CVE-2026-42349

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

CVE-2026-42349

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

Tamper-Proofing with Self-Modifying Code

Classical computability theory tells us that self-modifying code SMC on a deterministic universal Turing machine can be simulated by non-SMC code on the same model. That abstraction, however, omits the external timing inputs, concurrency, and microarchitectural state that dominate practical...

SecIC3: Customizing IC3 for Hardware Security Verification

Recent years have seen significant advances in using formal verification to check hardware security properties. Of particular practical interest are checking confidentiality and integrity of secrets, by checking that there is no information flow between the secrets and observable outputs. A...

EUVD-2005-4728

Malware in sbrugna...

CVE-2005-4735

IBM DB2 Universal Database UDB 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service application crash via 1 certain equality predicates that trigger self-removal, aka IY70808; and 2 a query with more than 32000 elements in the IN-list, aka LI70817...

Ubuntu: Security Advisory (USN-6696-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuiteCRM authenticated SQL injection in export functionality

This module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from t...

Skipper 安全漏洞

Skipper is an HTTP router and reverse proxy for service portfolios. A security vulnerability exists in Skipper versions prior to 0.13.218, which stems from a lack of valid filter escaping for application query predicates...

Targeted Malware Reverse Engineering Workshop follow-up. Part 2

If you have read our previous blogpost "Targeted Malware Reverse Engineering Workshop follow-up. Part 1", you probably know about the webinar we conducted on April 8, 2021, with Kaspersky GReATs Ivan Kwiatkowski and Denis Legezo, to share best practices in reverse engineering and demonstrate...

spring-data-jpa: Additional information exposure with Spring Data JPA derived queries

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

GHSA-JGMR-WRWX-MGFJ Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

Information Disclosure

spring-data-jpa is vulnerable to information disclosure. Derived queries using any of the predicates startingWith, endingWith or containing could return more results than anticipated when a maliciously crafted query parameter value is supplied. LIKE expressions in manually defined queries could...

CVE-2019-3797

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE...

Defeating Compiler-Level Obfuscations Used in APT10 Malware

Summary The Carbon Black Threat Analysis Unit TAU recently analyzed a series of malware samples that utilized compiler-level obfuscations. For example, opaque predicates were applied to Turla mosquito and APT10 ANEL. Another obfuscation, control flow flattening, was applied to APT10 ANEL and Dhar...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)

This update for java-170-openjdk fixes the following issues : Security issues fixed : - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...

CVE-2010-3836

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service assertion failure and server crash via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers...

Code injection

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service assertion failure and server crash via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers...

[SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities

------------------------------------------------------------------------- Debian Security Advisory DSA-2143-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano January 14, 2011 http://www.debian.org/security/faq -...

CVE-2010-3836

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service assertion failure and server crash via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers...