42 matches found
CVE-2025-14986 ExecuteMultiOperation Namespace Policy Bypass
When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...
CVE-2025-14986
Temporal contains a namespace policy bypass vulnerability where, when frontend.enableExecuteMultiOperation is on, validation and feature gating for an embedded StartWorkflowExecutionRequest are evaluated against the embedded request’s Namespace instead of the outer ExecuteMultiOperationRequest.Na...
Linux Distros Unpatched Vulnerability : CVE-2014-8989
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users t...
Capsule tenant owners with "patch namespace" permission can hijack system namespaces label
Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...
CVE-2025-55196
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...
CVE-2025-55196 External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...
Linux Distros Unpatched Vulnerability : CVE-2022-0492
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in the Linux kernel's cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allow...
PT-2023-27910 · Cilium · Cilium
Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.14.2 Cilium versions prior to 1.13.7 Cilium versions prior to 1.12.14 Description: An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace can affect traffic on an enti...
SUSE CVE-2010-2946
fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name...
SUSE CVE-2021-43784
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...
kernel: cgroups v1 release_agent feature may allow privilege escalation
A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...
kernel: cgroups v1 release_agent feature may allow privilege escalation
A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...
kernel: cgroups v1 release_agent feature may allow privilege escalation
A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...
kernel: cgroups v1 release_agent feature may allow privilege escalation
A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...
AZL-8966 CVE-2022-0492 affecting package kernel for versions less than 5.15.26.1-2
A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...
UBUNTU-CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...
openSUSE 15 Security Update : runc (openSUSE-SU-2021:1625-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1625-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a...
CVE-2021-43784
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...
DEBIAN-CVE-2021-43784
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...
Mozilla: Bypass of @namespace CSS sanitization during pasting
When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...