71 matches found
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
EUVD-2026-33782
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...
ASB-A-460779368
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
PT-2026-45576
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CLEANSTART-2026-FA95643 Security fixes for CVE-2026-33814, CVE-2026-34986, CVE-2026-39883, CVE-2026-39984, ghsa-pmwq-pjrm-6p5r applied in versions: 0.15.1-r0
Multiple security vulnerabilities affect the policy-controller package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: crossplane, ko, buildkitd, trivy-operator, zarf, flux-source-controller, trivy, tekton-chains, skaffold, docker, tkn, slsa-verifier, policy-controller, cosign, bom, falcoctl, guac, kyverno, gh, teleport, tflint, kyverno-notation-aws, spire-server, goreleaser,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: policy-controller, buildkitd, rekor-fips, falcoctl-fips, gitsign, tflint-fips, kyverno-fips, spire-server-fips, kubescape, reports-server, trivy-operator, kyverno-notation-aws, gitlab-runner, vexctl, gitlab-runner-fips, goreleaser,...
Cisco APIC Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)
According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Application Policy Infrastructure Controller due to a signal handler race condition found in sshd, where a client does...
GHSA-XM5M-WGH2-RRG3 vulnerabilities
Vulnerabilities for packages: crossplane, ko, buildkitd, trivy-operator, zarf, flux-source-controller, trivy, sigstore-scaffolding, tekton-chains, witness, skaffold, docker, tkn, policy-controller, cosign, falcoctl, kyverno, gh, tflint, kyverno-notation-aws, spire-server, goreleaser, aactl, zot,...
CVE-2026-39984 vulnerabilities
Vulnerabilities for packages: crossplane, ko, buildkitd, trivy-operator, zarf, flux-source-controller, trivy, sigstore-scaffolding, tekton-chains, witness, skaffold, docker, tkn, policy-controller, cosign, falcoctl, kyverno, gh, tflint, kyverno-notation-aws, spire-server, goreleaser, aactl, zot,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: crossplane, kargo, ko, step-ca, rancher-agent, libnvidia-container, lazydocker, cloudnative-pg, wal-g, grafana-agent-operator, docker-credential-gcr, witness, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, promxy, crossplane-provider-sql, cerbos...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: vcluster, cloudflared, rancher-agent, restic, velero, flux-kustomize-controller, falcosidekick, witness, cloud-provider-gcp-cloud-controller-manager, terragrunt, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, xeol, cerbos,...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: vcluster, cloudflared, rancher-agent, restic, velero, flux-kustomize-controller, falcosidekick, witness, cloud-provider-gcp-cloud-controller-manager, terragrunt, splunk-otel-collector, cluster-autoscaler, kots, prometheus-adapter, xeol, cerbos,...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: rke2-runtime-fips, k8s-agents-operator, openbao-fips, kubernetes-csi-external-resizer-fips, buildkitd, cass-operator, kaniko-fips, velero, livekit-server-fips, cloudflared, kubernetes-fips, gitlab-operator-fips, cass-operator-fips,...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: rke2-runtime-fips, k8s-agents-operator, openbao-fips, kubernetes-csi-external-resizer-fips, buildkitd, cass-operator, kaniko-fips, velero, livekit-server-fips, cloudflared, kubernetes-fips, gitlab-operator-fips, cass-operator-fips,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: terraform-fips, crossplane-provider-family-azure, openbao-fips, cert-manager-cmctl, packer-fips, apko-fips, crossplane-provider-aws-dynamodb-fips, policy-controller, buildkitd, hydra, hydra-fips, tekton-pipelines-fips, crossplane-provider-aws-lambda-fips, wolfictl,...