Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-9639

Summary
Assigner-canonical
Assigner Org ID-cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At-26 Jun, 2026 | 15:39
Updated At-26 Jun, 2026 | 16:02
Rejected At-
Credits

Authenticated Denial of Service via Malicious Backup Tarball in LXD

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:canonical
Assigner Org ID:cc1ad9ee-3454-478d-9317-d3e869d708bc
Published At:26 Jun, 2026 | 15:39
Updated At:26 Jun, 2026 | 16:02
Rejected At:
â–¼CVE Numbering Authority (CNA)
Authenticated Denial of Service via Malicious Backup Tarball in LXD

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.

Affected Products
Vendor
Canonical Ltd.Canonical
Product
LXD
Package Name
LXD
Repo
https://github.com/canonical/lxd
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • From 5.21.0 before 5.21.5 (semver)
  • From 6.0 before 6.9 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-476CWE-476 NULL pointer dereference
Type: CWE
CWE ID: CWE-476
Description: CWE-476 NULL pointer dereference
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-153Input Data Manipulation
CAPEC ID: CAPEC-153
Description: Input Data Manipulation
Solutions

Upgrade to LXD version 5.21.5 or later, or 6.9 or later.

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
vdb-entry
vendor-advisory
https://github.com/canonical/lxd/pull/18320
patch
https://github.com/canonical/lxd/pull/18390
patch
Hyperlink: https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
Resource:
vdb-entry
vendor-advisory
Hyperlink: https://github.com/canonical/lxd/pull/18320
Resource:
patch
Hyperlink: https://github.com/canonical/lxd/pull/18390
Resource:
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
exploit
Hyperlink: https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@ubuntu.com
Published At:26 Jun, 2026 | 16:16
Updated At:26 Jun, 2026 | 19:58

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at snapshot field.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-476Secondarysecurity@ubuntu.com
CWE ID: CWE-476
Type: Secondary
Source: security@ubuntu.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/canonical/lxd/pull/18320security@ubuntu.com
N/A
https://github.com/canonical/lxd/pull/18390security@ubuntu.com
N/A
https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8security@ubuntu.com
N/A
https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/canonical/lxd/pull/18320
Source: security@ubuntu.com
Resource: N/A
Hyperlink: https://github.com/canonical/lxd/pull/18390
Source: security@ubuntu.com
Resource: N/A
Hyperlink: https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
Source: security@ubuntu.com
Resource: N/A
Hyperlink: https://github.com/canonical/lxd/security/advisories/GHSA-j93m-3j9p-m5m8
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

162Records found

CVE-2024-24991
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-6.5||MEDIUM
EPSS-1.73% / 74.78%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 01:10
Updated-06 May, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.

Action-Not Available
Vendor-Ivanti Software
Product-avalancheAvalancheavalanche
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-21356
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.08% / 79.20%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 18:02
Updated-03 May, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-1914
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-6.5||MEDIUM
EPSS-0.71% / 49.03%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 13:41
Updated-19 Dec, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14

Action-Not Available
Vendor-ABB
Product-omnicore_c30omnicore_v400xtrobotwareomnicore_v250xtirc5omnicore_e10omnicore_c90xtRobotWare 7RobotWare 6robotware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-12002
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.75% / 50.56%
||
7 Day CHG~0.00%
Published-30 Nov, 2024 | 13:00
Updated-10 Dec, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda FH451/FH1201/FH1202/FH1206 GetIPTV websReadEvent null pointer dereference

A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-fh451_firmwarefh1206fh1202fh1201fh1206_firmwarefh1201_firmwarefh1202_firmwarefh451FH1206FH1202FH1201FH451
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-11650
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.1||HIGH
EPSS-1.20% / 64.28%
||
7 Day CHG~0.00%
Published-25 Nov, 2024 | 02:00
Updated-25 Nov, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i9 GetIPTV websReadEvent null pointer dereference

A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i9i9_firmware
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-10750
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.1||HIGH
EPSS-0.83% / 53.10%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 01:00
Updated-07 Nov, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda i22 SysToo websReadEvent null pointer dereference

A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as problematic. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV?fgHPOST/goform/SysToo. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-i22i22_firmwarei22i22
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-10280
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.1||HIGH
EPSS-0.76% / 50.57%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 13:31
Updated-01 Nov, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC6/AC7/AC8/AC9/AC10/AC10U/AC15/AC18/AC500/AC1206 GetIPTV websReadEvent null pointer dereference

A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. It has been rated as problematic. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10u_firmwareac7_firmwareac8_firmwareac10uac9_firmwareac6_firmwareac1206ac500_firmwareac7ac500ac6ac18ac10_firmwareac10ac1206_firmwareac8ac9ac15ac15_firmwareac18_firmwareAC6AC18AC10UAC1206AC9AC10AC500AC8AC15AC7ac500_firmwareac10_firmwareac8_firmwareac10u_firmwareac7_firmwareac1206_firmwareac9_firmwareac6_firmwareac15_firmwareac18_firmware
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6536
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.54% / 71.79%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 21:05
Updated-06 Nov, 2025 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: null pointer dereference in __nvmet_req_complete

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxenterprise_linux_euscodeready_linux_builder_for_arm64_euscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_eusenterprise_linux_for_real_time_for_nfventerprise_linux_for_arm_64_eusvirtualization_hostenterprise_linux_server_ausdebian_linuxcodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_euslinux_kernelenterprise_linux_server_tusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_real_timeRed Hat Enterprise Linux 9RHOL-5.8-RHEL-9Red Hat Enterprise Linux 6Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6356
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.45% / 70.11%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 21:04
Updated-06 Nov, 2025 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: null pointer dereference in nvmet_tcp_build_iovec

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linuxenterprise_linux_euscodeready_linux_builder_for_arm64_euscodeready_linux_builder_for_ibm_z_systems_euscodeready_linux_builder_eusenterprise_linux_for_real_time_for_nfventerprise_linux_for_arm_64_eusvirtualization_hostenterprise_linux_server_ausdebian_linuxcodeready_linux_builder_eus_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_server_tuslinux_kernelenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_real_timeRed Hat Enterprise Linux 9RHOL-5.8-RHEL-9Red Hat Enterprise Linux 6Red Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.8 Extended Update Support
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-6683
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.26% / 66.04%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 19:01
Updated-25 Feb, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qemu: vnc: null pointer dereference in qemu_clipboard_request()

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.QEMU
Product-qemuenterprise_linuxRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-49275
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.88% / 54.69%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 14:24
Updated-09 Jan, 2025 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd

Wazuh is a free and open source platform used for threat prevention, detection, and response. A NULL pointer dereference was detected during fuzzing of the analysis engine, allowing malicious clients to DoS the analysis engine. The bug occurs when `analysisd` receives a syscollector message with the `hotfix` `msg_type` but lacking a `timestamp`. It uses `cJSON_GetObjectItem()` to get the `timestamp` object item and dereferences it without checking for a `NULL` value. A malicious client can DoS the analysis engine. This vulnerability is fixed in 4.7.1.

Action-Not Available
Vendor-Wazuh, Inc.
Product-wazuhwazuhwazuh
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-38712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.69% / 48.29%
||
7 Day CHG~0.00%
Published-25 Aug, 2023 | 00:00
Updated-02 Aug, 2024 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

Action-Not Available
Vendor-libreswann/a
Product-libreswann/a
CWE ID-CWE-476
NULL Pointer Dereference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found