SUSE-SU-2025:20712-1 Security update for kernel-livepatch-MICRO-6-0_Update_5

This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579 - CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltr...

SUSE-SU-2025:20763-1 Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579 - CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltr...

SUSE-SU-2025:20699-1 Security update for kernel-livepatch-MICRO-6-0_Update_4

This update for kernel-livepatch-MICRO-6-0Update4 fixes the following issues: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579 - CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltr...

Linux Distros Unpatched Vulnerability : CVE-2011-0149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middl...

Namespace Label Injection

github.com/projectcapsule/capsule is vulnerable to namespace label injection. The vulnerability is due to improper validation of labels in system namespaces, which allows an attacker to inject arbitrary labels, bypass multi-tenant isolation, and escalate privileges to access cross-tenant resource...

Linux Distros Unpatched Vulnerability : CVE-2025-38499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a moun...

Privilege Escalation

github.com/openbao/openbao is vulnerable to Privilege Escalation. The vulnerability is due to accounts with access to privileged identity entity systems in root namespaces being able to escalate privileges to the global root policy...

GO-2025-3893 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label in github.com/projectcapsule/capsule

Capsule tenant owners with "patch namespace" permission can hijack system namespaces label in github.com/projectcapsule/capsule...

Linux Distros Unpatched Vulnerability : CVE-2017-18926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - raptorxmlwriterstartelementcommon in raptorxmlwriter.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer,...

Linux Distros Unpatched Vulnerability : CVE-2022-24778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by...

Linux Distros Unpatched Vulnerability : CVE-2015-8709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace,...

Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...

GHSA-FCPM-6MXQ-M5VV Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...

CVE-2025-55205

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the OnUpdate function in the patch.go file. An attacker can gain unauthorized access to system namespaces and potentially escalate privileges by injecting arbitrary labels into protected namespaces through...

CVE-2025-55205 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

CVE-2025-55205

CVE-2025-55205 concerns Capsule (Kubernetes multi-tenant framework). Affected: Capsule v0.10.3 and earlier; fixed in v0.10.4. Vulnerability: authenticated tenant users can inject arbitrary labels into system namespaces (e.g., kube-system, default, capsule-system) via namespace labeling, bypassing...

CVE-2025-55205 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

PT-2025-33668

Name of the Vulnerable Software and Affected Versions: Capsule versions prior to 0.10.4 Description: Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection issue in earlier versions allows authenticated tenant users to inject arbitrary labels into system...

Linux Distros Unpatched Vulnerability : CVE-2020-13753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could...