Lucene search
K

121 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/06 8:36 p.m.5 views

CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

7.1CVSS5.8AI score0.00299EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/06 8:36 p.m.28 views

CVE-2026-40197

Incus CVE-2026-40197 describes a nil-pointer dereference in the custom volume import path. During import, the code iterates over srcBackup.Config.VolumeSnapshots and dereferences each element without validating it, allowing an attacker-controlled null entry in volume_snapshots to crash the daemon...

7.1CVSS5.8AI score0.00299EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 8:33 p.m.9 views

CVE-2026-40195 Incus nil-pointer dereference in storage bucket import allows denial of service

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...

7.1CVSS5.8AI score0.00398EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.22 views

PT-2026-37259

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.5.0 Description An unauthenticated remote BGP peer can cause a fatal panic and complete loss of service availability by sending a specially crafted BGP UPDATE message. When the server receives a message with...

7.5CVSS5.8AI score0.00418EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/04 8:1 p.m.8 views

Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Summary A nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a namespace-level RBAC rule but not an SSO-namespace rule, when SSODELEGATERBACTONAMESPACE=true. Details When getServiceAccountclaims, ssoNamespace...

6.5CVSS5.9AI score0.00377EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/04 7:45 p.m.8 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References2
OSV
OSV
added 2026/05/04 7:38 p.m.7 views

GHSA-FWJ8-62R8-8P8M Incus has Nil-Pointer Dereference via S3 Bucket Import

Summary Missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. Details It was found that TransferManager.UploadAllFiles iterates over tar entries but only checks for io.EOF from tr.Next. When tr.Next...

6.5CVSS5.7AI score0.00394EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/04 5:45 p.m.16 views

Incus has a Nil-Pointer Dereference via Custom Volume Import

Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The custom volume...

7.1CVSS5.8AI score0.00299EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/05/04 5:45 p.m.5 views

GHSA-R7W7-MMXR-47R9 Incus has a Nil-Pointer Dereference via Custom Volume Import

Summary Missing validation logic in the storage volume import logic allows an authenticated user with access to Incus' storage volume feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The custom volume...

7.1CVSS5.7AI score0.00299EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/04 5:40 p.m.9 views

Incus has a Nil-Pointer Dereference Panic via Bucket Metadata

Summary Missing validation logic in the storage bucket import logic allows an authenticated user with access to Incus' storage bucket feature to cause the Incus daemon to crash. Repeated use of this issue can be used to keep Incus offline causing a denial of service. Details The storage bucket...

7.1CVSS5.7AI score0.00398EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-37101

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing validation logic in the storage bucket import process allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The issue occurs in the backup...

7.1CVSS5.8AI score0.00398EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-37137

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing error handling in the TransferManager.UploadAllFiles function allows an authenticated user to cause a daemon crash. The issue occurs during the import of a truncated or corrupted storage bucket...

6.5CVSS5.9AI score0.00394EPSS
Exploits1References16
RedHat Linux
RedHat Linux
added 2026/04/29 2:31 p.m.10 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

7.5CVSS6.6AI score0.00591EPSS
Exploits1References8
OSV
OSV
added 2026/04/02 6:42 p.m.5 views

GO-2026-4899 Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted in github.com/bishopfox/sliver

Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel rportfwd close is attempted in github.com/bishopfox/sliver...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33064

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/23 6:14 p.m.2 views

Missing Default Case in Switch Statement

Overview Affected versions of this package are vulnerable to Missing Default Case in Switch Statement in the DataChangeNotification process due to a nil pointer dereference. An attacker can cause a panic and disrupt service availability by triggering this process with crafted input. Remediation...

8.7CVSS5.9AI score0.00486EPSS
Exploits1References3
OSV
OSV
added 2026/03/23 6:14 p.m.5 views

GO-2026-4757 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference in github.com/free5gc/udm

free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference in github.com/free5gc/udm...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/03/23 2:37 a.m.44 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

7.5CVSS6.7AI score0.00591EPSS
Exploits1References8
OSV
OSV
added 2026/03/20 8:0 a.m.6 views

CVE-2026-33064 free5GC UDM DataChangeNotification Procedure Panic Due to Nil Pointer Dereference

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS6.3AI score0.00486EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:0 a.m.11 views

CVE-2026-33064

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to procedure panic caused by Nil Pointer Dereference in the /sdm-subscriptions endpoint. A remote attacker can cause the UDM service to panic and crash by sending ...

8.7CVSS5.8AI score0.00486EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder