Linux Distros Unpatched Vulnerability : CVE-2022-24778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by...

Linux Distros Unpatched Vulnerability : CVE-2015-8709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace,...

GHSA-FCPM-6MXQ-M5VV Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...

Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...

CVE-2025-55205

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the OnUpdate function in the patch.go file. An attacker can gain unauthorized access to system namespaces and potentially escalate privileges by injecting arbitrary labels into protected namespaces through...

CVE-2025-55205

CVE-2025-55205 concerns Capsule (Kubernetes multi-tenant framework). Affected: Capsule v0.10.3 and earlier; fixed in v0.10.4. Vulnerability: authenticated tenant users can inject arbitrary labels into system namespaces (e.g., kube-system, default, capsule-system) via namespace labeling, bypassing...

CVE-2025-55205 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

CVE-2025-55205 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

PT-2025-33668

Name of the Vulnerable Software and Affected Versions: Capsule versions prior to 0.10.4 Description: Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection issue in earlier versions allows authenticated tenant users to inject arbitrary labels into system...

Linux Distros Unpatched Vulnerability : CVE-2020-13753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could...

Linux Distros Unpatched Vulnerability : CVE-2021-22262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from...

firejail

This repository is an open-source Linux sandboxing platform called Firejail. It is a Linux namespaces and seccomp-bpf sandbox that allows users to run applications in a secure environment, isolating them from the rest of the system. The repository contains a variety of tools and scripts for...

Linux Distros Unpatched Vulnerability : CVE-2021-4197

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less...

Linux Distros Unpatched Vulnerability : CVE-2022-24122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because...

Linux Distros Unpatched Vulnerability : CVE-2017-17448

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/netfilter/nfnetlinkcthelper.c in the Linux kernel through 4.14.4 does not require the CAPNETADMIN capability for new, get, and del operations, which allows...

kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done

A vulnerability was found in the Linux kernel's management of network namespaces. By manipulating the lifecycle of network namespaces, an attacker could exploit this vulnerability to cause a system crash or leak sensitive system memory. Exploitation of this vulnerability requires that a user has...

Linux Distros Unpatched Vulnerability : CVE-2021-3493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an...

Linux Distros Unpatched Vulnerability : CVE-2024-35884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is...

Linux Distros Unpatched Vulnerability : CVE-2022-1055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free exists in the Linux Kernel in tcnewtfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged us...