26 matches found
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
DEBIAN-CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177
CVE-2026-42177 affects the linux-entra-sso browser plugin for Linux. Before v1.8.1, the Chrome adapter used a declarativeNetRequest rule with urlFilter of https://login.microsoftonline.com/, which is substring-matched against full URLs, and the associated action could modify headers to attach the...
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
PT-2026-40252
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...
CVE-2025-64750
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...
EUVD-2022-42654
Malicious code in bioql PyPI...
SUSE CVE-2024-22114
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...
DEBIAN-CVE-2024-22114
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...
UBUNTU-CVE-2024-22114
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...
Design/Logic Flaw
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied...
PT-2023-13073 · Red Hat · Openshift Ai
Name of the Vulnerable Software and Affected Versions: OpenShift API affected versions not specified Description: A flaw was found in OpenShift API, as admission checks do not enforce custom-host permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be...
Kubernetes Security Vulnerabilities
Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes suffers from a security vulnerability that stems from a flaw in the OpenShift API where access checks do not enforce...
SUSE CVE-2017-3141
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2-9.2.9, 9.3.2-P1-9.3.6, 9.4.0-9.8.8, 9.9.0-9.9.10, 9.10.0-9.10.5, 9.11.0-9.11.1, 9.9.3-S1-9.9.10-S1,...
SUSE CVE-2018-5166
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox 60...