Lucene search
+L

15 matches found

cvelist
cvelist
added 2026/04/10 4:3 p.m.29 views

CVE-2026-35649 OpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist

OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access...

6.5CVSS0.00278EPSS
Exploits0References4
osv
osv
added 2026/04/10 4:3 p.m.3 views

CVE-2026-35649 OpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist

OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access...

6.3CVSS6AI score0.00278EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/04/10 12:0 a.m.14 views

PT-2026-31960

OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny-all revocations by exploiting empty allowlist handling. The vulnerability treats explicit empty allowlists as unset during reconciliation, silently undoing intended access...

6.5CVSS5.8AI score0.00278EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/01/29 3:19 p.m.10 views

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS5.9AI score0.00133EPSS
Exploits0References1
osv
osv
added 2026/01/28 3:16 p.m.6 views

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS5.8AI score0.00133EPSS
Exploits0References1
nvd
nvd
added 2026/01/28 3:16 p.m.13 views

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS0.00133EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/01/28 3:16 p.m.8 views

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS5.9AI score0.00133EPSS
Exploits0References2
cvelist
cvelist
added 2026/01/28 3:1 p.m.27 views

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS0.00133EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/01/28 3:1 p.m.8 views

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS5.9AI score0.00133EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/01/28 3:1 p.m.11 views

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

2.1CVSS5.9AI score0.00133EPSS
Exploits0References2
cve
cve
added 2026/01/28 3:1 p.m.26 views

CVE-2026-1237

Summary: CVE-2026-1237 describes a vulnerability in Juju where broken cross-model authorization allows a charm to retain access after permissions are revoked or expired by minting an invalid macaroon that the controller erroneously accepts. The root cause is that the Juju controller may fail to v...

2.1CVSS5.9AI score0.00133EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/01/28 12:0 a.m.10 views

PT-2026-5129

Name of the Vulnerable Software and Affected Versions juju affected versions not specified Description A flaw exists in juju related to cross-model authorization. If permissions for a charm in a cross-model relation are revoked or expire, a malicious user capable of updating database records can...

2.1CVSS5.8AI score0.00133EPSS
Exploits0References10
snyk
snyk
added 2026/01/06 1:53 a.m.1 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the SFTP access control process. An attacker can maintain unauthorized access to files by remaining connected to SFTP after their permissions have been revoked or after the game server has been deleted...

7.5CVSS6.9AI score0.00218EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/23 3:48 a.m.7 views

CVE-2023-32357

An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permissio...

7.1CVSS5.4AI score0.00248EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/11/19 6:0 p.m.10 views

CVE-2023-21270

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User...

7.1AI score0.00082EPSS
Exploits0References1
Rows per page
Query Builder