Lucene search
K

43 matches found

EUVD
EUVD
added 6 days ago9 views

EUVD-2026-39788

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

8.4CVSS5.8AI score0.00108EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-12411

CVE-2026-12411 : Affects Canonical LXD (devLXDInstancePatchHandler). A crafted device PATCH to /dev/lxd, when security.devlxd.management.volumes is enabled, can allow a local untrusted guest to mount, read, and overwrite another guest’s custom storage volume. CVSSv3.1 base score 8.4 (HIGH); confi...

8.4CVSS5.8AI score0.00108EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-12411 Broken Access Control in Canonical LXD DevLXD API

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

8.4CVSS0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-34179

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/fingerprint for restricted TLS certificate users, allowing a remote authenticated attacker to escalate...

9.1CVSS5.5AI score0.00274EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instanc...

9.1CVSS5.9AI score0.00424EPSS
Exploits1References3
CVE
CVE
added 2026/03/12 2:51 p.m.18 views

CVE-2026-28384

CVE-2026-28384 : Canonical LXD contains an improper sanitization of the compression_algorithm parameter, allowing an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. Affected: LXD releases 4.12–6.6. Mitigatio...

9.4CVSS5.9AI score0.00502EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24958

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.12 through 6.6 Description An improper sanitization of the compression algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API cal...

9.4CVSS6AI score0.00502EPSS
Exploits0References15
Veracode
Veracode
added 2025/11/21 5:49 a.m.7 views

Cross-Site Request Forgery (CSRF)

github.com/canonical/lxd is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of client-side authentication tokens, which allows an attacker to trigger container creation and startup through crafted HTML form submissions without user consent...

8.8CVSS7AI score0.00118EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/11/05 6:41 p.m.3 views

GO-2025-4003 CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI in github.com/canonical/lxd

CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI in github.com/canonical/lxd...

8.8CVSS6.9AI score0.00118EPSS
Exploits1References1
OSV
OSV
added 2025/11/05 6:41 p.m.3 views

GO-2025-3999 Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd

Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd...

8.1CVSS7AI score0.00192EPSS
Exploits1References1
OSV
OSV
added 2025/11/05 6:41 p.m.3 views

GO-2025-4001 Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server in github.com/canonical/lxd

Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server in github.com/canonical/lxd...

6.8CVSS6.9AI score0.00323EPSS
Exploits1References1
OSV
OSV
added 2025/11/05 6:41 p.m.3 views

GO-2025-4000 Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function in github.com/canonical/lxd

Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function in github.com/canonical/lxd...

7.1CVSS6.9AI score0.00537EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-54289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions a...

8.1CVSS5.8AI score0.00192EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-54291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project...

6.9CVSS5.7AI score0.00357EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/06 9:5 p.m.20 views

CVE-2025-54292

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths...

4.8CVSS6.8AI score0.00299EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/06 5:13 p.m.4 views

CVE-2025-54291

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...

6.9CVSS6.8AI score0.00357EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/06 5:13 p.m.5 views

CVE-2025-54286

Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...

7.5CVSS6.5AI score0.00118EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-32093

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00299EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-32099

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00118EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-32094

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.00357EPSS
Exploits1References2
Rows per page
Query Builder