Lucene search
+L

42 matches found

Vulnrichment
Vulnrichment
added 2025/12/30 8:17 p.m.2 views

CVE-2025-14986 ExecuteMultiOperation Namespace Policy Bypass

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

5.3CVSS6.5AI score0.00415EPSS
Exploits0References3
CVE
CVE
added 2025/12/30 8:17 p.m.18 views

CVE-2025-14986

Temporal contains a namespace policy bypass vulnerability where, when frontend.enableExecuteMultiOperation is on, validation and feature gating for an embedded StartWorkflowExecutionRequest are evaluated against the embedded request’s Namespace instead of the outer ExecuteMultiOperationRequest.Na...

5.3CVSS6.5AI score0.00415EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2014-8989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users t...

4.6CVSS6.4AI score0.00494EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/08/18 9:0 p.m.13 views

Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...

9CVSS7.9AI score0.00437EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/15 11:42 p.m.12 views

CVE-2025-55196

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...

7.1CVSS6.5AI score0.00348EPSS
Exploits0References1
OSV
OSV
added 2025/08/13 10:54 p.m.7 views

CVE-2025-55196 External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access

External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...

7.1CVSS6.2AI score0.00348EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-0492

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in the Linux kernel's cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allow...

7.8CVSS6.6AI score0.05528EPSS
Exploits12References2
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.2 views

PT-2023-27910 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.14.2 Cilium versions prior to 1.13.7 Cilium versions prior to 1.12.14 Description: An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace can affect traffic on an enti...

8.1CVSS6.8AI score0.00408EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.2 views

SUSE CVE-2010-2946

fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning of a name...

2.1CVSS6.4AI score0.00426EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.6 views

SUSE CVE-2021-43784

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

5CVSS7.2AI score0.01677EPSS
Exploits1References19
RedHat Linux
RedHat Linux
added 2022/05/18 4:27 p.m.12 views

kernel: cgroups v1 release_agent feature may allow privilege escalation

A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...

7.8CVSS6.6AI score0.05528EPSS
Exploits12References6
RedHat Linux
RedHat Linux
added 2022/05/11 1:25 p.m.9 views

kernel: cgroups v1 release_agent feature may allow privilege escalation

A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...

7.8CVSS6.6AI score0.05528EPSS
Exploits12References6
RedHat Linux
RedHat Linux
added 2022/04/20 4:26 p.m.4 views

kernel: cgroups v1 release_agent feature may allow privilege escalation

A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...

7.8CVSS6.6AI score0.05528EPSS
Exploits12References6
RedHat Linux
RedHat Linux
added 2022/03/10 3:15 p.m.2 views

kernel: cgroups v1 release_agent feature may allow privilege escalation

A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...

7.8CVSS6.6AI score0.05528EPSS
Exploits12References6
OSV
OSV
added 2022/03/03 7:15 p.m.5 views

AZL-8966 CVE-2022-0492 affecting package kernel for versions less than 5.15.26.1-2

A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...

7.8CVSS6.9AI score0.05528EPSS
Exploits12References1
OSV
OSV
added 2022/02/08 12:0 a.m.12 views

UBUNTU-CVE-2022-0492

A vulnerability was found in the Linux kernel’s cgroupreleaseagentwrite in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 releaseagent feature to escalate privileges and bypass the namespace isolation unexpectedly...

7.8CVSS6.6AI score0.05528EPSS
Exploits12References13
Tenable Nessus
Tenable Nessus
added 2021/12/27 12:0 a.m.31 views

openSUSE 15 Security Update : runc (openSUSE-SU-2021:1625-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1625-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a...

6CVSS7.5AI score0.01677EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2021/12/06 6:15 p.m.2 views

CVE-2021-43784

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

6CVSS6.8AI score0.01677EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2021/12/06 6:15 p.m.2 views

DEBIAN-CVE-2021-43784

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code responsible for the based namespace setup of container...

5CVSS6.7AI score0.01677EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/01/13 2:27 p.m.5 views

Mozilla: Bypass of @namespace CSS sanitization during pasting

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

6.1CVSS7.3AI score0.01988EPSS
Exploits0References5
Rows per page
Query Builder