Lucene search
K

88 matches found

Veracode
Veracode
added 2026/05/14 6:14 p.m.19 views

Arbitrary File Read And Write

Incus is vulnerable to arbitrary file read and write. The vulnerability is due to improper enforcement of the pongo2 chroot isolation mechanism in instance template files, which allows an attacker to bypass filesystem restrictions and perform arbitrary file read/write operations on the host syste...

9.9CVSS5.9AI score0.00481EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 2:38 a.m.9 views

GHSA-M38G-VWW2-MVGX Talos Linux has a local privilege escalation from untrusted workloads

Summary A vulnerability in the Linux kernel's algifaead subsystem CVE-2026-31431, "copy.fail" allows an unprivileged container workload to corrupt arbitrary file page-cache pages via the AFALG crypto interface and splice. On Talos Linux, this vulnerability can be chained into a complete node...

7.5CVSS8AI score0.96267EPSS
Exploits230References6
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-34177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmo...

9.1CVSS7.1AI score0.00363EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/12 10:41 a.m.62 views

Exploit for Out-of-bounds Read in Linux Linux_Kernel

CVE-2026-31413: One Byte in the BPF Verifier to Container Esca...

7.8CVSS7.6AI score0.00221EPSS
Exploits2
EUVD
EUVD
added 2026/04/10 7:21 p.m.6 views

EUVD-2026-20872

LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf...

9.1CVSS5.8AI score0.00363EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 10:16 a.m.3 views

DEBIAN-CVE-2026-34177

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

9.1CVSS5.4AI score0.00363EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 10:16 a.m.6 views

CVE-2026-34177

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

9.1CVSS5.8AI score0.00363EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 9:15 a.m.25 views

CVE-2026-34177 VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

9.1CVSS0.00363EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/09 9:15 a.m.4 views

CVE-2026-34177

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

9.1CVSS5.4AI score0.00363EPSS
Exploits0
CVE
CVE
added 2026/04/09 9:15 a.m.24 views

CVE-2026-34177

The CVE concerns Canonical LXD versions 4.12–6.7. It documents an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go) that omits raw.apparmor and raw.qemu.conf from restricted.virtual-machines.lowlevel=block. A remote attacker who has can_edit permission on a VM...

9.1CVSS6AI score0.00363EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/09 9:15 a.m.1 views

CVE-2026-34177 VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

9.1CVSS7.3AI score0.00363EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31595

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.12 through 6.7 Description Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in the isVMLowLevelOptionForbidden function lxd/project/limits/permissions.go. This denylist omits raw.apparmor and...

9.1CVSS5.8AI score0.00363EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: libcontainers-common (CVE-2024-1753)

The version of libcontainers-common installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1753 advisory. - A flaw was found in Buildah and subsequently Podman Build which allows containers to mount...

8.6CVSS5.7AI score0.0049EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/01/19 7:43 p.m.202 views

Exploit for OS Command Injection in Docker

!DOIhttps://img.shields.io/badge/DOI-10.5281%2Fzenodo.183047...

9.3CVSS8.3AI score0.9857EPSS
Exploits33
Github Security Blog
Github Security Blog
added 2025/11/13 11:1 p.m.5 views

LXD vulnerable to a local privilege escalation through custom storage volumes

Impact This affects any LXD user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would be...

7AI score
Exploits0References8Affected Software1
EUVD
EUVD
added 2025/11/13 4:4 p.m.3 views

EUVD-2025-50816

Incus vulnerable to local privilege escalation through custom storage volumes...

8.6CVSS6AI score0.00164EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/11/13 4:4 p.m.7 views

Incus vulnerable to local privilege escalation through custom storage volumes

Impact This affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would ...

8.6CVSS5.8AI score0.00164EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2025/11/12 12:19 a.m.7 views

SUSE CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS7.1AI score0.00164EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/11 6:18 a.m.5 views

CVE-2025-64507

An issue in Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would be systems...

8.6CVSS6.7AI score0.00164EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-24859

Malicious code in bioql PyPI...

7CVSS6.4AI score0.0016EPSS
Exploits0References4
Rows per page
Query Builder