20 matches found
CVE-2025-59829
Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the...
CVE-2025-59829
CVE-2025-59829 affects Claude Code (Anthropic) prior to version 1.0.120. The root cause is improper handling of symbolic links when evaluating permission-deny rules, enabling a user-denied file to be accessed via a symlink pointing to that file. The issue is fixed in 1.0.120. Impact is exposure o...
CVE-2025-59829 Claude Code: Permission deny bypass is possible through symlink
Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the...
GHSA-66M2-GX93-V996 Claude Code permission deny bypass through symlink
Claude Code failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. Users on standard Claude Code auto-update wil...
Claude Code permission deny bypass through symlink
Claude Code failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. Users on standard Claude Code auto-update wil...
SpiceDB checks involving relations with caveats can result in no permission when permission is expected
Impact On schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. For example, given this schema:...
CVE-2022-48377
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...
CVE-2022-47481
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed...
DEBIAN-CVE-2025-47780
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface CLI by configuring...
CVE-2024-46989 Multiple caveats on resources of the same type can result in no permission when permission is expected
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resourc...
CVE-2024-22114
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...
Error: XDDS:84D81E3A Unable to Read Disk. Failed to create Machine Catalog. Permission to perform this operation was denied.
Error: XDDS:84D81E3AUnable to Read Disk.Failed to create Machine Catalog. Permission to perform this operation was denied" when creating machine catalog...
CVE-2023-38448
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges...
CVE-2023-38463
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges...
CVE-2023-38457
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges...
PT-2023-26450 · Unknown · Vowifiservice
Name of the Vulnerable Software and Affected Versions: vowifiservice affected versions not specified Description: The issue is related to a possible missing permission check in vowifiservice. This could lead to local denial of service with no additional execution privileges. Recommendations: At t...
CVE-2022-47492
In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...
User has access to project and repository after global permission has been removed
h3. Problem User has access to project and repository after global permission has been removed. Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user. h3. Environment - Tested on 7.5 and 7.3 h3. Steps to...
PVS configuration wizard failed to add domain\users service account into database automatically:<The EXECUTE permission was denied on the object 'uspGetServerSettings
PVS configuration wizard fails to add domain\users service account into database automatically.The EXECUTE permission was denied on the object 'uspGetServerSettings' or System.Data.SqlClient.SqlException 0x80131904: Windows NT user or group 'domain\username' not found in CDF trace. No error is...
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0057-1)
This update of java-160-openjdk improves the return value handling of JNLPSecurityManager. Prior to this update the JNLPSecurityManager silently returns in some cases when a permission was denied. CVE-2010-4351 Additionally the java path was fixed to make java work with firefox again. %NASLMINLEV...