Lucene search
K

32 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS0.00172EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-39794

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS5.8AI score0.00329EPSS
Exploits1References4
CVE
CVE
added 6 days ago16 views

CVE-2026-9639

CVE-2026-9639 describes a nil-pointer dereference in LXD’s CreateCustomVolumeFromBackup. On Linux, affected versions are up to 6.8 and 5.21. An authenticated user with the ability to can_create_storage_volumes can trigger a denial of service by supplying a specially crafted custom-volume backup t...

6.5CVSS5.7AI score0.00376EPSS
Exploits1References3Affected Software1
Redos
Redos
added 2026/05/13 12:0 a.m.8 views

ROS-20260513-73-0018

Vulnerability in lxd related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

9.1CVSS5.8AI score0.00424EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-34179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH...

9.1CVSS5.8AI score0.00274EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-34177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmo...

9.1CVSS5.5AI score0.00363EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-34178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instanc...

9.1CVSS5.9AI score0.00424EPSS
Exploits1References3
OSV
OSV
added 2026/04/09 10:16 a.m.2 views

DEBIAN-CVE-2026-34179

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/fingerprint for restricted TLS certificate users, allowing a remote authenticated attacker to escalate...

9.1CVSS5.3AI score0.00274EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-28384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon...

9.4CVSS6AI score0.00502EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/13 12:23 a.m.2 views

SUSE CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS6AI score0.00502EPSS
Exploits0References3
NVD
NVD
added 2026/03/12 3:16 p.m.3 views

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

9.4CVSS0.00502EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-3351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all...

5.3CVSS5.8AI score0.00141EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/03 3:44 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the GET /1.0/certificates API endpoint. An attacker can enumerate all certificate fingerprints trusted by the server by sending crafted requests as an authenticated, restricted user. Remediation Upgrade...

5.3CVSS6AI score0.00141EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/03 12:49 p.m.3 views

CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS5.9AI score0.00141EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/11/20 8:32 a.m.5 views

Information Disclosure

github.com/canonical/lxd is vulnerable to Information Disclosure. The vulnerability is due to insufficient validation of process names, where attackers with root access in a container can spoof command-line names to impersonate other containers and obtain their metadata...

6.8CVSS6.5AI score0.00323EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-54287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary...

7.1CVSS5.7AI score0.00339EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-57848

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00244EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3203

Malicious code in bioql PyPI...

8.1CVSS7.4AI score0.00896EPSS
Exploits0References6
OSV
OSV
added 2025/10/02 9:19 p.m.1 views

GHSA-3G72-CHJ4-2228 Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API

Impact LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions. Therefore, attackers with only read permissions...

7.4CVSS7.7AI score0.00192EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.5 views

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5 and 5.21.4, which stems from a specially crafted resource name embedded in a URL path that could lead to a path traversal attack...

4.8CVSS6.3AI score0.00299EPSS
Exploits1References1
Rows per page
Query Builder