Lucene search
K

382 matches found

CVE
CVE
added 2022/07/18 4:9 p.m.69 views

CVE-2022-23745

CVE-2022-23745 affects Capsule Workspace Android app (on GrapheneOS). The issue is a memory corruption vulnerability in the Capsule Workspace Android app that can cause the application to crash. The available documents do not indicate any ability to read or exfiltrate sensitive data. Remediation ...

7.5CVSS7.5AI score0.14923EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.4 views

Capsule Technologies Capsule Workspace 缓冲区错误漏洞

Capsule Technologies Capsule Workspace is an Android App by Capsule Technologies, Inc. A security vulnerability exists in Capsule Technologies Capsule Workspace 8.x series versions prior to 8.2.2 that stems from the presence of a memory corruption issue...

7.5CVSS7.3AI score0.14923EPSS
Exploits0References2
CheckPoint Security
CheckPoint Security
added 2022/07/03 8:44 p.m.29 views

CVE-2022-23745 - Memory corruption issue in Capsule Workspace on Android mobile devices

Symptoms A potential memory corruption issue was found in Capsule Workspace Android app running on GrapheneOS. This could result in application crashing but could not be used to gather any sensitive information. This issue was discovered and responsibly disclosed by Gabe Flawedworld and received ...

2AI score0.14923EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/22 12:0 a.m.9 views

The vulnerability of the proxy-capsule-proxy module of the Capsule software tool, which allows for multi-tenancy in Kubernetes, enables attackers to increase their privileges.

The vulnerability of the capsule-proxy module of the Capsule software solution for providing multi-tenancy in Kubernetes is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

9CVSS7.5AI score0.01375EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/04/09 12:0 a.m.486 views

GHSA-86R3-4GQ8-XW8Q Remote Code Execution in Laravel

Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description A Remote Code Execution RCE vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in 1 destruct in \Routing\PendingResourceRegistration.php, 2 cal in...

9.8CVSS9.6AI score
Exploits2References3
CNNVD
CNNVD
added 2022/04/08 12:0 a.m.5 views

编号撤回

Laravel, a web application framework from the Laravel Team Laravel, has a security vulnerability that stems from a vulnerability in 1 RoutingPendingResourceRegistration.php via destruct, 2 cal in QueueCapsuleManager.php and 3 the deserialization pop-up chain invoke in...

5.6AI score
Exploits2
Veracode
Veracode
added 2022/02/28 7:59 a.m.16 views

Privilege Escalation

github.com/clastix/capsule-proxy is vulnerable to privilege escalation. The vulnerability exists due to the malicious Connection header in the Kubernetes API Server allowing an unauthorized user to gain cluster-admin privileges...

8.8CVSS3.3AI score0.01375EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Contact Form 7 – Capsule CRM – Integration plugin <= 1.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Contact Form 7 – Capsule CRM – Integration plugin versions = 1.0.4. Solution No patched version available...

4.1AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Contact Form 7 – Capsule CRM – Integration plugin <= 1.0.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 – Capsule CRM – Integration plugin versions = 1.0.4. Solution No patched version available...

3.1AI score
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/23 9:17 p.m.22 views

GHSA-9CWV-CPPX-MQJM Improper Authentication in Capsule Proxy

Impact Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy. Patches Patch has been merged in the v0.2.1 release. Workaround...

8.8CVSS8.8AI score0.01375EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/02/23 9:17 p.m.30 views

Improper Authentication in Capsule Proxy

Impact Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy. Patches Patch has been merged in the v0.2.1 release. Workaround...

8.8CVSS2.9AI score0.01375EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/02/22 8:15 p.m.26 views

CVE-2022-23652

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS0.01375EPSS
Exploits1References3
Prion
Prion
added 2022/02/22 8:15 p.m.9 views

Design/Logic Flaw

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

6.5CVSS8.8AI score0.01375EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/22 7:55 p.m.21 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS8.7AI score0.01375EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/02/22 7:55 p.m.6 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS8.9AI score0.01375EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/22 7:55 p.m.25 views

CVE-2022-23652 Privilege escalation using hop-by-hop Connection header

capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...

8.8CVSS9.1AI score0.01375EPSS
Exploits1References3
CVE
CVE
added 2022/02/22 7:55 p.m.734 views

CVE-2022-23652

Capsule-proxy (the reverse proxy for Capsule Operator) is affected. In versions prior to 0.2.1, an attacker with proper authentication can send a malicious Connection header to escalate privileges toward the Kubernetes API Server, exploiting the cluster-admin role bound to capsule-proxy. Multiple...

8.8CVSS8.8AI score0.01375EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/22 12:0 a.m.1 views

PT-2022-2954 · Unknown · Capsule-Proxy

Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.2.1 Description: The issue is related to the capsule-proxy, a reverse proxy for Capsule Operator that provides multi-tenancy in Kubernetes. An attacker with proper authentication may use a malicious Connectio...

9CVSS7.6AI score0.01375EPSS
Exploits1References11
CNNVD
CNNVD
added 2022/02/22 12:0 a.m.4 views

capsule-proxy 授权问题漏洞

The capsule-proxy is designed to allow overcoming the limitations of the Kubernetes API Server in listing the cluster-wide resources it owns, such as Namespace, Ingress and Storage Classes, Nodes, and other resources covered by the Capsule. A security vulnerability in capsule-proxy versions prior...

8.8CVSS7.8AI score0.01375EPSS
Exploits1References5
CVE
CVE
added 2022/01/24 8:1 a.m.44 views

CVE-2021-25035

CVE-2021-25035 affects the WordPress plugin “Backup and Staging by WP Time Capsule” (versions before 1.22.7). The issue is caused by insufficient sanitization/escaping of the error parameter when it is output on an admin page, resulting in a reflected XSS. Several sources (NVD, CVE List, Red Hat,...

6.1CVSS6AI score0.00887EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder