Lucene search
+L

28 matches found

RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.11 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.20 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS0.00234EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 6:17 p.m.7 views

DEBIAN-CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/12 6:17 p.m.9 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/12 5:11 p.m.11 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00234EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/12 5:11 p.m.6 views

CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 5:11 p.m.5 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 5:11 p.m.36 views

CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 5:11 p.m.18 views

CVE-2026-42177

CVE-2026-42177 affects the linux-entra-sso browser plugin for Linux. Before v1.8.1, the Chrome adapter used a declarativeNetRequest rule with urlFilter of https://login.microsoftonline.com/, which is substring-matched against full URLs, and the associated action could modify headers to attach the...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 5:11 p.m.4 views

CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS6AI score0.00234EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.21 views

PT-2026-40252

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 9:28 p.m.3 views

CVE-2026-5708 Improper Control of User-Modifiable Attributes in RES CreateSession API

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

8.7CVSS7.3AI score0.00841EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/12 6:12 p.m.6 views

CVE-2025-64750

SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...

4.5CVSS6.7AI score0.00137EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-42654

Malicious code in bioql PyPI...

7.5CVSS5.8AI score0.00401EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/08/17 2:0 a.m.6 views

SUSE CVE-2024-22114

User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...

4.3CVSS6.8AI score0.00587EPSS
Exploits0References4
OSV
OSV
added 2024/08/12 1:38 p.m.2 views

DEBIAN-CVE-2024-22114

User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...

4.3CVSS4.9AI score0.00587EPSS
Exploits0References1
OSV
OSV
added 2024/08/12 1:38 p.m.16 views

UBUNTU-CVE-2024-22114

User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...

4.3CVSS5.8AI score0.00587EPSS
Exploits0References3
Prion
Prion
added 2023/10/05 2:15 p.m.22 views

Design/Logic Flaw

A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied...

5CVSS7.3AI score0.00401EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/10/05 12:0 a.m.4 views

PT-2023-13073 · Red Hat · Openshift Ai

Name of the Vulnerable Software and Affected Versions: OpenShift API affected versions not specified Description: A flaw was found in OpenShift API, as admission checks do not enforce custom-host permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be...

7.5CVSS5.2AI score0.00401EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/10/05 12:0 a.m.9 views

Kubernetes Security Vulnerabilities

Kubernetes K8s is an open source system from the Cloud Native Computing Foundation for automating the deployment, scaling, and management of containerized applications. Kubernetes suffers from a security vulnerability that stems from a flaw in the OpenShift API where access checks do not enforce...

7.5CVSS6.7AI score0.00401EPSS
Exploits0References4
Rows per page
Query Builder