23 matches found
crypto/x509: Incorrect enforcement of email constraints in crypto/x509
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...
CVE-2026-6290 Velociraptor Query() Plugin Misapplies Permissions To Orgs
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...
OpenFGA 安全漏洞
OpenFGA is an open-source tool built for developers, inspired by Google Zanzibar. It’s a high-performance and flexible authorization/licensing engine. Versions of OpenFGA from 1.8.0 to 1.13.1 have security vulnerabilities. These vulnerabilities arise from calls to the BatchCheck function under...
TencentOS Server 4: postgresql16 (TSSA-2024:0908)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0908 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
PT-2025-45376
Name of the Vulnerable Software and Affected Versions Apollo Router Core versions 1.61.11 and earlier Apollo Router Core versions 2.0.0-alpha.0 through 2.8.1-rc.0 Description Apollo Router Core, a configurable graph router written in Rust for Apollo Federation 2, had an access control issue. The...
K000152931: Multiple PostgreSQL vulnerabilities
Security Advisory Description CVE-2023-2455 Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other...
CVE-2025-4922
Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...
Important: postgresql
Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...
Important: postgresql15
Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...
postgresql: PostgreSQL row security below e.g. subqueries disregards user ID changes
A flaw was found in PostgreSQL. This vulnerability allows incorrect row-level security policies to be applied via subqueries, WITH queries, security invoker views, or SQL-language functions that reference tables with row-level security policies. This issue arises when a query is planned under one...
AZL-53215 CVE-2024-10976 affecting package postgresql for versions less than 16.5-1
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
ALPINE-CVE-2024-10976
Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...
sssd: Race condition during authorization leads to GPO policies functioning inconsistently
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately...
Important: postgresql
Issue Overview: This enabled an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. Database owners have that right by default, and explicit grants may extend it to other users. CVE-2023-2454 While CVE-2016-2193 fixed most interaction between row...
postgresql: row security policies disregard user ID changes after inlining.
A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...
CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
SUSE CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...
Matrix Synapse 安全漏洞
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A security vulnerability exists in Matrix Synapse version 1.61.0 and earlier, which stems from some of these rules not being applied correctly when determining whether events should be accepted into ...
GHSA-VPQM-88C4-X4CV Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; wh...
The vulnerability of Google Chrome browser extensions, related to deficiencies in access control for certain functions, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of Google Chrome browsers is related to the improper application of policies. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service interruptions...