Lucene search
K

85 matches found

Chainguard
Chainguard
added 2023/06/08 9:15 p.m.30 views

CVE-2023-29405 vulnerabilities

Vulnerabilities for packages: policy-controller, falco, kind...

9.8CVSS7AI score0.01728EPSS
Exploits0
Wolfi
Wolfi
added 2023/06/08 9:15 p.m.36 views

CVE-2023-29402 vulnerabilities

Vulnerabilities for packages: kind, falco, policy-controller...

9.8CVSS7AI score0.01708EPSS
Exploits0
Wolfi
Wolfi
added 2023/06/08 9:15 p.m.37 views

CVE-2023-29403 vulnerabilities

Vulnerabilities for packages: kind, falco, policy-controller...

7.8CVSS6.7AI score0.00432EPSS
Exploits0
Chainguard
Chainguard
added 2023/06/08 9:15 p.m.98 views

CVE-2023-29403 vulnerabilities

Vulnerabilities for packages: policy-controller, falco, kind...

7.8CVSS6.7AI score0.00432EPSS
Exploits0
Chainguard
Chainguard
added 2023/06/08 9:15 p.m.54 views

CVE-2023-29402 vulnerabilities

Vulnerabilities for packages: policy-controller, falco, kind...

9.8CVSS7AI score0.01708EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/02/27 12:0 a.m.10 views

The vulnerability in the web interface of the Cisco Application Policy Infrastructure Controller allows a attacker to execute a CSRF attack.

The vulnerability in the Cisco Application Policy Infrastructure Controller’s web management interface is related to insufficient verification of the authenticity of executed requests. Exploiting this vulnerability could allow a malicious actor to execute a CSRF attack remotely...

10CVSS7.6AI score0.00362EPSS
Exploits0References2
Veracode
Veracode
added 2022/08/05 7:34 p.m.17 views

Supply Chain Attack

Policy-controller is vulnerable to supply chain attack. Due to a flaw in the function ValidatePolicyAttestationsForAuthority, images will be reported as false positives resulting in admission in specific conditions. An attacker can use this vulnerability to run unsigned images...

8.8CVSS8.2AI score0.00523EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.5 views

sigstore Policy Controller 数据伪造问题漏洞

sigstore Policy Controller is a tool from sigstore, Inc. A data forgery issue vulnerability exists in versions prior to Policy Controller 0.2.1, which stems from a reporting false positive in Policy Controller that results in an admission when it should not have been...

8.8CVSS8AI score0.00523EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/07/11 7:50 p.m.89 views

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

9CVSS7.3AI score0.01305EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2021/12/01 12:0 a.m.5 views

The vulnerability of the endpoint of the Cisco Application Policy Infrastructure Controller, related to access control deficiencies, allows a hacker to write arbitrary files.

The vulnerability of the endpoint of the Cisco Application Policy Infrastructure Controller API is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to write arbitrary files...

9.1CVSS8.2AI score0.01303EPSS
Exploits0References2
OSV
OSV
added 2021/08/25 8:15 p.m.5 views

CVE-2021-1577

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an unauthenticated, remote attacker to read or write arbitrary files on an affected system. This vulnerability is due t...

9.1CVSS5.9AI score0.01303EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.5 views

Cisco Application Policy Infrastructure Controller 访问控制错误漏洞

Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco USA.Cisco Application Policy Infrastructure An elevation of privilege vulnerability exists in the API endpoint of the Controller, which can be exploited by an...

9CVSS5.8AI score0.01971EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/25 12:0 a.m.6 views

Cisco Application Policy Infrastructure Controller 跨站脚本漏洞

Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco USA. Controller's web UI contains a stored cross-site scripting vulnerability, which can be exploited by an attacker to execute arbitrary script code or access...

5.4CVSS5.8AI score0.00599EPSS
Exploits0References3
OSV
OSV
added 2021/02/24 8:15 p.m.7 views

CVE-2021-1388

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...

10CVSS7.5AI score0.14359EPSS
Exploits0References1
OSV
OSV
added 2019/05/03 3:29 p.m.5 views

CVE-2019-1682

A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller APIC software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain comman...

7.8CVSS7.2AI score0.00352EPSS
Exploits0References1
NVD
NVD
added 2018/07/10 6:29 p.m.36 views

CVE-2018-2440

Under certain circumstances SAP Dynamic Authorization Management DAM by NextLabs Java Policy Controller versions 7.7 and 8.5 exposes sensitive information in the application logs...

4.4CVSS4.6AI score0.00334EPSS
Exploits0References2
OSV
OSV
added 2018/07/10 6:29 p.m.6 views

CVE-2018-2440

Under certain circumstances SAP Dynamic Authorization Management DAM by NextLabs Java Policy Controller versions 7.7 and 8.5 exposes sensitive information in the application logs...

4.4CVSS5.8AI score0.00334EPSS
Exploits0References2
Prion
Prion
added 2018/07/10 6:29 p.m.17 views

Authorization

Under certain circumstances SAP Dynamic Authorization Management DAM by NextLabs Java Policy Controller versions 7.7 and 8.5 exposes sensitive information in the application logs...

2.1CVSS4.7AI score0.00334EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/07/10 6:0 p.m.37 views

CVE-2018-2440

CVE-2018-2440 affects SAP Dynamic Authorization Management (DAM) via NextLabs’ Java Policy Controller versions 7.7 and 8.5. The vulnerability description states that, under certain circumstances, sensitive information is exposed in application logs. This creates potential information disclosure, ...

4.4CVSS4.6AI score0.00334EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/11/30 9:29 a.m.4 views

CVE-2017-12352

A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privileges on an affected host operating system...

6.7CVSS6AI score
Exploits0References3
Rows per page
Query Builder