CVE-2026-34177

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

Incus has Blind SSRF via Image Import Preflight HEAD

Summary A partial implementation of our restricted.images.servers project restriction allows users in such restricted projects to still cause Incus to send HEAD requests to arbitrary endpoints. The actual image download will be rejected by the project restriction, but the ability to trigger...

Linux Distros Unpatched Vulnerability : CVE-2026-34177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmo...

SUSE CVE-2026-34177

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

EUVD-2026-20872

LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf...

GHSA-FM2X-C5QW-4H6F LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Summary The isVMLowLevelOptionForbidden function in lxd/project/limits/permissions.go is missing raw.apparmor and raw.qemu.conf from its hardcoded forbidden list. A user with canedit permission on a VM instance in a restricted project can combine these two omissions to bridge the LXD unix socket...

LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Summary The isVMLowLevelOptionForbidden function in lxd/project/limits/permissions.go is missing raw.apparmor and raw.qemu.conf from its hardcoded forbidden list. A user with canedit permission on a VM instance in a restricted project can combine these two omissions to bridge the LXD unix socket...

EUVD-2026-20874

LXD: Importing a crafted backup leads to project restriction bypass...

Improper Validation of Consistency within Input

Overview Affected versions of this package are vulnerable to Improper Validation of Consistency within Input through the internalImportFromBackup process in lxd/apiinternal.go. An attacker can create a backup archive with a benign backup/index.yaml and a malicious backup/container/backup.yaml, th...

CVE-2026-34178

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...

CVE-2026-34177 VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...

PT-2026-31595

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.12 through 6.7 Description Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in the isVMLowLevelOptionForbidden function lxd/project/limits/permissions.go. This denylist omits raw.apparmor and...

Linux Distros Unpatched Vulnerability : CVE-2024-12244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitL...

Gitlab -- vulnerabilities

Gitlab reports: Partial Bypass for Device OAuth flow using Cross Window Forgery Denial of service by abusing Github import API Group IP restriction bypass allows disclosing issue title of restricted project...

CVE-2024-12244

An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1...

UBUNTU-CVE-2024-12244

An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1...

CVE-2024-12244 Missing Authorization in GitLab

An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1...

GitLab Enterprise Edition（EE） 安全漏洞

GitLab Enterprise Edition EE is a content management system from GitLab, Inc. in the United States. A security vulnerability exists in GitLab Enterprise Edition EE versions prior to 17.11.1, which stems from an access control issue that could cause a user to view restricted project information...

CVE-2024-4811

In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts...

CVE-2024-4811

CVE-2024-4811 affects Octopus Server. Affected versions expose a security issue where a user with specific role assignments can access restricted project artifacts under certain conditions. The CVSS 3.1 base score is 2.2 (LOW) with vectors: AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N; attack vector is NE...