18 matches found
EUVD-2026-39794
A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
Bugsink 安全漏洞
Bugsink is an open-source, self-hosted bug tracking software developed by Bugsink. Versions of Bugsink prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the issue where batch operations did not require the submission of issue IDs belonging to the same project...
SUSE CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
GHSA-Q96J-3FMM-7FV4 LXD: Importing a crafted backup leads to project restriction bypass
Summary LXD instance backup import validates project restrictions against backup/index.yaml embedded in the tar archive, but creates the actual instance from backup/container/backup.yaml extracted to the storage volume. Because these are separate, independently attacker-controlled files within th...
LXD: Importing a crafted backup leads to project restriction bypass
Summary LXD instance backup import validates project restrictions against backup/index.yaml embedded in the tar archive, but creates the actual instance from backup/container/backup.yaml extracted to the storage volume. Because these are separate, independently attacker-controlled files within th...
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
DEBIAN-CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
UBUNTU-CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
CVE-2026-34178 Importing a crafted backup leads to project restriction bypass
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
CVE-2026-34178 Importing a crafted backup leads to project restriction bypass
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml but creates the instance from backup/container/backup.yaml, which is not checked for restrictions. An authenticated remote attacker with instance-creation permission in a restricted projec...
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
PT-2026-31596
Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.8 Description Canonical LXD versions prior to 6.8 have an issue where the backup import path validates project restrictions against backup/index.yaml within a supplied tar archive, but instance creation is bas...
LXD 安全漏洞
LXD is a Canonical open-source container-based system for managing applications on Linux systems. Prior to LXD 6.8, there was a security vulnerability. This vulnerability stemmed from the backup import path only verifying the backup/index.yaml file in the backup archive, without performing projec...
EUVD-2022-42790
Malicious code in bioql PyPI...