Lucene search
K

330 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-48750

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - incus - None lxd - None Ubuntu Linux - security update CVE-2026-48750 Note that Nessus relies on the presence of the package as reported by the...

5.8AI score
Exploits0References3
Circl
Circl
added 2026/06/26 8:35 p.m.7 views

CVE-2026-48750

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:25+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-73hr-m85f-64v9 2026-07-07 20:44:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq3htunogl2b...

5.9AI score
Exploits0References2
Circl
Circl
added 2026/06/26 8:35 p.m.7 views

CVE-2026-48751

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:22+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-48q5-w887-33wv 2026-07-07 20:50:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq3i6l345g2h...

5.9AI score
Exploits0References2
Circl
Circl
added 2026/06/26 8:35 p.m.7 views

CVE-2026-48753

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:17+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-ccjc-4qc3-jxqc 2026-07-07 20:46:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq3hxgxr2u24...

5.9AI score0.00091EPSS
Exploits0References2
Circl
Circl
added 2026/06/26 8:35 p.m.6 views

CVE-2026-48754

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:15+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-4xg6-52mh-fpw8...

5.8AI score0.00025EPSS
Exploits0References1
Circl
Circl
added 2026/06/26 8:35 p.m.8 views

CVE-2026-48755

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:12+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-v6mj-8pf4-hhw4 2026-07-01 02:15:18+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mpkh3n7jjr2b 2026-07-01 02:31:46+00:00...

5.9AI score
Exploits0References4
Circl
Circl
added 2026/06/26 8:35 p.m.7 views

CVE-2026-48756

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:10+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-xhqx-mgh3-3h7q...

5.8AI score0.00025EPSS
Exploits0References1
Circl
Circl
added 2026/06/26 8:35 p.m.8 views

CVE-2026-48769

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:07+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-f6m5-xw2g-xc4x 2026-07-01 02:15:18+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mpkh3n7jjr2b 2026-07-01 02:31:46+00:00...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/26 7:13 p.m.5 views

GHSA-F6M5-XW2G-XC4X Incus has an arbitrary file write on its client due to trusted image hash

Summary An arbitrary file write exists in the Incus client when a malicious image server returns a crafted Incus-Image-Hash header. This can lead to arbitrary command execution as root on the server. Details - cmd/incusd/images.go:611-684 handles source.type=url by HEADing the user-supplied URL,...

9.9CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/26 6:52 p.m.4 views

GHSA-4XG6-52MH-FPW8 Incus: Nil-pointer dereference in createDependentVolumesFromBackup on disk.{Volume,VolumeSnapshots,Pool}

Summary backend.createDependentVolumesFromBackup in internal/server/storage/backend.go contains a cluster of unguarded pointer derefs on every dependent-volume entry's VolumeSnapshotsi, Volume, and Pool sub-fields. An authenticated user with cancreateinstances permission on any project can crash...

5.3CVSS5.8AI score0.00025EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 6:47 p.m.3 views

GHSA-CCJC-4QC3-JXQC Incus has an arbitrary file write via path traversal in S3 multipart upload

Summary The S3 protocol upload endpoint is vulnerable to path traversal and allows creation of arbitrary files on the host. This behavior could lead to arbitrary command execution. In internal/server/storage/s3/local/multipart.go, user-controlled upload ID is appended to the uploads directory...

9.9CVSS6AI score0.00091EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 6:46 p.m.4 views

GHSA-VXP5-584Q-C479 Incus has arbitrary file read+write on host via templates/ symlink in malicious image

Summary A specially crafted image or instance backup can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution. Details For container images, internal/server/storage/utils.go calls archive.UnpackimageFile, destPath, .... The tar extraction pa...

9.9CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/06/26 6:33 p.m.2 views

GHSA-48Q5-W887-33WV Incus has a restricted project bypass leading to arbitrary command execution

Summary Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for arbitrary command execution on the Incus server by abusing lowlevel hooks such as raw.lxc and raw.qemu. Details Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for...

9.9CVSS6.2AI score
Exploits0References2
Debian
Debian
added 2026/06/26 3:6 p.m.10 views

[SECURITY] [DSA 6370-1] incus security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6370-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 26, 2026 https://www.debian.org/security/faq -...

6.1AI score0.00025EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-53016

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description An arbitrary file write exists in the Incus client that can lead to arbitrary command execution as root on the server. The issue occurs when the client processes a request with source.type=url...

9.9CVSS6.2AI score
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-53012

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description Instance snapshots ignore the restricted.containers.lowlevel=block setting, which allows for arbitrary command execution on the Incus server. This occurs by abusing lowlevel hooks such as raw.l...

9.9CVSS6.3AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

Debian dsa-6370 : xnest - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6370 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6370-1 [email protected] https://www.debian.org/securit...

7.8CVSS5.9AI score0.00165EPSS
Exploits0References20
Debian
Debian
added 2026/05/17 4:58 a.m.14 views

[BSA-133] Security Update for incus

Mathias Gibbens uploaded new packages for incus which fixed the following security problems: CVE ID : CVE-2026-40195 CVE-2026-40197 CVE-2026-40243 CVE-2026-40251 CVE-2026-41647 CVE-2026-41648 CVE-2026-41684 CVE-2026-41685 Multiple security issues were discovered in Incus, a system container and...

7.1CVSS5.8AI score0.00408EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/05/15 12:57 p.m.15 views

CVE-2026-41684

A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with permissions to import instance backups could craft a malicious backup archive. This archive, containing a valid inline configuration but a malformed legacy backup file, could cause the Incus daem...

6.5CVSS5.8AI score0.00408EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/15 12:39 p.m.13 views

CVE-2026-40243

A flaw was found in Incus, a system container and virtual machine manager. The Open Virtual Network OVN database connection logic contains broken Transport Layer Security TLS validation. A remote attacker, by impersonating or intercepting the OVN endpoint on the management network, can present a...

4.8CVSS5.8AI score0.00173EPSS
Exploits1References2
Rows per page
Query Builder