85 matches found
CVE-2023-29405 vulnerabilities
Vulnerabilities for packages: policy-controller, falco, kind...
CVE-2023-29402 vulnerabilities
Vulnerabilities for packages: kind, falco, policy-controller...
CVE-2023-29403 vulnerabilities
Vulnerabilities for packages: kind, falco, policy-controller...
CVE-2023-29403 vulnerabilities
Vulnerabilities for packages: policy-controller, falco, kind...
CVE-2023-29402 vulnerabilities
Vulnerabilities for packages: policy-controller, falco, kind...
The vulnerability in the web interface of the Cisco Application Policy Infrastructure Controller allows a attacker to execute a CSRF attack.
The vulnerability in the Cisco Application Policy Infrastructure Controller’s web management interface is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability could allow a malicious actor to execute a CSRF attack remotely...
Supply Chain Attack
Policy-controller is vulnerable to supply chain attack. Due to a flaw in the function ValidatePolicyAttestationsForAuthority, images will be reported as false positives resulting in admission in specific conditions. An attacker can use this vulnerability to run unsigned images...
sigstore Policy Controller 数据伪造问题漏洞
sigstore Policy Controller is a tool from sigstore, Inc. A data forgery issue vulnerability exists in versions prior to Policy Controller 0.2.1, which stems from a reporting false positive in Policy Controller that results in an admission when it should not have been...
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
The vulnerability of the endpoint of the Cisco Application Policy Infrastructure Controller, related to access control deficiencies, allows a hacker to write arbitrary files.
The vulnerability of the endpoint of the Cisco Application Policy Infrastructure Controller API is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to write arbitrary files...
CVE-2021-1577
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...
Cisco Application Policy Infrastructure Controller 访问控制错误漏洞
Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco USA.Cisco Application Policy Infrastructure An elevation of privilege vulnerability exists in the API endpoint of the Controller, which can be exploited by an...
Cisco Application Policy Infrastructure Controller 跨站脚本漏洞
Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco USA. Controller's web UI contains a stored cross-site scripting vulnerability, which can be exploited by an attacker to execute arbitrary script code or access...
CVE-2021-1388
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...
CVE-2019-1682
A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller APIC software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain comman...
CVE-2018-2440
Under certain circumstances SAP Dynamic Authorization Management DAM by NextLabs Java Policy Controller versions 7.7 and 8.5 exposes sensitive information in the application logs...
CVE-2018-2440
Under certain circumstances SAP Dynamic Authorization Management DAM by NextLabs Java Policy Controller versions 7.7 and 8.5 exposes sensitive information in the application logs...
Authorization
Under certain circumstances SAP Dynamic Authorization Management DAM by NextLabs Java Policy Controller versions 7.7 and 8.5 exposes sensitive information in the application logs...
CVE-2018-2440
CVE-2018-2440 affects SAP Dynamic Authorization Management (DAM) via NextLabs’ Java Policy Controller versions 7.7 and 8.5. The vulnerability description states that, under certain circumstances, sensitive information is exposed in application logs. This creates potential information disclosure, ...
CVE-2017-12352
A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system...