Filtered by vendor Canonical
Subscribe
Total
4249 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9313 | 1 Canonical | 1 Authd | 2025-08-26 | N/A | 8.8 HIGH |
| Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. | |||||
| CVE-2024-9312 | 1 Canonical | 1 Authd | 2025-08-26 | N/A | 7.5 HIGH |
| Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. | |||||
| CVE-2024-7558 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 8.7 HIGH |
| JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. | |||||
| CVE-2024-11586 | 2 Canonical, Pulseaudio | 2 Ubuntu Linux, Pulseaudio | 2025-08-26 | N/A | 4.0 MEDIUM |
| Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected. | |||||
| CVE-2024-6156 | 1 Canonical | 1 Lxd | 2025-08-26 | N/A | 3.8 LOW |
| Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. | |||||
| CVE-2024-5138 | 1 Canonical | 1 Snapd | 2025-08-26 | N/A | 8.1 HIGH |
| The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar. | |||||
| CVE-2021-3899 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-26 | N/A | 7.8 HIGH |
| There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. | |||||
| CVE-2022-0555 | 1 Canonical | 1 Subiquity | 2025-08-26 | N/A | 8.4 HIGH |
| Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions | |||||
| CVE-2020-27352 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2025-08-26 | N/A | 9.3 CRITICAL |
| When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended. | |||||
| CVE-2023-48733 | 3 Canonical, Debian, Tianocore | 3 Lxd, Debian Linux, Edk2 | 2025-08-26 | N/A | 6.7 MEDIUM |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. | |||||
| CVE-2023-49721 | 2 Canonical, Tianocore | 2 Lxd, Edk2 | 2025-08-26 | N/A | 6.7 MEDIUM |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. | |||||
| CVE-2024-3250 | 1 Canonical | 1 Pebble | 2025-08-26 | N/A | 6.5 MEDIUM |
| It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4. | |||||
| CVE-2022-1804 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2025-08-26 | N/A | 5.5 MEDIUM |
| accountsservice no longer drops permissions when writting .pam_environment | |||||
| CVE-2023-0881 | 1 Canonical | 1 Linux-bluefield | 2025-08-26 | N/A | 7.5 HIGH |
| Running DDoS on tcp port 22 will trigger a kernel crash. This issue is introduced by the backport of a commit regarding nft_lookup without the subsequent fixes that were introduced after this commit. The resolution of this CVE introduces those commits to the linux-bluefield package. | |||||
| CVE-2023-5616 | 2 Canonical, Gnome | 2 Ubuntu Linux, Control Center | 2025-08-26 | N/A | 4.9 MEDIUM |
| In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user. | |||||
| CVE-2025-5689 | 1 Canonical | 1 Authd | 2025-08-26 | N/A | 8.5 HIGH |
| A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session. | |||||
| CVE-2025-5054 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-22 | N/A | 4.7 MEDIUM |
| Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1). | |||||
| CVE-2022-1242 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-22 | N/A | 7.8 HIGH |
| Apport can be tricked into connecting to arbitrary sockets as the root user | |||||
| CVE-2015-7747 | 3 Audiofile, Canonical, Fedoraproject | 3 Audiofile, Ubuntu Linux, Fedora | 2025-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted audio file, as demonstrated by sixteen-stereo-to-eight-mono.c. | |||||
| CVE-2018-17095 | 2 Audiofile, Canonical | 2 Audiofile, Ubuntu Linux | 2025-08-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert. | |||||