CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6219
https://notcve.org/view.php?id=CVE-2024-6219
05 Dec 2024 — Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. • https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf • CWE-295: Improper Certificate Validation •
CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-6156
https://notcve.org/view.php?id=CVE-2024-6156
05 Dec 2024 — Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. • https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1581 – Ubuntu Security Notice USN-2988-1
https://notcve.org/view.php?id=CVE-2016-1581
01 Jun 2016 — LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors. LXD en versiones anteriores a 2.0.2 usa permisos world-readable para /var/lib/lxd/zfs.img al configurar una agrupación ZFS en bucle, lo que permite a usuarios locales copiar y leer información de contenedores arbitrarios a través de vectores no especificados. Robie Basak discovered that LXD incorrect... • http://www.ubuntu.com/usn/USN-2988-1 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-1582 – Ubuntu Security Notice USN-2988-1
https://notcve.org/view.php?id=CVE-2016-1582
01 Jun 2016 — LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors. LXD en versiones anteriores a 2.0.2 no establece adecuadamente los permisos cuando se cambia un recipiente sin privelegios a modo privilegiado, lo que permite a usuarios locales acceder a la lectura de todas las rutas arbitrarios en el directorio del contenedor a través de vector... • http://www.ubuntu.com/usn/USN-2988-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •