71 matches found
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
EUVD-2026-33782
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...
ASB-A-460779368
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
PT-2026-45576
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CLEANSTART-2026-FA95643 Security fixes for CVE-2026-33814, CVE-2026-34986, CVE-2026-39883, CVE-2026-39984, ghsa-pmwq-pjrm-6p5r applied in versions: 0.15.1-r0
Multiple security vulnerabilities affect the policy-controller package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: falcoctl, slsa-verifier, vexctl, docker-compose, ko, trivy-operator, cosign, kyverno, zot, goreleaser, skaffold, rekor, zarf, neuvector-sigstore-interface, docker, tkn, flux-source-controller, gh, gitsign, buildkitd, aactl, tekton-chains, kubescape, docker-cli-buildx...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: flux-source-controller-fips, zot, trivy-fips, skaffold, docker-compose, gh, ko, kyverno-policy-reporter-plugins-kyverno, falcoctl, kyverno-fips, docker-cli-buildx, gitlab-runner, kubescape-server-fips, tekton-chains-fips, dagger, cg, reports-server, goreleaser, ratif...
Cisco APIC Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)
According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Application Policy Infrastructure Controller due to a signal handler race condition found in sshd, where a client does...
GHSA-XM5M-WGH2-RRG3 vulnerabilities
Vulnerabilities for packages: falcoctl, vexctl, ko, trivy-operator, cosign, kyverno, zot, goreleaser, skaffold, zarf, neuvector-sigstore-interface, docker, tkn, flux-source-controller, gh, gitsign, buildkitd, aactl, tekton-chains, kubescape, docker-cli-buildx, crossplane, kyverno-notation-aws,...
CVE-2026-39984 vulnerabilities
Vulnerabilities for packages: falcoctl, vexctl, ko, trivy-operator, cosign, kyverno, zot, goreleaser, skaffold, zarf, neuvector-sigstore-interface, docker, tkn, flux-source-controller, gh, gitsign, buildkitd, aactl, tekton-chains, kubescape, docker-cli-buildx, crossplane, kyverno-notation-aws,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: flannel, slsa-verifier, vexctl, vault-benchmark, docker-machine-driver-harvester, xeol, argo-rollouts, cue, kubescape-operator, aws-node-termination-handler, crossplane-provider-azure-authorization, ingress-nginx-controller, cluster-api-provider-vsphere,...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: kube-metrics-adapter, xeol, terraform-mcp-server, kubescape-operator, aws-node-termination-handler, grafana-alloy, cluster-api-provider-vsphere, kube-rbac-proxy, kaniko, k9s, steampipe, kine, falco-no-driver, azurefile-csi, kyverno-policy-reporter, zot, otel-cli,...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: kube-metrics-adapter, xeol, terraform-mcp-server, kubescape-operator, aws-node-termination-handler, grafana-alloy, cluster-api-provider-vsphere, kube-rbac-proxy, kaniko, k9s, steampipe, kine, falco-no-driver, azurefile-csi, kyverno-policy-reporter, zot, otel-cli,...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: agentbeat, zot, jaeger-operator, rancher-support-bundle-kit, skaffold, clickhouse-operator, grafana-rollout-operator, kube-logging-operator, kyverno-fips, op-geth, spicedb-fips, cloudflared, docker-cli-buildx, bento-fips, keda-fips, harbor-fips, azuredisk-csi-fips,...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: agentbeat, zot, jaeger-operator, rancher-support-bundle-kit, skaffold, clickhouse-operator, grafana-rollout-operator, kube-logging-operator, kyverno-fips, op-geth, spicedb-fips, cloudflared, docker-cli-buildx, bento-fips, keda-fips, harbor-fips, azuredisk-csi-fips,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: flux-source-controller-fips, helm-push, zot, argocd-image-updater, extism, crossplane-provider-aws-kms, trivy-fips, skaffold, omni, boring-registry, rancher-fleet, flux-helm-controller-fips, q, terraform, vcluster, helm-diff-fips, apko,...