382 matches found
CVE-2022-23745
CVE-2022-23745 affects Capsule Workspace Android app (on GrapheneOS). The issue is a memory corruption vulnerability in the Capsule Workspace Android app that can cause the application to crash. The available documents do not indicate any ability to read or exfiltrate sensitive data. Remediation ...
Capsule Technologies Capsule Workspace 缓冲区错误漏洞
Capsule Technologies Capsule Workspace is an Android App by Capsule Technologies, Inc. A security vulnerability exists in Capsule Technologies Capsule Workspace 8.x series versions prior to 8.2.2 that stems from the presence of a memory corruption issue...
CVE-2022-23745 - Memory corruption issue in Capsule Workspace on Android mobile devices
Symptoms A potential memory corruption issue was found in Capsule Workspace Android app running on GrapheneOS. This could result in application crashing but could not be used to gather any sensitive information. This issue was discovered and responsibly disclosed by Gabe Flawedworld and received ...
The vulnerability of the proxy-capsule-proxy module of the Capsule software tool, which allows for multi-tenancy in Kubernetes, enables attackers to increase their privileges.
The vulnerability of the capsule-proxy module of the Capsule software solution for providing multi-tenancy in Kubernetes is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
GHSA-86R3-4GQ8-XW8Q Remote Code Execution in Laravel
Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description A Remote Code Execution RCE vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in 1 destruct in \Routing\PendingResourceRegistration.php, 2 cal in...
编号撤回
Laravel, a web application framework from the Laravel Team Laravel, has a security vulnerability that stems from a vulnerability in 1 RoutingPendingResourceRegistration.php via destruct, 2 cal in QueueCapsuleManager.php and 3 the deserialization pop-up chain invoke in...
Privilege Escalation
github.com/clastix/capsule-proxy is vulnerable to privilege escalation. The vulnerability exists due to the malicious Connection header in the Kubernetes API Server allowing an unauthorized user to gain cluster-admin privileges...
WordPress Contact Form 7 – Capsule CRM – Integration plugin <= 1.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Contact Form 7 – Capsule CRM – Integration plugin versions = 1.0.4. Solution No patched version available...
WordPress Contact Form 7 – Capsule CRM – Integration plugin <= 1.0.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Contact Form 7 – Capsule CRM – Integration plugin versions = 1.0.4. Solution No patched version available...
GHSA-9CWV-CPPX-MQJM Improper Authentication in Capsule Proxy
Impact Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy. Patches Patch has been merged in the v0.2.1 release. Workaround...
Improper Authentication in Capsule Proxy
Impact Using a malicious Connection header, an attacker with a proper authentication mechanism could start a privilege escalation towards the Kubernetes API Server, being able to exploit the cluster-admin Role bound to capsule-proxy. Patches Patch has been merged in the v0.2.1 release. Workaround...
CVE-2022-23652
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
Design/Logic Flaw
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
CVE-2022-23652 Privilege escalation using hop-by-hop Connection header
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
CVE-2022-23652 Privilege escalation using hop-by-hop Connection header
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
CVE-2022-23652 Privilege escalation using hop-by-hop Connection header
capsule-proxy is a reverse proxy for Capsule Operator which provides multi-tenancy in Kubernetes. In versions prior to 0.2.1 an attacker with a proper authentication mechanism may use a malicious Connection header to start a privilege escalation attack towards the Kubernetes API Server. This...
CVE-2022-23652
Capsule-proxy (the reverse proxy for Capsule Operator) is affected. In versions prior to 0.2.1, an attacker with proper authentication can send a malicious Connection header to escalate privileges toward the Kubernetes API Server, exploiting the cluster-admin role bound to capsule-proxy. Multiple...
PT-2022-2954 · Unknown · Capsule-Proxy
Name of the Vulnerable Software and Affected Versions: capsule-proxy versions prior to 0.2.1 Description: The issue is related to the capsule-proxy, a reverse proxy for Capsule Operator that provides multi-tenancy in Kubernetes. An attacker with proper authentication may use a malicious Connectio...
capsule-proxy 授权问题漏洞
The capsule-proxy is designed to allow overcoming the limitations of the Kubernetes API Server in listing the cluster-wide resources it owns, such as Namespace, Ingress and Storage Classes, Nodes, and other resources covered by the Capsule. A security vulnerability in capsule-proxy versions prior...
CVE-2021-25035
CVE-2021-25035 affects the WordPress plugin “Backup and Staging by WP Time Capsule” (versions before 1.22.7). The issue is caused by insufficient sanitization/escaping of the error parameter when it is output on an admin page, resulting in a reflected XSS. Several sources (NVD, CVE List, Red Hat,...