Filtered by vendor Redhat Subscriptions
Filtered by product Pdrive Lightspeed Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-15584 1 Redhat 1 Pdrive Lightspeed 2026-07-13 7.5 High
A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any user with the standard edit role can exec into them and obtain root access on cluster nodes.
CVE-2026-13083 1 Redhat 1 Pdrive Lightspeed 2026-06-27 6.9 Medium
A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report.
CVE-2026-44604 1 Redhat 8 Enterprise Linux, Hardened Images, Hummingbird and 5 more 2026-06-23 7 High
A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction.