17 matches found
GO-2025-4003 CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI in github.com/canonical/lxd
CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI in github.com/canonical/lxd...
Linux Distros Unpatched Vulnerability : CVE-2025-54292
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended...
CVE-2025-54286
Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...
EUVD-2025-32093
Malicious code in bioql PyPI...
SUSE CVE-2025-54286
Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...
SUSE CVE-2025-54292
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths...
DEBIAN-CVE-2025-54292
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths...
CVE-2025-54292
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths...
DEBIAN-CVE-2025-54286
Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...
UBUNTU-CVE-2025-54292
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths...
CVE-2025-54292 Client-Side Path Traversal in LXD-UI
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths...
CVE-2025-54292
Removed by vendor...
CVE-2025-54286
Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...
CVE-2025-54286
CVE-2025-54286 corresponds to CSRF in LXD-UI for Canonical LXD versions ≥5.0 on Linux, where an attacker can create and start containers without user consent via crafted HTML form submissions that abuse client certificate authentication. Debian advisories (DSA-6027/6028) enumerate multiple LXD-re...
CVE-2025-54286
Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...
CVE-2025-54286 CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI
Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...
PT-2025-40335
Name of the Vulnerable Software and Affected Versions Canonical LXD LXD-UI versions prior to 6.5 Canonical LXD LXD-UI versions prior to 5.21.4 Description A path traversal issue exists in Canonical LXD LXD-UI. Remote authenticated attackers can potentially access or modify unintended resources by...