Lucene search
+L

12 matches found

OSV
OSV
added 2026/06/26 6:33 p.m.2 views

GHSA-48Q5-W887-33WV Incus has a restricted project bypass leading to arbitrary command execution

Summary Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for arbitrary command execution on the Incus server by abusing lowlevel hooks such as raw.lxc and raw.qemu. Details Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for...

9.9CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.20 views

PT-2026-53012

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description Instance snapshots ignore the restricted.containers.lowlevel=block setting, which allows for arbitrary command execution on the Incus server. This occurs by abusing lowlevel hooks such as raw.l...

9.9CVSS6.3AI score
Exploits0References4
OSV
OSV
added 2026/04/10 7:21 p.m.5 views

GHSA-FM2X-C5QW-4H6F LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Summary The isVMLowLevelOptionForbidden function in lxd/project/limits/permissions.go is missing raw.apparmor and raw.qemu.conf from its hardcoded forbidden list. A user with canedit permission on a VM instance in a restricted project can combine these two omissions to bridge the LXD unix socket...

9.1CVSS6AI score0.00363EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/10 7:21 p.m.7 views

LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Summary The isVMLowLevelOptionForbidden function in lxd/project/limits/permissions.go is missing raw.apparmor and raw.qemu.conf from its hardcoded forbidden list. A user with canedit permission on a VM instance in a restricted project can combine these two omissions to bridge the LXD unix socket...

9.1CVSS6AI score0.00363EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/09 9:15 a.m.26 views

CVE-2026-34177 VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

9.1CVSS0.00363EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 9:15 a.m.3 views

CVE-2026-34177 VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

9.1CVSS6AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2026/04/09 9:15 a.m.25 views

CVE-2026-34177

The CVE concerns Canonical LXD versions 4.12–6.7. It documents an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go) that omits raw.apparmor and raw.qemu.conf from restricted.virtual-machines.lowlevel=block. A remote attacker who has can_edit permission on a VM...

9.1CVSS6AI score0.00363EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/09 9:15 a.m.2 views

CVE-2026-34177 VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

9.1CVSS7.3AI score0.00363EPSS
Exploits0References6
Snyk
Snyk
added 2025/01/14 3:42 p.m.3 views

Exposed Dangerous Method or Function

Overview typo3/cms-lowlevel is an Enables the 'Config' and 'DB Check' modules for technical analysis of the system. This includes raw database search, checking relations, counting pages and records etc. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via t...

6.5CVSS6.9AI score0.00222EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/11/29 12:0 a.m.6 views

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 5:3 p.m.18 views

TYPO3 SQL Injection in low-level Query Generator

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backe...

7.2CVSS7.5AI score0.00868EPSS
Exploits0References4Affected Software2
Kitploit
Kitploit
added 2019/10/23 9:8 p.m.107 views

Slither v0.6.7 - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

7.6AI score
Exploits0References65
Rows per page
Query Builder