CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6219
https://notcve.org/view.php?id=CVE-2024-6219
05 Dec 2024 — Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. • https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf • CWE-295: Improper Certificate Validation •
CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6156
https://notcve.org/view.php?id=CVE-2024-6156
05 Dec 2024 — Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. • https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v • CWE-295: Improper Certificate Validation •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49721
https://notcve.org/view.php?id=CVE-2023-49721
14 Feb 2024 — An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. Un valor predeterminado inseguro para permitir UEFI Shell en EDK2 se dejó habilitado en LXD. Esto permite que un atacante residente en el sistema operativo omita el arranque seguro. • https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2017-5936 – Ubuntu Security Notice USN-3195-1
https://notcve.org/view.php?id=CVE-2017-5936
10 Feb 2017 — OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions. OpenStack Nova-LXD en versiones anteriores a 13.1.1 usa el nombre incorrecto en los pares veth cuando se aplican las reglas del grupo de seguridad Neutron por instancias, lo que permite a atacantes remotos eludir las restricciones de seguridad previstas. James Page discovered that Nova-LXD incorrectly set up ... • http://www.openwall.com/lists/oss-security/2017/02/09/3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1581 – Ubuntu Security Notice USN-2988-1
https://notcve.org/view.php?id=CVE-2016-1581
01 Jun 2016 — LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. LXD en versiones anteriores a 2.0.2 usa permisos world-readable para /var/lib/lxd/zfs.img al configurar una agrupación ZFS en bucle, lo que permite a usuarios locales copiar y leer información de contenedores arbitrarios a través de vectores no especificados. Robie Basak discovered that LXD incorrect... • http://www.ubuntu.com/usn/USN-2988-1 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1582 – Ubuntu Security Notice USN-2988-1
https://notcve.org/view.php?id=CVE-2016-1582
01 Jun 2016 — LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors. LXD en versiones anteriores a 2.0.2 no establece adecuadamente los permisos cuando se cambia un recipiente sin privelegios a modo privilegiado, lo que permite a usuarios locales acceder a la lectura de todas las rutas arbitrarios en el directorio del contenedor a través de vector... • http://www.ubuntu.com/usn/USN-2988-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •