Lucene search
+L

12 matches found

Cvelist
Cvelist
added 2026/05/07 1:8 p.m.47 views

CVE-2026-41684 Incus: Nil Dereferences on Restore via Malformed YAML

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

6.5CVSS0.00408EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:8 p.m.6 views

CVE-2026-41684

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

6.5CVSS5.7AI score0.00408EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 1:8 p.m.9 views

CVE-2026-41684 Incus: Nil Dereferences on Restore via Malformed YAML

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

6.5CVSS5.7AI score0.00408EPSS
Exploits1References2
CVE
CVE
added 2026/05/07 1:8 p.m.24 views

CVE-2026-41684

Summary of CVE-2026-41684 (Incus): An authenticated user who can import instance backups may crash the Incus daemon during restore when a crafted backup archive includes a valid inline backup/index.yaml but a malformed legacy backup.yaml that omits the container section. The vulnerability arises ...

6.5CVSS5.7AI score0.00408EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/07 1:8 p.m.8 views

CVE-2026-41684

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

6.5CVSS5.7AI score0.00408EPSS
Exploits1
OSV
OSV
added 2026/05/07 1:8 p.m.3 views

CVE-2026-41684 Incus: Nil Dereferences on Restore via Malformed YAML

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

6.5CVSS5.8AI score0.00408EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/04 7:45 p.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:45 p.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 7:45 p.m.4 views

GHSA-X5R6-JR56-89PV Incus has Nil Dereferences on Restore via Malformed YAML

Summary Details It was found that backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid inline config that passes the initial import...

6.5CVSS5.7AI score0.00408EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/04 7:45 p.m.12 views

Incus has Nil Dereferences on Restore via Malformed YAML

Summary Details It was found that backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid inline config that passes the initial import...

6.5CVSS5.7AI score0.00408EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-37148

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description An authenticated user with permissions to import instance backups can crash the Incus daemon using a specially crafted backup archive. The issue occurs because the backup.GetInfo function trusts the...

6.5CVSS5.8AI score0.00408EPSS
Exploits1References16
Cvelist
Cvelist
added 2019/08/01 2:31 p.m.35 views

CVE-2018-20909

cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups SEC-338...

7AI score0.00336EPSS
Exploits0References1
Rows per page
Query Builder