Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Filtered by product Lxd
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-54286 2 Canonical, Linux 2 Lxd, Linux Kernel 2025-10-22 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
CVE-2025-54287 2 Canonical, Linux 2 Lxd, Linux Kernel 2025-10-22 N/A 6.5 MEDIUM
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
CVE-2024-6219 1 Canonical 1 Lxd 2025-08-28 N/A 3.8 LOW
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.
CVE-2024-6156 1 Canonical 1 Lxd 2025-08-26 N/A 3.8 LOW
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
CVE-2023-48733 3 Canonical, Debian, Tianocore 3 Lxd, Debian Linux, Edk2 2025-08-26 N/A 6.7 MEDIUM
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
CVE-2023-49721 2 Canonical, Tianocore 2 Lxd, Edk2 2025-08-26 N/A 6.7 MEDIUM
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
CVE-2016-1581 1 Canonical 2 Lxd, Ubuntu Linux 2025-04-12 2.1 LOW 5.5 MEDIUM
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
CVE-2016-1582 1 Canonical 2 Lxd, Ubuntu Linux 2025-04-12 2.1 LOW 5.5 MEDIUM
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.