Lucene search
K

85 matches found

Chainguard
Chainguard
added 6 days ago8 views

GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities

Vulnerabilities for packages: tflint-fips, teleport, tflint, trivy-operator, ratify-fips, falcoctl, docker-fips, ratify, kubescape-server-fips, image-factory-fips, kyverno-fips, kyverno-notation-aws, kubescape-server, tekton-chains, trivy-operator-fips, zarf-fips, aactl, kubescape,...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added last week8 views

Important: Red Hat Security Advisory: RHTAS 1.0.1 - GA Release Of the Policy Controller Operator

The GA release of the RHTAS Policy Controller Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Policy Controller Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.1...

9.1CVSS6.5AI score0.00533EPSS
Exploits0References6
Wolfi
Wolfi
added 2026/07/01 8:21 p.m.16 views

CVE-2026-49835 vulnerabilities

Vulnerabilities for packages: trivy-operator, goreleaser, tekton-chains, spire-server, tflint, aactl, kyverno-notation-aws, ratify, kubescape, gitsign, neuvector-sigstore-interface, falcoctl, teleport, zarf, policy-controller, trivy, tkn, crossplane, kyverno...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/07/01 8:21 p.m.19 views

GHSA-9C54-X2G4-V92J vulnerabilities

Vulnerabilities for packages: trivy-operator, goreleaser, tekton-chains, spire-server, tflint, aactl, kyverno-notation-aws, ratify, kubescape, gitsign, neuvector-sigstore-interface, falcoctl, teleport, zarf, policy-controller, trivy, tkn, crossplane, kyverno...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: flux-operator, trivy-operator, istio, gomplate, docker-machine-driver-harvester, eksctl, chisel, apko, step, nfpm, kubernetes, flux-kustomize-controller, nuclei, grype, gitea, cloud-provider-aws, falcoctl, kubernetes-dashboard, skaffold, cert-manager,...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 12:4 a.m.7 views

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS5.8AI score0.00094EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:19 p.m.22 views

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 6:49 a.m.23 views

CVE-2026-0068

In Android, CVE-2026-0068 affects PackageInstallerService.java (createSessionInternal). The vulnerability enables a local attacker to remove a DPC app from a managed device without DO consent due to persistence desync, potentially causing local elevation of privilege if a malicious app is install...

10CVSS5.6AI score0.00123EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/17 6:49 a.m.8 views

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS5.5AI score0.00123EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.25 views

PT-2026-50231

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS5.5AI score0.00123EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.17 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6.2CVSS5.9AI score0.00084EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.22 views

EUVD-2026-33782

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6AI score0.00084EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.22 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6.2CVSS0.00084EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.8 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6AI score0.00084EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/01 9:14 p.m.40 views

CVE-2026-0055

CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...

6.2CVSS6AI score0.00084EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.41 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

0.00084EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.28 views

PT-2026-45576

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6AI score0.00084EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.12 views

ASB-A-460779368

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6.2CVSS6AI score0.00084EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 1:8 p.m.6 views

CLEANSTART-2026-YQ26872 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-1229, CVE-2026-24051, CVE-2026-34986, CVE-2026-39984, ghsa-78h2-9frx-2jm8, ghsa-pmwq-pjrm-6p5r, ghsa-xm5m-wgh2-rrg3 applied in versions: 0.13.1-r0, 0.15.1-r0

Multiple security vulnerabilities affect the policy-controller-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS7.2AI score0.00651EPSS
Exploits2References22
OSV
OSV
added 2026/05/18 1:8 p.m.15 views

CLEANSTART-2026-FA95643 Security fixes for CVE-2026-33814, CVE-2026-34986, CVE-2026-39883, CVE-2026-39984, ghsa-pmwq-pjrm-6p5r applied in versions: 0.15.1-r0

Multiple security vulnerabilities affect the policy-controller package. These issues are resolved in later releases. See references for individual vulnerability details...

8.8CVSS6.9AI score0.00781EPSS
Exploits1References10
Rows per page
Query Builder