Lucene search
K

33 matches found

RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

keycloak: Keycloak: Unauthorized access to resources via UMA permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.7AI score0.00166EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:17 p.m.8 views

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS0.00166EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/25 4:17 p.m.6 views

CVE-2026-9799 Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:17 p.m.6 views

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52509

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in org.keycloak.authorization allows an authenticated user who possesses a User-Managed Access UMA permission ticket for a single resource to bypass per-resource access control. By...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.6 views

CVE-2026-33068

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...

8.8CVSS5.8AI score0.00337EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 8:17 a.m.7 views

CVE-2026-33068 Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File

Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolved the permission mode from settings files, including the repo-controlled .claude/settings.json, before determining whether to display the workspace trust confirmation dialog. A malicious repository could set...

7.7CVSS6AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/03/20 8:17 a.m.590 views

CVE-2026-33068

CVE-2026-33068 affects Claude Code. Versions prior to 2.1.53 could bypass the workspace trust dialog by using permissions.defaultMode set to bypassPermissions in the repo-controlled .claude/settings.json, allowing silent trust mode on first open and enabling tool execution without user consent. T...

8.8CVSS5.9AI score0.00337EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-23240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary...

7.8CVSS7.3AI score0.01066EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.3 views

SUSE CVE-2021-23240

selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...

7.8CVSS8.4AI score0.01066EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 2023/01/30 12:0 a.m.39 views

EulerOS Virtualization 3.0.2.2 : sudo (EulerOS-SA-2023-1296)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by...

7.8CVSS6.6AI score0.01066EPSS
Exploits2References3
Rockylinux
Rockylinux
added 2023/01/23 2:30 p.m.12 views

rhc bug fix and enhancement update

An update is available for rhc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rhc package is a client tool and daemon that can connect your system to Rocky...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.31 views

NewStart CGSL MAIN 6.02 : sudo Vulnerability (NS-SA-2022-0100)

The remote NewStart CGSL host, running version MAIN 6.02, has sudo packages installed that are affected by a vulnerability: - selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a...

7.8CVSS7.3AI score0.01066EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2021/01/21 12:0 a.m.39 views

Fedora 32 : sudo (2021-234d14bfcc)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-234d14bfcc advisory. - The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a...

7.8CVSS6.9AI score0.01066EPSS
Exploits2References3
OSV
OSV
added 2021/01/12 9:15 a.m.31 views

CVE-2021-23240

selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...

7.8CVSS6.9AI score0.01066EPSS
Exploits1References8
OSV
OSV
added 2021/01/12 9:15 a.m.6 views

UBUNTU-CVE-2021-23240

selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...

7.8CVSS7.2AI score0.01066EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/01/12 9:15 a.m.386 views

CVE-2021-23240

selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...

7.8CVSS7.2AI score0.01066EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/01/12 8:17 a.m.22 views

CVE-2021-23240

selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...

8.2AI score0.01066EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2021/01/12 8:17 a.m.44 views

CVE-2021-23240

selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...

7.8CVSS8.1AI score0.01066EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/03/11 12:0 a.m.9 views

Linux: Read /etc/selinux/config (KB)

The /etc/selinux/config configuration file controls whether SELinux is enabled or disabled, and if enabled, whether SELinux operates in permissive mode or enforcing mode. The SELINUX variable may be set to any one of disabled, permissive, or enforcing to select one of these options. The disabled...

6.9AI score
Exploits0References1
Rows per page
Query Builder