Lucene search
K

29 matches found

NVD
NVD
added 2026/06/26 4:16 p.m.10 views

CVE-2026-12411

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

9.6CVSS0.00209EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 3:27 p.m.41 views

CVE-2026-12411 Broken Access Control in Canonical LXD DevLXD API

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

8.4CVSS0.00209EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:27 p.m.8 views

CVE-2026-12411

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

8.4CVSS5.8AI score0.00209EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/26 3:27 p.m.10 views

EUVD-2026-39788

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

8.4CVSS5.8AI score0.00209EPSS
Exploits1References2
CVE
CVE
added 2026/06/26 3:27 p.m.22 views

CVE-2026-12411

CVE-2026-12411 concerns Canonical LXD where the devLXDInstancePatchHandler component suffers a broken access control, allowing an untrusted guest to mount, read, and overwrite another guest’s custom storage volume via a crafted device PATCH to /dev/lxd when security.devlxd.management.volumes is e...

9.6CVSS5.8AI score0.00209EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52840

Name of the Vulnerable Software and Affected Versions Canonical LXD affected versions not specified Description Broken Access Control in the devLXDInstancePatchHandler component allows an untrusted guest to mount, read, and overwrite the custom storage volume of another guest. This is achieved by...

9.6CVSS5.9AI score0.00209EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/12 7:38 p.m.14 views

CVE-2026-40197

A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with access to the storage volume feature can exploit a nil-pointer dereference vulnerability during custom volume import operations. By supplying a specially crafted backup archive, the user can caus...

7.1CVSS5.7AI score0.00299EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.10 views

SUSE CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

7.1CVSS5.8AI score0.00299EPSS
Exploits1References3
NVD
NVD
added 2026/05/06 9:16 p.m.8 views

CVE-2026-40251

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem contains an...

7.1CVSS0.00408EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.16 views

PT-2026-37103

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem and t...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References17
RedhatCVE
RedhatCVE
added 2025/11/11 6:18 a.m.5 views

CVE-2025-64507

An issue in Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would be systems...

8.6CVSS6.7AI score0.00164EPSS
Exploits1References6
NVD
NVD
added 2025/11/10 10:15 p.m.4 views

CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS0.00164EPSS
Exploits1References3
OSV
OSV
added 2025/11/10 10:15 p.m.5 views

UBUNTU-CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS5.8AI score0.00164EPSS
Exploits1References5
OSV
OSV
added 2025/11/10 9:56 p.m.3 views

CVE-2025-64507 Incus vulnerable to local privilege escalation through custom storage volumes

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS7AI score0.00164EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2025/11/10 9:56 p.m.3 views

CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS6.8AI score0.00164EPSS
Exploits1
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.5 views

Incus 安全漏洞

Incus is an LXC open source system container and virtual machine manager. A security vulnerability exists in Incus versions prior to 6.0.6 and prior to 6.19.0 that stems from not properly restricting permissions on custom storage volumes, which could lead to elevated privileges...

8.6CVSS6.3AI score0.00164EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/10 12:0 a.m.5 views

PT-2025-46210

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.0.6 Incus versions prior to 6.19.0 Description Incus is a system container and virtual machine manager. An issue affects any Incus user in an environment where an unprivileged user may have root access to a container...

8.6CVSS6.6AI score0.00164EPSS
Exploits1References22
OSV
OSV
added 2025/09/16 8:15 a.m.5 views

UBUNTU-CVE-2023-53271

In the Linux kernel, the following vulnerability has been resolved: ubi: Fix unreferenced object reported by kmemleak in ubiresizevolume There is a memory leaks problem reported by kmemleak: unreferenced object 0xffff888102007a00 size 128: comm "ubirsvol", pid 32090, jiffies 4298464136 age...

5.5CVSS5.9AI score0.00147EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.4 views

SUSE CVE-2015-5313

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storagebackendfs.c in libvirt, when fine-grained Access Control Lists ACL are in effect, allows local users with storagevol:create ACL but not domain:write permission to write to arbitrary files via ...

2.5CVSS6.7AI score0.00451EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2022/09/22 10:40 a.m.63 views

Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure

Researchers have disclosed a new severe Oracle Cloud Infrastructure OCI vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a...

0.9AI score
Exploits0
Rows per page
Query Builder