Search CVE reports

Toggle filters

1 – 10 of 58 results

CVE-2026-33814

Medium priority
Needs evaluation

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-net Needs evaluation Needs evaluation Needs evaluation
google-guest-agent Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
containerd Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-golang-x-net-dev Not in release Not in release Not in release Needs evaluation Needs evaluation
adsys Needs evaluation Needs evaluation Needs evaluation Needs evaluation
juju-core Not in release Not in release Not in release
lxd Not in release Not in release Not in release Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2026-41685

Medium priority
Needs evaluation

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The...

2 affected packages

incus, lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
incus Needs evaluation Needs evaluation Not in release
lxd Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-41648

Medium priority
Needs evaluation

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for...

2 affected packages

incus, lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
incus Needs evaluation Needs evaluation Not in release
lxd Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-40251

Medium priority
Needs evaluation

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the...

2 affected packages

incus, lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
incus Needs evaluation Needs evaluation Not in release
lxd Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-41684

Medium priority
Needs evaluation

security update

2 affected packages

incus, lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
incus Needs evaluation Needs evaluation Not in release
lxd Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-40197

Medium priority
Needs evaluation

security update

2 affected packages

incus, lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
incus Needs evaluation Needs evaluation Not in release
lxd Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-34179

Medium priority
Vulnerable

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS...

2 affected packages

lxd, incus

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not in release Not affected Not affected
incus Vulnerable Vulnerable Not in release
Show less packages

CVE-2026-34178

Medium priority
Vulnerable

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same...

2 affected packages

lxd, incus

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not in release Not affected Not affected
incus Vulnerable Vulnerable Not in release
Show less packages

CVE-2026-34177

Medium priority
Vulnerable

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under...

2 affected packages

lxd, incus

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
lxd Not in release Not in release Not in release Not affected Not affected
incus Not affected Vulnerable Not in release
Show less packages

CVE-2026-33945

High priority
Needs evaluation

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an...

2 affected packages

incus, lxd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
incus Needs evaluation Needs evaluation Not in release
lxd Not in release Not in release Not in release Not affected Not affected
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON