On the Security of Research Artifacts

Research artifacts are widely shared to support reproducibility, and artifact evaluation AE has become common at many leading conferences. However, AE mainly checks whether artifacts work as claimed and can be reproduced. It largely overlooks potential security risks. Since these artifacts are...

CISO's Expert Guide To AI Supply Chain Attacks

AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here. TL;DR AI-enabled supply chain attacks are exploding in scale and...

EUVD-2016-10037

Malware in sbrugna...

Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability

Cisco Adaptive Security Appliance ASA CX Context-Aware Security is an add-on service module for extending the ASA platform from Cisco USA. A security vulnerability exists in the data plane IP fragment handler in the Cisco ASA CX Context-Aware Security module, which arises from the program's failu...

Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability

A vulnerability in the data plane IP fragment handler of the Adaptive Security Appliance ASA CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service DoS condition. The...

Cisco Adaptive Security Appliance CX Context-Aware Security Information Disclosure Vulnerability

The Cisco Adaptive Security Appliance ASA CX Context-Aware Security Software is an add-on service module for extending the ASA platform from Cisco USA. An information disclosure vulnerability exists in Cisco Adaptive Security Appliance CX Context-Aware Security 9.3. It allows an authenticated...

CVE-2015-6344

The web-based GUI in Cisco Adaptive Security Appliance ASA CX Context-Aware Security 9.34.1.11 allows remote authenticated users to bypass intended access restrictions and obtain sensitive user information via an unspecified HTTP request, aka Bug ID CSCuv74105...

CVE-2013-5561

The Safe Search enforcement feature in Cisco Adaptive Security Appliance ASA CX Context-Aware Security Software does not properly perform filtering, which allows remote attackers to bypass intended policy restrictions via unspecified vectors, aka Bug ID CSCui94622...

CVE-2013-5561

Cisco ASA CX Context-Aware Security Safe Search enforcement contains a bypass vulnerability (Bug CSCui94622) that could allow an unauthenticated, remote attacker to bypass security policy via crafted HTTP requests. No software update is available per Cisco advisory Cisco-SA-20131104-CVE-2013-5561...

CVE-2013-1203

Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service device reload via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Security Appliances ASA device, aka Bug ID CSCue88386...

CVE-2013-1203

Cisco ASA CX Context-Aware Security Software allows remote attackers to cause a denial of service device reload via crafted TCP packets that appear to have been forwarded by a Cisco Adaptive Security Appliances ASA device, aka Bug ID CSCue88386...

Cisco ASA-CX Context-Aware Security appliance / Cisco Prime Security Manager DoS

File resources exhaustion...

CVE-2012-4629

The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances ASA devices, and Prime Security Manager aka PRSM before 9.0.2-103, allows remote attackers to cause a denial of service disk consumption and application hang via unspecified IPv4 packets that trigger...

CVE-2012-4629

The CVE-2012-4629 issue affects Cisco ASA-CX Context-Aware Security module and Cisco Prime Security Manager (PRSM) prior to version 9.0.2-103. The vulnerability allows remote attackers to cause a denial of service (disk consumption and application hang) by sending unspecified IPv4 packets that tr...