85 matches found
GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities
Vulnerabilities for packages: tflint-fips, teleport, tflint, trivy-operator, ratify-fips, falcoctl, docker-fips, ratify, kubescape-server-fips, image-factory-fips, kyverno-fips, kyverno-notation-aws, kubescape-server, tekton-chains, trivy-operator-fips, zarf-fips, aactl, kubescape,...
Important: Red Hat Security Advisory: RHTAS 1.0.1 - GA Release Of the Policy Controller Operator
The GA release of the RHTAS Policy Controller Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Policy Controller Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.1...
CVE-2026-49835 vulnerabilities
Vulnerabilities for packages: trivy-operator, goreleaser, tekton-chains, spire-server, tflint, aactl, kyverno-notation-aws, ratify, kubescape, gitsign, neuvector-sigstore-interface, falcoctl, teleport, zarf, policy-controller, trivy, tkn, crossplane, kyverno...
GHSA-9C54-X2G4-V92J vulnerabilities
Vulnerabilities for packages: trivy-operator, goreleaser, tekton-chains, spire-server, tflint, aactl, kyverno-notation-aws, ratify, kubescape, gitsign, neuvector-sigstore-interface, falcoctl, teleport, zarf, policy-controller, trivy, tkn, crossplane, kyverno...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: flux-operator, trivy-operator, istio, gomplate, docker-machine-driver-harvester, eksctl, chisel, apko, step, nfpm, kubernetes, flux-kustomize-controller, nuclei, grype, gitea, cloud-provider-aws, falcoctl, kubernetes-dashboard, skaffold, cert-manager,...
CVE-2026-13322
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...
CVE-2026-0068
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
CVE-2026-0068
In Android, CVE-2026-0068 affects PackageInstallerService.java (createSessionInternal). The vulnerability enables a local attacker to remove a DPC app from a managed device without DO consent due to persistence desync, potentially causing local elevation of privilege if a malicious app is install...
CVE-2026-0068
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
PT-2026-50231
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
EUVD-2026-33782
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
PT-2026-45576
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
ASB-A-460779368
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CLEANSTART-2026-YQ26872 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-1229, CVE-2026-24051, CVE-2026-34986, CVE-2026-39984, ghsa-78h2-9frx-2jm8, ghsa-pmwq-pjrm-6p5r, ghsa-xm5m-wgh2-rrg3 applied in versions: 0.13.1-r0, 0.15.1-r0
Multiple security vulnerabilities affect the policy-controller-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-FA95643 Security fixes for CVE-2026-33814, CVE-2026-34986, CVE-2026-39883, CVE-2026-39984, ghsa-pmwq-pjrm-6p5r applied in versions: 0.15.1-r0
Multiple security vulnerabilities affect the policy-controller package. These issues are resolved in later releases. See references for individual vulnerability details...