Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-53012

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description Instance snapshots ignore the restricted.containers.lowlevel=block setting, which allows for arbitrary command execution on the Incus server. This occurs by abusing lowlevel hooks such as raw.l...

9.9CVSS6.3AI score
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/05/07 1:9 p.m.10 views

CVE-2026-41685

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

4.3CVSS5.7AI score0.00333EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-37138

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Incus is a system container and virtual machine manager. An authenticated user can provide a specially crafted image or backup tarball containing a very large YAML document. Because the software unpack...

5.3CVSS5.8AI score0.00269EPSS
Exploits1References16
OSV
OSV
added 2026/03/27 5:8 p.m.3 views

GHSA-P8MM-23GG-JC9R Incus does not verify combined fingerprint when downloading images from simplestreams servers

Summary A lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Details Incus image...

7CVSS5.8AI score0.0018EPSS
Exploits1References8
Rows per page
Query Builder