Incus

A vulnerability exists in Incus where it does not properly verify the combined fingerprint when downloading images from simplestreams servers, allowing an attacker to perform image cache poisoning and potentially expose other tenants to running attacker-controlled images.

A vulnerability in Incus versions prior to 6.23.0 allows for arbitrary read and write access as root on the host server by exploiting a missing chroot isolation in the pongo2 template engine.