Lucene search
K

64 matches found

Vulnrichment
Vulnrichment
added 2025/01/30 3:39 p.m.9 views

CVE-2025-24784 kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considere...

4.3CVSS4.4AI score0.00282EPSS
Exploits0References2
CVE
CVE
added 2025/01/30 3:39 p.m.101 views

CVE-2025-24784

CVE-2025-24784 affects kubewarden-controller (AdmissionPolicyGroup CRD) in Kubewarden. The issue enables an information leak where context aware policies can—via the ServiceAccount used to run the Policy Server—list/get resources in the cluster beyond the policy’s own scope, depending on the RBAC...

4.3CVSS4.4AI score0.00282EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.8 views

PT-2025-5568 · Unknown +1 · Kubewarden-Controller +1

Name of the Vulnerable Software and Affected Versions: kubewarden-controller versions 1.17.0 through 1.20.x Description: The issue allows an attacker to obtain information about resources that are out of their reach by leveraging a higher access to the cluster granted to the ServiceAccount token...

10CVSS6.7AI score0.02652EPSS
Exploits4References88
Rapid7 Blog
Rapid7 Blog
added 2024/10/30 1:0 p.m.13 views

The Importance of Asset Context in Attack Surface Management.

This is the last of the four blogs Help, I can’t see! A Primer for Attack Surface Management Blog Series, The Main Components of an Attack Surface Management ASM Strategy, and Understanding your Attack Surface: Different Approaches to Asset Discovery covering the foundational elements of Attack...

7.4AI score
Exploits0
CVE
CVE
added 2023/05/30 5:39 a.m.117 views

CVE-2023-33189

CVE-2023-33189 affects Pomerium, an identity and context-aware access proxy. The vulnerability arises from incorrect authorization decisions when handling specially crafted requests, enabling total impact on confidentiality, integrity, and availability per CVSS assessments. Affected versions incl...

10CVSS9.4AI score0.00921EPSS
Exploits0References8Affected Software1
Fedora
Fedora
added 2022/07/31 1:37 a.m.18 views

[SECURITY] Fedora 36 Update: open-policy-agent-0.31.0-7.fc36

An open source, general-purpose policy engine. The Open Policy Agent OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack...

1.9AI score
Exploits0
Fedora
Fedora
added 2022/07/04 1:35 a.m.26 views

[SECURITY] Fedora 36 Update: open-policy-agent-0.31.0-6.fc36

An open source, general-purpose policy engine. The Open Policy Agent OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack...

9.3CVSS8.2AI score0.05994EPSS
Exploits4
The Hacker News
The Hacker News
added 2017/08/14 2:10 a.m.16 views

IPS as a Service Blocks WannaCry Spread Across the WAN

One of the most devastating aspects of the recent WannaCry ransomware attack was its self-propagating capability exploiting a vulnerability in the file access protocol, SMB v1. Most enterprises defences are externally-facing, focused on stopping incoming email and web attacks. But, once attackers...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/02/08 12:0 a.m.5 views

Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability

Cisco Adaptive Security Appliance ASA CX Context-Aware Security is an add-on service module for extending the ASA platform from Cisco USA. A security vulnerability exists in the data plane IP fragment handler in the Cisco ASA CX Context-Aware Security module, which arises from the program's failu...

8.6CVSS6.8AI score0.02662EPSS
Exploits0References1
OSV
OSV
added 2017/02/01 7:59 p.m.3 views

CVE-2016-9225

A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance ASA CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service DoS condition. The...

8.6CVSS5.8AI score0.02662EPSS
Exploits0References3
Cisco
Cisco
added 2017/01/25 4:0 p.m.41 views

Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability

A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance ASA CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service DoS condition. The...

8.6CVSS8.5AI score0.02662EPSS
Exploits0References1
CNVD
CNVD
added 2015/11/05 12:0 a.m.7 views

Cisco Adaptive Security Appliance CX Context-Aware Security Information Disclosure Vulnerability

The Cisco Adaptive Security Appliance ASA CX Context-Aware Security Software is an add-on service module for extending the ASA platform from Cisco USA. An information disclosure vulnerability exists in Cisco Adaptive Security Appliance CX Context-Aware Security 9.3. It allows an authenticated...

4CVSS6.3AI score0.01368EPSS
Exploits0References1
NVD
NVD
added 2015/10/30 10:59 a.m.21 views

CVE-2015-6344

The web-based GUI in Cisco Adaptive Security Appliance ASA CX Context-Aware Security 9.34.1.11 allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105...

4CVSS6AI score0.01368EPSS
Exploits0References2
Prion
Prion
added 2015/04/11 1:59 a.m.16 views

Design/Logic Flaw

The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware CX Software before 9.3.2.1-9 allows remote attackers to cause a denial of service device reload by rapidly sending crafted packets to the management interface, aka Bug IDs...

7.8CVSS7.1AI score0.02318EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2015/04/11 1:0 a.m.22 views

CVE-2015-0678

The virtualization layer in Cisco ASA FirePOWER Software before 5.3.1.2 and 5.4.x before 5.4.0.1 and ASA Context-Aware CX Software before 9.3.2.1-9 allows remote attackers to cause a denial of service device reload by rapidly sending crafted packets to the management interface, aka Bug IDs...

6.6AI score0.02318EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2014/05/14 12:35 p.m.12 views

NSF Awards $15m for New Secure Internet Architecture

The National Science Foundation NSF is awarding $15 million in grants for the development, deployment and testing of future Internet architectures that are designed to enhance security, respond to emerging service challenges, and increase scalability. In 2010, the NSF Directorate for Computer and...

1.2AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2013/11/04 4:55 p.m.2 views

CVE-2013-5561

The Safe Search enforcement feature in Cisco Adaptive Security Appliance ASA CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622...

5CVSS5.6AI score0.01246EPSS
Exploits0References2
CVE
CVE
added 2013/11/04 3:0 p.m.36 views

CVE-2013-5561

Cisco ASA CX Context-Aware Security Safe Search enforcement contains a bypass vulnerability (Bug CSCui94622) that could allow an unauthenticated, remote attacker to bypass security policy via crafted HTTP requests. No software update is available per Cisco advisory Cisco-SA-20131104-CVE-2013-5561...

5CVSS7AI score0.01246EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2013/06/18 2:55 p.m.15 views

CVE-2013-1203

Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service device reload via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Security Appliances ASA device, aka Bug ID CSCue88386...

5.4CVSS6.8AI score0.0133EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/06/18 2:0 p.m.25 views

CVE-2013-1203

Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service device reload via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Security Appliances ASA device, aka Bug ID CSCue88386...

6.8AI score0.0133EPSS
Exploits0References1
Rows per page
Query Builder