Lucene search
K

38 matches found

OSV
OSV
added 2026/06/26 4:16 p.m.2 views

DEBIAN-CVE-2026-9639

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expiresat snapshot field...

6.5CVSS5.7AI score0.00389EPSS
Exploits1References1
NVD
NVD
added 2026/06/26 4:16 p.m.8 views

CVE-2026-9639

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expiresat snapshot field...

6.5CVSS0.00389EPSS
Exploits1References3
CVE
CVE
added 2026/06/26 3:39 p.m.19 views

CVE-2026-9639

CVE-2026-9639 describes a nil-pointer dereference in LXD’s CreateCustomVolumeFromBackup. On Linux, affected versions are up to 6.8 and 5.21. An authenticated user with the ability to can_create_storage_volumes can trigger a denial of service by supplying a specially crafted custom-volume backup t...

6.5CVSS5.7AI score0.00389EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52843

Name of the Vulnerable Software and Affected Versions LXD versions prior to 6.9 LXD version 5.21 Description A nil-pointer dereference occurs in the CreateCustomVolumeFromBackup function when processing a specially crafted custom-volume backup tarball that omits the expires at snapshot field. An...

6.5CVSS6AI score0.00389EPSS
Exploits1References5
NVD
NVD
added 2026/05/07 2:16 p.m.17 views

CVE-2026-41685

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

4.3CVSS0.00333EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 1:9 p.m.10 views

CVE-2026-41685

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

4.3CVSS5.7AI score0.00333EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/07 1:9 p.m.14 views

CVE-2026-41685

CVE-2026-41685 affects Incus prior to 7.0.0 where authenticated users can trigger unbounded disk usage during binary import paths. The issue occurs because HTTP upload bodies are streamed into temporary host storage via io.Copy in multiple handlers (instance import, bucket backup import, volume b...

4.3CVSS5.7AI score0.00333EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/07 1:9 p.m.30 views

CVE-2026-41685 Incus: Unbounded binary import disk exhaustion

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and...

4.3CVSS0.00333EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/04 7:46 p.m.9 views

Incus is affected by unbounded binary import disk exhaustion

Summary Uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.imagesvolume and storage.backupsvolume as those users will have large uploads be stored on those...

4.3CVSS5.8AI score0.00333EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2026/03/16 3:11 p.m.7 views

Improper Privilege Management

github.com/lxc/incus is vulnerable to Improper Privilege Management. The vulnerability is due to improper handling of custom storage volumes with the security.shifted property, which allows an attacker with root access inside a container to create a setuid binary that can be executed on the host ...

8.6CVSS5.8AI score0.00148EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2025/11/18 3:44 p.m.2 views

GO-2025-4121 LXD vulnerable to a local privilege escalation through custom storage volumes in lxd in github.com/canonical/lxd

LXD vulnerable to a local privilege escalation through custom storage volumes in lxd in github.com/canonical/lxd...

6.8AI score
Exploits0References7
OSV
OSV
added 2025/11/17 7:11 p.m.3 views

GO-2025-4115 Incus vulnerable to local privilege escalation through custom storage volumes in github.com/lxc/incus

Incus vulnerable to local privilege escalation through custom storage volumes in github.com/lxc/incus...

8.6CVSS6.8AI score0.00148EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/13 11:1 p.m.3 views

EUVD-2025-180203

LXD vulnerable to a local privilege escalation through custom storage volumes...

6.4AI score
Exploits0References8
OSV
OSV
added 2025/11/13 11:1 p.m.2 views

GHSA-3G2J-VM47-X4MJ LXD vulnerable to a local privilege escalation through custom storage volumes

Impact This affects any LXD user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would be...

8.6CVSS6.9AI score
Exploits0References8
Github Security Blog
Github Security Blog
added 2025/11/13 4:4 p.m.7 views

Incus vulnerable to local privilege escalation through custom storage volumes

Impact This affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would ...

8.6CVSS5.8AI score0.00148EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/11/13 4:4 p.m.0 views

GHSA-56MX-8G9F-5CRF Incus vulnerable to local privilege escalation through custom storage volumes

Impact This affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true as well as access to the host as an unprivileged user. The most common case for this would ...

8.6CVSS5.8AI score0.00148EPSS
Exploits1References5
Snyk
Snyk
added 2025/11/10 10:43 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to the process handling custom storage volumes with the security.shifted property set to true. An attacker can gain elevated privileges on the host system by creating a custom storage volume, writing a...

8.6CVSS6.6AI score0.00148EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/10 10:43 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to the process handling custom storage volumes with the security.shifted property set to true. An attacker can gain elevated privileges on the host system by creating a custom storage volume, writing a...

8.6CVSS6.6AI score0.00148EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/10 10:43 p.m.2 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to the process handling custom storage volumes with the security.shifted property set to true. An attacker can gain elevated privileges on the host system by creating a custom storage volume, writing a...

8.6CVSS6.6AI score0.00148EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/10 9:56 p.m.3 views

CVE-2025-64507 Incus vulnerable to local privilege escalation through custom storage volumes

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

8.6CVSS6.3AI score0.00148EPSS
Exploits1References3
Rows per page
Query Builder