and you have any cyclical relationships. If...

CVE-2024-31452

OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. ...

CVE-2024-31452

OpenFGA CVE-2024-31452 affects OpenFGA v1.5.0+ with an authorization bypass when calling Check or ListObjects APIs. The root cause relates to exclusion or intersection models (e.g., a but not b, or a and b). The issue is fixed in v1.5.3; remediation is to upgrade to v1.5.3 (or later) to mitigate....

CVE-2024-31452 OpenFGA Authorization Bypass

OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. ...

CVE-2024-31452 OpenFGA Authorization Bypass

OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion e.g. a but not b or intersection e.g. ...

PT-2024-24086

Name of the Vulnerable Software and Affected Versions OpenFGA versions 1.5.0 through 1.5.2 Description The issue concerns an authorization bypass when calling Check or ListObjects APIs in OpenFGA. Users are likely affected if their model involves exclusion e.g., a but not b or intersection e.g., ...

A Bootiful Podcast: Hashicorp's Rosemary Wang on securing the intersection of apps and ops with Hashicorp Vault

Hi, Spring fans! In this episode Josh Long @starbuxman talks to Hashicorp Developer Advocate Rosemary Wang @joatmon08 about a few Hashicorp technologies and their integrations with Spring Boot...

Lookup operations do not take into account wildcards in SpiceDB

Impact Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not accessible by virtue of the inclusion of the wildcard in the intersection or the rig...

CVE-2022-21646

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

Design/Logic Flaw

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

CVE-2022-21646 Lookup operations do not take into account wildcards in SpiceDB

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

CVE-2022-21646

SpiceDB vulnerability CVE-2022-21646 affects wildcard handling in lookups: using a wildcard on the right side of an intersection or within an exclusion can cause Lookup/LookupResources to treat resources as accessible when they are not. In v1.3.0 the wildcard was ignored in dispatch, making the b...

CVE-2022-21646 Lookup operations do not take into account wildcards in SpiceDB

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

CVE-2022-21646 Lookup operations do not take into account wildcards in SpiceDB

SpiceDB is a database system for managing security-critical application permissions. Any user making use of a wildcard relationship under the right hand branch of an exclusion or within an intersection operation will see Lookup/LookupResources return a resource as "accessible" if it is not...

Cannot use most piecewise linear functions with current implementation

Handle cmichel Vulnerability details The ThreePieceWiseLinearPriceCurve.adjustParams function uses three functions f1, f2, f3 where yi = fixi. It computes the y-axis intersect b2 = f20, b3 = f30 for each of these but uses unsigned integers for this, which means these values cannot become negative...

Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby

New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers. "As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – ev...