Lucene search
+L

20 matches found

nvd
nvd
added 2025/10/03 8:15 p.m.7 views

CVE-2025-59829

Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the...

6.5CVSS0.00396EPSS
Exploits0References1
cve
cve
added 2025/10/03 8:3 p.m.19 views

CVE-2025-59829

CVE-2025-59829 affects Claude Code (Anthropic) prior to version 1.0.120. The root cause is improper handling of symbolic links when evaluating permission-deny rules, enabling a user-denied file to be accessed via a symlink pointing to that file. The issue is fixed in 1.0.120. Impact is exposure o...

6.5CVSS6.4AI score0.00396EPSS
Exploits0References1Affected Software1
osv
osv
added 2025/10/03 8:3 p.m.5 views

CVE-2025-59829 Claude Code: Permission deny bypass is possible through symlink

Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the...

2.3CVSS6.8AI score0.00396EPSS
Exploits0References3
osv
osv
added 2025/10/03 2:17 p.m.8 views

GHSA-66M2-GX93-V996 Claude Code permission deny bypass through symlink

Claude Code failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. Users on standard Claude Code auto-update wil...

2.3CVSS6.9AI score0.00396EPSS
Exploits0References3
github
github
added 2025/10/03 2:17 p.m.11 views

Claude Code permission deny bypass through symlink

Claude Code failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the file. Users on standard Claude Code auto-update wil...

6.5CVSS6.9AI score0.00396EPSS
Exploits0References3Affected Software1
github
github
added 2025/06/06 9:41 p.m.21 views

SpiceDB checks involving relations with caveats can result in no permission when permission is expected

Impact On schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. For example, given this schema:...

5.3CVSS4AI score0.00266EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2025/05/23 12:29 a.m.7 views

CVE-2022-48377

In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...

5.5CVSS6.7AI score0.00087EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 12:25 a.m.7 views

CVE-2022-47481

In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed...

5.5CVSS6.7AI score0.00087EPSS
Exploits0References1
osv
osv
added 2025/05/22 5:15 p.m.6 views

DEBIAN-CVE-2025-47780

Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface CLI by configuring...

7.8CVSS5.5AI score0.00226EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2024/09/18 5:29 p.m.25 views

CVE-2024-46989 Multiple caveats on resources of the same type can result in no permission when permission is expected

spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resourc...

3.7CVSS6.8AI score0.0029EPSS
Exploits0References2
debiancve
debiancve
added 2024/08/09 10:15 a.m.20 views

CVE-2024-22114

User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard...

4.3CVSS4.9AI score0.00587EPSS
Exploits0
citrix
citrix
added 2024/07/13 12:0 a.m.7 views

Error: XDDS:84D81E3A Unable to Read Disk. Failed to create Machine Catalog. Permission to perform this operation was denied.

Error: XDDS:84D81E3AUnable to Read Disk.Failed to create Machine Catalog. Permission to perform this operation was denied" when creating machine catalog...

7.1AI score
Exploits0
nvd
nvd
added 2023/09/04 2:15 a.m.21 views

CVE-2023-38448

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges...

5.5CVSS5.5AI score0.00076EPSS
Exploits0References1
cvelist
cvelist
added 2023/09/04 1:16 a.m.19 views

CVE-2023-38463

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges...

5.7AI score0.00076EPSS
Exploits0References1
cvelist
cvelist
added 2023/09/04 1:16 a.m.18 views

CVE-2023-38457

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges...

5.7AI score0.00076EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/09/04 12:0 a.m.2 views

PT-2023-26450 · Unknown · Vowifiservice

Name of the Vulnerable Software and Affected Versions: vowifiservice affected versions not specified Description: The issue is related to a possible missing permission check in vowifiservice. This could lead to local denial of service with no additional execution privileges. Recommendations: At t...

5.5CVSS5.2AI score0.00076EPSS
Exploits0References3
cvelist
cvelist
added 2023/05/09 1:20 a.m.28 views

CVE-2022-47492

In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges...

5.7AI score0.00087EPSS
Exploits0References1
atlassian
atlassian
added 2020/11/04 7:26 a.m.25 views

User has access to project and repository after global permission has been removed

h3. Problem User has access to project and repository after global permission has been removed. Conversely, a user in this affected state will be greeted with "permission denied" even after the global permission has been re-granted to the user. h3. Environment - Tested on 7.5 and 7.3 h3. Steps to...

7AI score
Exploits0
citrix
citrix
added 2018/06/12 12:0 a.m.10 views

PVS configuration wizard failed to add domain\users service account into database automatically:<The EXECUTE permission was denied on the object 'uspGetServerSettings

PVS configuration wizard fails to add domain\users service account into database automatically.The EXECUTE permission was denied on the object 'uspGetServerSettings' or System.Data.SqlClient.SqlException 0x80131904: Windows NT user or group 'domain\username' not found in CDF trace. No error is...

7AI score
Exploits0
nessus
nessus
added 2014/06/13 12:0 a.m.26 views

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0057-1)

This update of java-160-openjdk improves the return value handling of JNLPSecurityManager. Prior to this update the JNLPSecurityManager silently returns in some cases when a permission was denied. CVE-2010-4351 Additionally the java path was fixed to make java work with firefox again. %NASLMINLEV...

6.8CVSS5.3AI score0.02533EPSS
Exploits0References4
Rows per page
Query Builder