Lucene search
+L

11 matches found

Snyk
Snyk
added 2026/03/27 5:8 p.m.8 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value inadequate validation of the combined fingerprint during image downloads from simplestreams servers. An attacker can cause users to deploy malicious images by providing manipulated image file...

7.7CVSS6.1AI score0.0018EPSS
Exploits1References2
NVD
NVD
added 2026/03/27 12:16 a.m.4 views

CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS0.00347EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 11:16 p.m.4 views

CVE-2026-33542

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

7.1CVSS0.0018EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/26 10:43 p.m.8 views

CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS6AI score0.00481EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/26 10:43 p.m.45 views

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS6AI score0.00481EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 10:40 p.m.22 views

CVE-2026-33743 Incus vulnerable to denial of source through crafted bucket backup file

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS0.00385EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/26 10:40 p.m.5 views

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS5.3AI score0.00385EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/26 10:32 p.m.27 views

CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

7.1CVSS0.0018EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 10:32 p.m.4 views

CVE-2026-33542

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

7.1CVSS5.8AI score0.0018EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-28560

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus, a system container and virtual machine manager, allows instance template files to be used to perform arbitrary read and write operations as root on the host server. The software utilizes pongo2...

9.9CVSS5.9AI score0.00481EPSS
Exploits3References28
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.9 views

PT-2023-4017 · Miniorange · Miniorange Oauth Single Sign On – Sso

Name of the Vulnerable Software and Affected Versions: miniOrange OAuth Single Sign On – SSO OAuth Client plugin versions through 6.23.3 Description: The issue is related to an Improper Authentication vulnerability in the miniOrange OAuth Single Sign On – SSO OAuth Client plugin, which allows...

9CVSS8.9AI score0.00958EPSS
Exploits1References9
Rows per page
Query Builder