CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6219
https://notcve.org/view.php?id=CVE-2024-6219
05 Dec 2024 — Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. • https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf • CWE-295: Improper Certificate Validation •
CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6156
https://notcve.org/view.php?id=CVE-2024-6156
05 Dec 2024 — Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. • https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v • CWE-295: Improper Certificate Validation •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49721
https://notcve.org/view.php?id=CVE-2023-49721
14 Feb 2024 — An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. Un valor predeterminado inseguro para permitir UEFI Shell en EDK2 se dejó habilitado en LXD. Esto permite que un atacante residente en el sistema operativo omita el arranque seguro. • https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 • CWE-276: Incorrect Default Permissions •