28 matches found
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
DEBIAN-CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
CVE-2026-42177
CVE-2026-42177 affects the linux-entra-sso browser plugin for Linux. Before v1.8.1, the Chrome adapter used a declarativeNetRequest rule with urlFilter of https://login.microsoftonline.com/, which is substring-matched against full URLs, and the associated action could modify headers to attach the...
CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...
PT-2026-40252
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...
CVE-2026-5708 Improper Control of User-Modifiable Attributes in RES CreateSession API
Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...
CVE-2025-64750
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...
EUVD-2022-42654
Malicious code in bioql PyPI...
SUSE CVE-2024-22114
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...
DEBIAN-CVE-2024-22114
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...
UBUNTU-CVE-2024-22114
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...
Design/Logic Flaw
A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied...
PT-2023-13073 · Red Hat · Openshift Ai
Name of the Vulnerable Software and Affected Versions: OpenShift API affected versions not specified Description: A flaw was found in OpenShift API, as admission checks do not enforce custom-host permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be...
Kubernetes Security Vulnerabilities
Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes suffers from a security vulnerability that stems from a flaw in the OpenShift API where access checks do not enforce...