5 matches found
GHSA-6JCC-XGCR-Q3H4 @fedify/fedify has Improper Authentication and Incorrect Authorization
Summary An authentication bypass vulnerability allows any unauthenticated attacker to impersonate any ActivityPub actor by sending forged activities signed with their own keys. Activities are processed before verifying the signing key belongs to the claimed actor, enabling complete actor...
PT-2025-32420
Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.3.20 Fedify versions 1.4.0-dev.585 through 1.4.12 Fedify versions 1.5.0-dev.636 through 1.5.4 Fedify versions 1.6.0-dev.754 through 1.6.7 Fedify versions 1.7.0-pr.251.885 through 1.7.8 Fedify versions 1.8.0-dev.909...
PT-2024-40214 · Surrealdb · Surrealdb
Name of the Vulnerable Software and Affected Versions: SurrealDB versions prior to 2.0.4 Description: The issue arises from the order in which permissions are processed, leading to potential leaks of field values or record contents to users without the required permissions. This can occur in...
UBUNTU-CVE-2021-22569
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated...
rgmanager security update
CentOS Errata and Security Advisory CESA-2009:1339 An updated rgmanager package that fixes multiple security issues, various bugs, and adds enhancements is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team...