pkg:Debian/lxd

All known vulnerabilities

• CRITICAL9.9CVE-2026-33897Incus vulnerable to arbitrary file read and write through pongo templates in github.com/lxc/incus
  from 0, < 5.0.2-5+deb12u4
• CRITICAL9.1CVE-2026-34177LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf
  from 0, < 5.0.2-5+deb12u5
• CRITICAL9.1LXD: Importing a crafted backup leads to project restriction bypass
  from 0
• CRITICAL9.1LXD: Update of type field in restricted TLS certificate allows privilege escalation to cluster admin
  from 0, < 5.0.2-5+deb12u5
• HIGH8.7Incus container image templating arbitrary host file read and write in github.com/lxc/incus
  from 0, < 5.0.2-5+deb12u3
• HIGH8.7lxd - security update
  from 0, < 5.0.2-5+deb12u3
• HIGH8.7lxd - security update
  from 0, < 5.0.2-5+deb12u3
• HIGH8.3lxd - security update
  from 0, < 5.0.2-5+deb12u1
• HIGH8.3lxd - security update
  from 0, < 5.0.2-5+deb12u1
• HIGH7.8lxd - security update
  from 0, < 5.0.2-5+deb12u2
• HIGH7.8lxd - security update
  from 0, < 5.0.2-5+deb12u2
• MEDIUM6.8Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd
  from 0
• MEDIUM6.5Incus has Nil Dereferences on Restore via Malformed YAML
  from 0, < 5.0.2-5+deb12u6
• MEDIUM6.5Incus Vulnerable to Panic via Snapshot Bounds Check
  from 0, < 5.0.2-5+deb12u6
• MEDIUM6.5Incus has a Nil-Pointer Dereference via Custom Volume Import
  from 0, < 5.0.2-5+deb12u6
• MEDIUM6.5Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns in github.com/lxc/lxd
  from 0, < 5.0.2-5+deb12u1
• MEDIUM6.5Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function in github.com/canonical/lxd
  from 0, < 5.0.2-5+deb12u1
• MEDIUM5.3Canonical LXD Project Existence Determination Through Error Handling in Image Export Function in github.com/canonical/lxd
  from 0
• MEDIUM5.3Canonical LXD Project Existence Determination Through Error Handling in Image Get Function in github.com/canonical/lxd
  from 0
• MEDIUM5.0Incus has Unbounded YAML Metadata Decode via Parsing
  from 0, < 5.0.2-5+deb12u6
• MEDIUM4.8Incus does not verify combined fingerprint when downloading images from simplestreams servers in github.com/lxc/incus
  from 0, < 5.0.2-5+deb12u4
• MEDIUM4.3Incus is affected by unbounded binary import disk exhaustion
  from 0, < 5.0.2-5+deb12u6
• MEDIUM4.1Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server in github.com/canonical/lxd
  from 0, < 5.0.2-5+deb12u1
• LOW3.8CA certificate sign check bypass in github.com/canonical/lxd
  from 0
• —(no summary)
  from 0
• —lxd - security update
  from 0, < 5.0.2-5+deb12u4
• —lxd - security update
  from 0, < 5.0.2-5+deb12u4
• —Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or m…
  from 0