8 matches found
SUSE CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
DEBIAN-CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
CVE-2026-34178 Importing a crafted backup leads to project restriction bypass
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...
CVE-2026-34178
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml but creates the instance from backup/container/backup.yaml, which is not checked for restrictions. An authenticated remote attacker with instance-creation permission in a restricted projec...
CVE-2026-32914
CVE-2026-32914 concerns OpenClaw prior to 2026.3.12, with an insufficient access control weakness in the /config and /debug command handlers. The issue allows command-authorized non-owners to read or modify privileged, owner-only configuration settings due to missing owner-level permission checks...
CVE-2026-32914 OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints
OpenClaw before 2026.3.12 contains an insufficient access control vulnerability in the /config and /debug command handlers that allows command-authorized non-owners to access owner-only surfaces. Attackers with command authorization can read or modify privileged configuration settings restricted ...