Lucene search
+L

85 matches found

cgr
cgr
added 6 days ago8 views

GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities

Vulnerabilities for packages: spire-server-fips, ratify, cloudbeat, tkn-fips, falcoctl, tbot, policy-controller-fips, tflint, kubescape-server-fips, image-factory-fips, aactl, tekton-chains-fips, crossplane, teleport, cloudbeat-fips, crossplane-fips, teleport-operator-fips, tekton-chains,...

6.1AI score
Exploits0
redhat
redhat
added last week8 views

Important: Red Hat Security Advisory: RHTAS 1.0.1 - GA Release Of the Policy Controller Operator

The GA release of the RHTAS Policy Controller Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Policy Controller Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.1...

9.1CVSS6.5AI score0.00533EPSS
Exploits0References6
wolfi
wolfi
added 2026/07/01 8:21 p.m.19 views

GHSA-9C54-X2G4-V92J vulnerabilities

Vulnerabilities for packages: trivy-operator, goreleaser, zarf, teleport, policy-controller, spire-server, ratify, falcoctl, crossplane, tekton-chains, neuvector-sigstore-interface, aactl, trivy, gitsign, tflint, kyverno-notation-aws, kyverno, kubescape, tkn...

6.1AI score
Exploits0
wolfi
wolfi
added 2026/07/01 8:21 p.m.16 views

CVE-2026-49835 vulnerabilities

Vulnerabilities for packages: trivy-operator, goreleaser, zarf, teleport, policy-controller, spire-server, ratify, falcoctl, crossplane, tekton-chains, neuvector-sigstore-interface, aactl, trivy, gitsign, tflint, kyverno-notation-aws, kyverno, kubescape, tkn...

6.1AI score
Exploits0
wolfi
wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: terragrunt, kaf, witness, ksops, terraform-provider-tls, teleport, helm, zot, prometheus, crossplane-provider-family-azure, gitea, k8sgpt, steampipe, grype, terraform-provider-azurerm, cosign, flux, prometheus-operator, aactl, cilium, chisel, trivy, kyverno,...

6.1AI score
Exploits0
redhatcve
redhatcve
added 2026/06/26 12:4 a.m.8 views

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS5.8AI score0.00094EPSS
Exploits0References3
nvd
nvd
added 2026/06/17 1:19 p.m.22 views

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS0.00123EPSS
Exploits0References1
cve
cve
added 2026/06/17 6:49 a.m.23 views

CVE-2026-0068

In Android, CVE-2026-0068 affects PackageInstallerService.java (createSessionInternal). The vulnerability enables a local attacker to remove a DPC app from a managed device without DO consent due to persistence desync, potentially causing local elevation of privilege if a malicious app is install...

10CVSS5.6AI score0.00123EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/06/17 6:49 a.m.8 views

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS5.5AI score0.00123EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.25 views

PT-2026-50231

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS5.5AI score0.00123EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/02 10:2 p.m.17 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6.2CVSS5.9AI score0.00084EPSS
Exploits0References1
euvd
euvd
added 2026/06/02 12:31 a.m.22 views

EUVD-2026-33782

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6AI score0.00084EPSS
Exploits0References2
nvd
nvd
added 2026/06/01 10:16 p.m.23 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6.2CVSS0.00084EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/01 9:14 p.m.8 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6AI score0.00084EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/01 9:14 p.m.40 views

CVE-2026-0055

CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...

6.2CVSS6AI score0.00084EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/01 9:14 p.m.41 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

0.00084EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.28 views

PT-2026-45576

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6AI score0.00084EPSS
Exploits0References2
osv
osv
added 2026/06/01 12:0 a.m.12 views

ASB-A-460779368

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6.2CVSS6AI score0.00084EPSS
Exploits0References2
osv
osv
added 2026/05/18 1:8 p.m.6 views

CLEANSTART-2026-YQ26872 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-1229, CVE-2026-24051, CVE-2026-34986, CVE-2026-39984, ghsa-78h2-9frx-2jm8, ghsa-pmwq-pjrm-6p5r, ghsa-xm5m-wgh2-rrg3 applied in versions: 0.13.1-r0, 0.15.1-r0

Multiple security vulnerabilities affect the policy-controller-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS7.2AI score0.00651EPSS
Exploits2References22
osv
osv
added 2026/05/18 1:8 p.m.15 views

CLEANSTART-2026-FA95643 Security fixes for CVE-2026-33814, CVE-2026-34986, CVE-2026-39883, CVE-2026-39984, ghsa-pmwq-pjrm-6p5r applied in versions: 0.15.1-r0

Multiple security vulnerabilities affect the policy-controller package. These issues are resolved in later releases. See references for individual vulnerability details...

8.8CVSS6.9AI score0.00781EPSS
Exploits1References10
Rows per page
Query Builder