Lxd Security Vulnerabilities and Issues — Lxd CVE List

Lucene search

CanonicalLxd

6 matches found

CVE•added 2024/12/06 12:15 a.m.•65 views

CVE-2024-6156

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

3.8CVSS4.4AI score0.00023EPSS

CVE•added 2024/12/06 12:15 a.m.•64 views

CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.

3.8CVSS4.3AI score0.00023EPSS

CVE•added 2024/02/14 10:15 p.m.•61 views

CVE-2023-48733

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

6.7CVSS6.7AI score0.00013EPSS

CVE•added 2016/06/09 4:59 p.m.•55 views

CVE-2016-1581

LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.

5.5CVSS5.2AI score0.00035EPSS

CVE•added 2016/06/09 4:59 p.m.•52 views

CVE-2016-1582

LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.

5.5CVSS5.2AI score0.0004EPSS

CVE•added 2024/02/14 10:15 p.m.•33 views

CVE-2023-49721

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

6.7CVSS6.4AI score0.00017EPSS