78 matches found
CVE-2026-0068
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
CVE-2026-0068
In Android, CVE-2026-0068 affects PackageInstallerService.java (createSessionInternal). The vulnerability enables a local attacker to remove a DPC app from a managed device without DO consent due to persistence desync, potentially causing local elevation of privilege if a malicious app is install...
CVE-2026-0068
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
PT-2026-50231
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
EUVD-2026-33782
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
PT-2026-45576
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
ASB-A-460779368
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CLEANSTART-2026-FA95643 Security fixes for CVE-2026-33814, CVE-2026-34986, CVE-2026-39883, CVE-2026-39984, ghsa-pmwq-pjrm-6p5r applied in versions: 0.15.1-r0
Multiple security vulnerabilities affect the policy-controller package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: trivy, tekton-chains, guac, tkn, gh, falcoctl, crossplane, slsa-verifier, docker-compose, dagger, zarf, neuvector-sigstore-interface, bom, tflint, gitlab-runner, kubescape, spire-server, zot, cosign, docker, trivy-operator, policy-controller, flux-source-controller,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: trivy-operator-fips, trivy, tflint-fips, buildkitd-fips, tekton-chains-fips, crossplane, policy-controller, zot, cosign, gitsign, docker-cli-buildx-fips, docker, zarf, docker-compose-fips, kubescape-server, dagger, kyverno-policy-reporter-plugins-kyverno-fips, ko-fip...
Cisco APIC Remote Code Execution Vulnerability (regreSSHion) (cisco cisco-sa-openssh-rce-2024)
According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Application Policy Infrastructure Controller due to a signal handler race condition found in sshd, where a client does...
GHSA-XM5M-WGH2-RRG3 vulnerabilities
Vulnerabilities for packages: trivy, tekton-chains, tkn, gh, falcoctl, crossplane, zarf, neuvector-sigstore-interface, sigstore-scaffolding, tflint, kubescape, spire-server, zot, witness, cosign, docker, trivy-operator, policy-controller, flux-source-controller, vexctl, ko, skaffold, kyverno,...
CVE-2026-39984 vulnerabilities
Vulnerabilities for packages: trivy, tekton-chains, tkn, gh, falcoctl, crossplane, zarf, neuvector-sigstore-interface, sigstore-scaffolding, tflint, kubescape, spire-server, zot, witness, cosign, docker, trivy-operator, policy-controller, flux-source-controller, vexctl, ko, skaffold, kyverno,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: helm, filebrowser, kserve-rest-proxy, verticadb-operator, wal-g, tkn, litestream, secrets-store-csi-driver, mesosphere-vsphere-csi, terraform-docs, keda, flux, falcoctl, slsa-verifier, envoy-ratelimit, scorecard, kserve-modelmesh-serving, kube-state-metrics,...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: verticadb-operator, tekton-chains, tkn, secrets-store-csi-driver, keda, ratify, flux, falcoctl, slsa-verifier, aws-otel-collector, envoy-ratelimit, scorecard, kube-state-metrics, newrelic-infrastructure-agent, dagger, sftpgo-plugin-pubsub, splunk-otel-collector,...