Lucene search
K

386 matches found

Circl
Circl
added 2026/06/26 8:35 p.m.7 views

CVE-2026-48753

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:17+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-ccjc-4qc3-jxqc 2026-07-07 20:46:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mq3hxgxr2u24...

5.9AI score0.00091EPSS
Exploits0References2
Circl
Circl
added 2026/06/26 8:35 p.m.6 views

CVE-2026-48754

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:15+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-4xg6-52mh-fpw8...

5.8AI score0.00025EPSS
Exploits0References1
Circl
Circl
added 2026/06/26 8:35 p.m.8 views

CVE-2026-48755

creationtimestamp| type| source ---|---|--- 2026-06-26 20:35:12+00:00| published-proof-of-concept| https://github.com/lxc/incus/security/advisories/GHSA-v6mj-8pf4-hhw4 2026-07-01 02:15:18+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mpkh3n7jjr2b 2026-07-01 02:31:46+00:00...

5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.17 views

PT-2026-53012

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description Instance snapshots ignore the restricted.containers.lowlevel=block setting, which allows for arbitrary command execution on the Incus server. This occurs by abusing lowlevel hooks such as raw.l...

9.9CVSS6.3AI score
Exploits0References4
OSV
OSV
added 2026/06/04 5:19 a.m.9 views

MGASA-2026-0172 Updated lxc packages fix security vulnerability

CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion...

6.5CVSS5.8AI score0.00162EPSS
Exploits1References4
Mageia
Mageia
added 2026/06/04 5:19 a.m.12 views

Updated lxc packages fix security vulnerability

CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion...

6.5CVSS5.8AI score0.00162EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/15 2:23 p.m.11 views

CVE-2026-39402

A flaw was found in LXC Linux Containers, specifically within the lxc-user-nic helper. This logic flaw allows an unprivileged attacker, with a valid lxc-usernet policy entry, to delete OpenVSwitch OVS-attached network interfaces owned by other users. In multi-tenant environments using lxc-user-ni...

6.5CVSS5.6AI score0.00162EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.11 views

SUSE CVE-2026-39402

lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the findline function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a...

6.5CVSS5.8AI score0.00162EPSS
Exploits1References3
NVD
NVD
added 2026/05/05 9:16 p.m.8 views

CVE-2026-39402

lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the findline function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a...

6.5CVSS0.00162EPSS
Exploits1References1
CVE
CVE
added 2026/05/05 8:45 p.m.18 views

CVE-2026-39402

Summary: CVE-2026-39402 affects the LXC user network helper (lxc-user-nic) in multi-tenant setups using Open vSwitch bridges. The delete path in the setuid helper contains a logic flaw in find_line() that can authorize deletion based on a name match even when ownership/type/link fields belong to ...

6.5CVSS5.8AI score0.00162EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/05 8:45 p.m.36 views

CVE-2026-39402 lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion

lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the findline function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a...

4.3CVSS0.00162EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/05 8:45 p.m.6 views

CVE-2026-39402 lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion

lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the findline function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a...

4.3CVSS5.8AI score0.00162EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/05 8:45 p.m.7 views

EUVD-2026-27497

lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the findline function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a...

4.3CVSS5.8AI score0.00162EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 8:45 p.m.5 views

CVE-2026-39402

lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the findline function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a...

4.3CVSS5.8AI score0.00162EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/05 8:45 p.m.14 views

CVE-2026-39402

lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the findline function that allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When lxc-user-nic delete scans its NIC database to authorize a...

6.5CVSS5.8AI score0.00162EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 6:49 a.m.5 views

OPENSUSE-SU-2026:20676-1 Security update for build, product-composer

This update for build, product-composer fixes the following issues: Changes in build: - Support a new "IgnoreRebuild" config. - build-recipe-kiwi: Add support for oci containers Avoid needlessly compressing container images Detect container images based on build result file name - Fix queryrecipe...

7.3CVSS5.8AI score0.00209EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

LXC 安全漏洞

LXC is an open-source low-level Linux container runtime that has been extensively tested. LXC has a security vulnerability, which stems from a logical flaw in the deletion path of the findline function within the setuid helper program lxc-user-nic. This flaw allows non-privileged users to delete...

6.5CVSS5.7AI score0.00162EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/04 7:46 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the io.Copy process that handles binary import requests. An attacker can exhaust disk space on the host system by continuously streaming large amounts of data to the affected...

5.3CVSS5.8AI score0.00333EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:44 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

5.3CVSS5.8AI score0.00269EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36995

Name of the Vulnerable Software and Affected Versions lxc versions prior to 7.0.0 Description A logic flaw in the find line function of the lxc-user-nic setuid helper allows an unprivileged user to delete OVS-attached network interfaces belonging to other users. When scanning the NIC database to...

6.5CVSS5.8AI score0.00162EPSS
Exploits1References18
Rows per page
Query Builder