11 matches found
GHSA-XHQX-MGH3-3H7Q Incus: CreateCustomVolumeFromBackup nil-pointer dereference on volume_snapshots[*].expires_at (sibling-field variant of GHSA-r7w7)
Summary backend.CreateCustomVolumeFromBackup in internal/server/storage/backend.go contains an unguarded time.Time dereference on the ExpiresAt field of every volume-snapshot entry in an imported custom-volume backup. An authenticated user with cancreatestoragevolumes permission on any project ca...
EUVD-2026-39789
Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expiresat snapshot field...
CVE-2026-9639
Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expiresat snapshot field...
CVE-2026-40197
Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the daemon to crash by importing a crafted backup archive containing a null entry in the volumesnapshots array, which leads to a nil-pointer...
EUVD-2016-6785
Malware in sbrugna...
CVE-2016-5850
Cross-site scripting XSS vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-5850
Cross-site scripting XSS vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Security Advisory - XSS Vulnerability in Huawei Public Cloud Solution
The Public Cloud Solution has a Cross-Site Scripting XSS vulnerability in volume backup service module. An attacker can insert special characters to modify server data. Vulnerability ID: HWPSIRT-2016-06017 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID:...
Moderate: Red Hat Security Advisory: openstack-cinder security and bug fix update
Updated openstack-cinder packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring...