Search CVE reports
1 – 10 of 49 results
Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an...
2 affected packages
incus, lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| incus | Needs evaluation | Not in release | — | — |
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui`...
2 affected packages
incus, lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| incus | Needs evaluation | Not in release | — | — |
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances...
2 affected packages
incus, lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| incus | Needs evaluation | Not in release | — | — |
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated...
2 affected packages
incus, lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| incus | Needs evaluation | Not in release | — | — |
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the...
2 affected packages
incus, lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| incus | Needs evaluation | Not in release | — | — |
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under...
2 affected packages
incus, lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| incus | Needs evaluation | Not in release | — | — |
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints....
1 affected package
lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Not affected | Not affected |
Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.
1 affected package
lxd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lxd | Not in release | Not in release | Needs evaluation | Needs evaluation |
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
7 affected packages
golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-golang-x-net | Not affected | Not affected | — | — |
| google-guest-agent | Not affected | Not affected | Not affected | Not affected |
| containerd | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net-dev | Not in release | Not in release | Not affected | Not affected |
| adsys | Not affected | Not affected | Not affected | — |
| juju-core | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not affected | Not affected |
Some fixes available 2 of 9
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
7 affected packages
google-guest-agent, containerd, golang-golang-x-net-dev, adsys, juju-core...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| google-guest-agent | Not affected | Not affected | Not affected | Not affected |
| containerd | Not affected | Not affected | Not affected | Not affected |
| golang-golang-x-net-dev | Not in release | Not in release | Vulnerable | Vulnerable |
| adsys | Not affected | Not affected | Not affected | — |
| juju-core | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not affected | Vulnerable |
| golang-golang-x-net | Fixed | Fixed | — | — |