85 matches found
GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities
Vulnerabilities for packages: spire-server-fips, ratify, cloudbeat, tkn-fips, falcoctl, tbot, policy-controller-fips, tflint, kubescape-server-fips, image-factory-fips, aactl, tekton-chains-fips, crossplane, teleport, cloudbeat-fips, crossplane-fips, teleport-operator-fips, tekton-chains,...
Important: Red Hat Security Advisory: RHTAS 1.0.1 - GA Release Of the Policy Controller Operator
The GA release of the RHTAS Policy Controller Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Policy Controller Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.1...
GHSA-9C54-X2G4-V92J vulnerabilities
Vulnerabilities for packages: trivy-operator, goreleaser, zarf, teleport, policy-controller, spire-server, ratify, falcoctl, crossplane, tekton-chains, neuvector-sigstore-interface, aactl, trivy, gitsign, tflint, kyverno-notation-aws, kyverno, kubescape, tkn...
CVE-2026-49835 vulnerabilities
Vulnerabilities for packages: trivy-operator, goreleaser, zarf, teleport, policy-controller, spire-server, ratify, falcoctl, crossplane, tekton-chains, neuvector-sigstore-interface, aactl, trivy, gitsign, tflint, kyverno-notation-aws, kyverno, kubescape, tkn...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: terragrunt, kaf, witness, ksops, terraform-provider-tls, teleport, helm, zot, prometheus, crossplane-provider-family-azure, gitea, k8sgpt, steampipe, grype, terraform-provider-azurerm, cosign, flux, prometheus-operator, aactl, cilium, chisel, trivy, kyverno,...
CVE-2026-13322
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...
CVE-2026-0068
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
CVE-2026-0068
In Android, CVE-2026-0068 affects PackageInstallerService.java (createSessionInternal). The vulnerability enables a local attacker to remove a DPC app from a managed device without DO consent due to persistence desync, potentially causing local elevation of privilege if a malicious app is install...
CVE-2026-0068
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
PT-2026-50231
In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
EUVD-2026-33782
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-0055
CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...
CVE-2026-0055
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
PT-2026-45576
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
ASB-A-460779368
In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CLEANSTART-2026-YQ26872 Security fixes for CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-1229, CVE-2026-24051, CVE-2026-34986, CVE-2026-39984, ghsa-78h2-9frx-2jm8, ghsa-pmwq-pjrm-6p5r, ghsa-xm5m-wgh2-rrg3 applied in versions: 0.13.1-r0, 0.15.1-r0
Multiple security vulnerabilities affect the policy-controller-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-FA95643 Security fixes for CVE-2026-33814, CVE-2026-34986, CVE-2026-39883, CVE-2026-39984, ghsa-pmwq-pjrm-6p5r applied in versions: 0.15.1-r0
Multiple security vulnerabilities affect the policy-controller package. These issues are resolved in later releases. See references for individual vulnerability details...