35 matches found
Information Disclosure
github.com/canonical/lxd is vulnerable to an Information Disclosure. The vulnerability is due to differing HTTP status code responses in the Images API, where improper project existence handling allows unauthenticated remote attackers to infer whether a target project exists, enabling unintended...
Information Disclosure
lxd is vulnerable to Information Disclosure. The vulnerability is due to improper validation in the image export API, where crafted requests using wildcard fingerprints allow unauthenticated network attackers to probe and determine whether projects exist...
GO-2025-4002 Canonical LXD Project Existence Determination Through Error Handling in Image Export Function in github.com/canonical/lxd
Canonical LXD Project Existence Determination Through Error Handling in Image Export Function in github.com/canonical/lxd...
Linux Distros Unpatched Vulnerability : CVE-2025-54290
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without...
Linux Distros Unpatched Vulnerability : CVE-2025-54291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project...
CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54290
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...
EUVD-2025-32095
Malicious code in bioql PyPI...
SUSE CVE-2025-54290
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...
SUSE CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
GHSA-P3X5-MVMP-5F35 Canonical LXD Project Existence Determination Through Error Handling in Image Export Function
Impact In LXD's images export API /1.0/images/fingerprint/export, implementation differences in error handling allow determining project existence without authentication. Specifically, in the following code, errors when multiple images match are directly returned to users as API responses:...
Canonical LXD Project Existence Determination Through Error Handling in Image Export Function
Impact In LXD's images export API /1.0/images/fingerprint/export, implementation differences in error handling allow determining project existence without authentication. Specifically, in the following code, errors when multiple images match are directly returned to users as API responses:...
GHSA-XCH9-H8QW-85C7 Canonical LXD Project Existence Determination Through Error Handling in Image Get Function
Impact The LXD /1.0/images endpoint is implemented as an AllowUntrusted API that requires no authentication, making it accessible to users without accounts. This API allows determining project existence through differences in HTTP status codes when accessed with the project parameter...
Canonical LXD Project Existence Determination Through Error Handling in Image Get Function
Impact The LXD /1.0/images endpoint is implemented as an AllowUntrusted API that requires no authentication, making it accessible to users without accounts. This API allows determining project existence through differences in HTTP status codes when accessed with the project parameter...
CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54290
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...
DEBIAN-CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
DEBIAN-CVE-2025-54290
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...
CVE-2025-54291
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...
CVE-2025-54290
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...