| Bug | bookworm | trixie | Description |
|---|
| CVE-2025-64507 | fixed | vulnerable (no DSA, ignored) | Incus is a system container and virtual machine manager. An issue in v ... |
| CVE-2025-54291 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | Information disclosure in images API in Canonical LXD before 6.5 and 5 ... |
| CVE-2025-54290 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | Information disclosure in image export API in Canonical LXD before 6.5 ... |
| CVE-2025-54289 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | Privilege Escalation in operations API in Canonical LXD <6.5 on multip ... |
| CVE-2024-6156 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could ... |
| Bug | Description |
|---|
| CVE-2025-54293 | Path Traversal in the log file retrieval function in Canonical LXD 5.0 ... |
| CVE-2025-54288 | Information Spoofing in devLXD Server in Canonical LXD versions 4.0 an ... |
| CVE-2025-54287 | Template Injection in instance snapshot creation component in Canonica ... |
| CVE-2025-54286 | Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions ... |
| CVE-2024-6219 | Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a ... |
| CVE-2023-49721 | An insecure default to allow UEFI Shell in EDK2 was left enabled in LX ... |
| CVE-2016-1582 | LXD before 2.0.2 does not properly set permissions when switching an u ... |
| CVE-2016-1581 | LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs. ... |
| CVE-2015-8222 | The lxd-unix.socket systemd unit file in the Ubuntu lxd package before ... |
| CVE-2015-1340 | LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsa ... |