EUVD-2024-3419

Malicious code in bioql PyPI...

EUVD-2024-3485

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-6219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoure...

CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured...

CVE-2024-6156

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store...

Unrestricted Certificate Access

github.com/canonical/lxd is vulnerable to Unrestricted Certificate Access. The vulnerability is due to LXD not honoring the restrictions of certificates added to the trust store in PKI mode, allows clients to gain unrestricted access, even if the certificate was intended to have limitations...

lxd CA certificate sign check bypass

Summary If a server.ca file is present in LXDDIR at LXD start up, LXD is in "PKI mode". In this mode, only TLS clients that have a CA-signed certificate should be able to authenticate with LXD. We have discovered that if a client that sends a non-CA signed certificate during the TLS handshake, th...

GHSA-4C49-9FPC-HC3V lxd CA certificate sign check bypass

Summary If a server.ca file is present in LXDDIR at LXD start up, LXD is in "PKI mode". In this mode, only TLS clients that have a CA-signed certificate should be able to authenticate with LXD. We have discovered that if a client that sends a non-CA signed certificate during the TLS handshake, th...

lxd has a restricted TLS certificate privilege escalation when in PKI mode

Summary If a server.ca file is present in LXDDIR at LXD start up, LXD is in "PKI mode". In this mode, all clients must have certificates that have been signed by the CA. The LXD configuration option core.trustcacertificates defaults to false. This means that although the client certificate has be...

GHSA-JPMC-7P9C-4RXF lxd has a restricted TLS certificate privilege escalation when in PKI mode

Summary If a server.ca file is present in LXDDIR at LXD start up, LXD is in "PKI mode". In this mode, all clients must have certificates that have been signed by the CA. The LXD configuration option core.trustcacertificates defaults to false. This means that although the client certificate has be...

GO-2024-3313 Restricted TLS certificate privilege escalation when in PKI mode in github.com/canonical/lxd

Restricted TLS certificate privilege escalation when in PKI mode in github.com/canonical/lxd...

CVE-2024-6156

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store...

CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured...

DEBIAN-CVE-2024-6156

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store...

CVE-2024-6156

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store...

UBUNTU-CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured...

CVE-2024-6219

CVE-2024-6219 affects LXD when running in PKI mode prior to 5.21.1. A restricted client certificate can be added to the trust store and have its restrictions ignored, granting full access to the server. Root cause: PKI mode did not honor core.trust_ca_certificates during CA-signed authentication,...

CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured...

CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured...

CVE-2024-6156

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store...