Search CVE reports

Toggle filters

31 – 40 of 57 results

CVE-2025-54287

Medium priority
Not affected

Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern...

1 affected package

lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not affected Not affected
Show less packages

CVE-2025-54286

Medium priority
Not affected

Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate...

1 affected package

lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not affected Not affected
Show less packages

CVE-2025-22872

Medium priority

Some fixes available 8 of 14

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing,...

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Not affected Fixed Fixed Not in release Not in release
google-guest-agent Not affected Not affected Not affected Not affected Not affected
containerd Not affected Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Not in release Fixed Fixed
adsys Not affected Not affected Not affected Not affected
juju-core
lxd Not affected Fixed
Show all 7 packages Show less packages

CVE-2025-22869

Medium priority
Needs evaluation

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

3 affected packages

lxd, golang-go.crypto, snapd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not in release Not affected Not affected
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Ignored Needs evaluation
snapd Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-45341

Medium priority

Some fixes available 3 of 35

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only...

18 affected packages

lxd, golang, golang-1.6, golang-1.8, golang-1.9...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not in release Not affected Ignored
golang Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.10 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.13 Not in release Not in release Needs evaluation Ignored Needs evaluation
golang-1.14 Not in release Not in release Not in release Ignored
golang-1.16 Not in release Not in release Not in release Ignored Needs evaluation
golang-1.17 Not in release Not in release Needs evaluation Not in release
golang-1.18 Not in release Not in release Needs evaluation Ignored Needs evaluation
golang-1.20 Not in release Not in release Needs evaluation Ignored
golang-1.21 Not in release Needs evaluation Needs evaluation Ignored
golang-1.22 Not in release Fixed Fixed Ignored
golang-1.23 Not affected Needs evaluation Needs evaluation Not in release
golang-1.24 Needs evaluation Needs evaluation Needs evaluation Not in release
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
snapd Not affected Not affected Not affected Not affected Not affected
Show all 18 packages Show less packages

CVE-2024-45338

Medium priority

Some fixes available 13 of 17

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

7 affected packages

adsys, golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
adsys Fixed Fixed Fixed Fixed
golang-golang-x-net Vulnerable Fixed Fixed Not in release
google-guest-agent Not affected Not affected Not affected Not affected Not affected
containerd Not affected Not affected Not affected Not affected Not affected
golang-golang-x-net-dev Not in release Not in release Not in release Fixed Fixed
juju-core Not in release Not in release Not in release Not in release
lxd Not in release Not in release Not in release Not affected Not affected
Show all 7 packages Show less packages

CVE-2024-45337

Medium priority

Some fixes available 11 of 17

Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says...

4 affected packages

snapd, lxd, golang-go.crypto, google-guest-agent

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
snapd Not affected Not affected Not affected Not affected Not affected
lxd Not in release Not in release Not in release Not affected Needs evaluation
golang-go.crypto Vulnerable Fixed Fixed Fixed Fixed
google-guest-agent Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-6219

Medium priority
Needs evaluation

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.

1 affected package

lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not in release Ignored Needs evaluation
Show less packages

CVE-2024-6156

Medium priority
Needs evaluation

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

1 affected package

lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not in release Ignored Needs evaluation
Show less packages

CVE-2023-49721

Medium priority
Not affected

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

1 affected package

lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not affected Not affected
Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON