ROS-20260513-73-0018

Vulnerability in lxd related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2026-34178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instanc...

Linux Distros Unpatched Vulnerability : CVE-2026-34177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmo...

Linux Distros Unpatched Vulnerability : CVE-2026-34179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH...

DEBIAN-CVE-2026-34179

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/fingerprint for restricted TLS certificate users, allowing a remote authenticated attacker to escalate...

Linux Distros Unpatched Vulnerability : CVE-2026-28384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon...

SUSE CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

CVE-2026-28384

An improper sanitization of the compressionalgorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the sn...

Linux Distros Unpatched Vulnerability : CVE-2026-3351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the GET /1.0/certificates API endpoint. An attacker can enumerate all certificate fingerprints trusted by the server by sending crafted requests as an authenticated, restricted user. Remediation Upgrade...

CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

Information Disclosure

github.com/canonical/lxd is vulnerable to Information Disclosure. The vulnerability is due to insufficient validation of process names, where attackers with root access in a container can spoof command-line names to impersonate other containers and obtain their metadata...

Linux Distros Unpatched Vulnerability : CVE-2025-54287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary...

EUVD-2023-57848

Malicious code in bioql PyPI...

EUVD-2022-3203

Malicious code in bioql PyPI...

GHSA-3G72-CHJ4-2228 Canonical LXD Vulnerable to Privilege Escalation via WebSocket Connection Hijacking in Operations API

Impact LXD's operations API includes secret values necessary for WebSocket connections when retrieving information about running operations. These secret values are used for authentication of WebSocket connections for terminal and console sessions. Therefore, attackers with only read permissions...

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5 and 5.21.4, which stems from a specially crafted resource name embedded in a URL path that could lead to a path traversal attack...

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD 4.0 and later versions, which stems from a template injection when the instance snapshot creation component uses the Pongo2 template engine, which could result in...

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5, which stems from an elevated privilege in the Operations API that could lead to hijacking a terminal or console session and hijacking the...

Unrestricted Certificate Access

github.com/canonical/lxd is vulnerable to Unrestricted Certificate Access. The vulnerability is due to LXD not honoring the restrictions of certificates added to the trust store in PKI mode, allows clients to gain unrestricted access, even if the certificate was intended to have limitations...