Lucene search
K

9 matches found

Veracode
Veracode
added 2025/11/20 8:32 a.m.5 views

Information Disclosure

github.com/canonical/lxd is vulnerable to Information Disclosure. The vulnerability is due to insufficient validation of process names, where attackers with root access in a container can spoof command-line names to impersonate other containers and obtain their metadata...

6.8CVSS6.5AI score0.00326EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2025/10/02 11:23 p.m.4 views

SUSE CVE-2025-54288

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...

6.8CVSS6.9AI score0.00326EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/10/02 9:20 p.m.8 views

Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server

Impact In LXD's devLXD server, the source container identification process uses process cmdline command line information, allowing attackers to impersonate other containers by spoofing process names. The core issue lies in the findContainerForPID function in lxd/apidevlxd.go. This function...

6.8CVSS7AI score0.00326EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/10/02 9:20 p.m.2 views

GHSA-7232-97C6-J525 Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server

Impact In LXD's devLXD server, the source container identification process uses process cmdline command line information, allowing attackers to impersonate other containers by spoofing process names. The core issue lies in the findContainerForPID function in lxd/apidevlxd.go. This function...

5.1CVSS7AI score0.00326EPSS
Exploits1References4
OSV
OSV
added 2025/10/02 10:15 a.m.3 views

CVE-2025-54288

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...

6.8CVSS6.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/02 9:20 a.m.3 views

CVE-2025-54288 Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...

5.1CVSS6.4AI score0.00326EPSS
Exploits1References1
CVE
CVE
added 2025/10/02 9:20 a.m.20 views

CVE-2025-54288

CVE-2025-54288 affects Canonical LXD devLXD server on Linux container platforms. The issue arises from a vulnerability in how the devLXD code identifies containers via process cmdline information, allowing attackers with root privileges inside one container to impersonate other containers and rea...

6.8CVSS6.4AI score0.00326EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.6 views

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD 4.0 and later versions, which stems from information spoofing in the devLXD server that could lead to container impersonation and information disclosure...

6.8CVSS6.1AI score0.00326EPSS
Exploits1References2
OSV
OSV
added 2025/04/10 12:15 p.m.4 views

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

9.1CVSS5.8AI score0.00449EPSS
Exploits0References1
Rows per page
Query Builder