CVE search results

11 – 20 of 71 results

Detailed view

Sort by:

CVE-2026-39829

Medium priority

Needs evaluation

(The RSA and DSA public key parsers did not enforce size limits on key ...)

4 affected packages

golang-go.crypto, snapd, lxd, google-guest-agent

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
snapd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	Not in release	Not in release	Not in release	Not affected	Needs evaluation
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-39828

Medium priority

Needs evaluation

(When an SSH server authentication callback returned PartialSuccessErro ...)

4 affected packages

golang-go.crypto, snapd, lxd, google-guest-agent

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
snapd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	Not in release	Not in release	Not in release	Not affected	Needs evaluation
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-39827

Medium priority

Needs evaluation

(An authenticated SSH client that repeatedly opened channels which were ...)

4 affected packages

golang-go.crypto, snapd, lxd, google-guest-agent

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-go.crypto	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
snapd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lxd	Not in release	Not in release	Not in release	Not affected	Needs evaluation
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2026-33814

Medium priority

Needs evaluation

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

7 affected packages

golang-golang-x-net, google-guest-agent, containerd, golang-golang-x-net-dev, adsys...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-golang-x-net	Needs evaluation	Needs evaluation	Needs evaluation	—	—
google-guest-agent	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
containerd	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golang-golang-x-net-dev	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
adsys	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—
juju-core	Not in release	Not in release	Not in release	—	—
lxd	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The...

2 affected packages

incus, lxd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
incus	Needs evaluation	Needs evaluation	Not in release	—	—
lxd	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2026-41684

Medium priority

Needs evaluation

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file...

2 affected packages

incus, lxd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
incus	Needs evaluation	Needs evaluation	Not in release	—	—
lxd	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2026-41648

Medium priority

Needs evaluation

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for...

2 affected packages

incus, lxd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
incus	Needs evaluation	Needs evaluation	Not in release	—	—
lxd	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2026-40251

Medium priority

Needs evaluation

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the...

2 affected packages

incus, lxd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
incus	Needs evaluation	Needs evaluation	Not in release	—	—
lxd	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2026-40197

Medium priority

Needs evaluation

2 affected packages

incus, lxd

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
incus	Needs evaluation	Needs evaluation	Not in release	—	—
lxd	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation

CVE-2026-34179

Medium priority

Vulnerable

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS...

2 affected packages

lxd, incus

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lxd	Not in release	Not in release	Not in release	Not affected	Not affected
incus	Vulnerable	Vulnerable	Not in release	—	—

Export to JSON

Results by page:

Search CVE reports

CVE-2026-39829

CVE-2026-39828

CVE-2026-39827

CVE-2026-33814

CVE-2026-41685

CVE-2026-41684

CVE-2026-41648

CVE-2026-40251

CVE-2026-40197

CVE-2026-34179