Total
309418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0092 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 4.9 MEDIUM |
| An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. | |||||
| CVE-2024-8037 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 6.5 MEDIUM |
| Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. | |||||
| CVE-2024-42491 | 1 Sangoma | 2 Asterisk, Certified Asterisk | 2025-08-26 | N/A | 5.7 MEDIUM |
| Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations. | |||||
| CVE-2024-47062 | 1 Navidrome | 1 Navidrome | 2025-08-26 | N/A | 8.8 HIGH |
| Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like `password=...` in the URL (ORM Leak). Furthermore, the names of the parameters are not properly escaped, leading to SQL Injections. Finally, the username is used in a `LIKE` statement, allowing people to log in with `%` instead of their username. When adding parameters to the URL, they are automatically included in an SQL `LIKE` statement (depending on the parameter's name). This allows attackers to potentially retrieve arbitrary information. For example, attackers can use the following request to test whether some encrypted passwords start with `AAA`. This results in an SQL query like `password LIKE 'AAA%'`, allowing attackers to slowly brute-force passwords. When adding parameters to the URL, they are automatically added to an SQL query. The names of the parameters are not properly escaped. This behavior can be used to inject arbitrary SQL code (SQL Injection). These vulnerabilities can be used to leak information and dump the contents of the database and have been addressed in release version 0.53.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-8038 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 7.9 HIGH |
| Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. | |||||
| CVE-2024-9313 | 1 Canonical | 1 Authd | 2025-08-26 | N/A | 8.8 HIGH |
| Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. | |||||
| CVE-2024-31227 | 1 Redis | 1 Redis | 2025-08-26 | N/A | 4.4 MEDIUM |
| Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-9312 | 1 Canonical | 1 Authd | 2025-08-26 | N/A | 7.5 HIGH |
| Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. | |||||
| CVE-2024-7558 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 8.7 HIGH |
| JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. | |||||
| CVE-2024-10224 | 2 Debian, Rschupp | 2 Debian Linux, Modules\ | 2025-08-26 | N/A | 5.3 MEDIUM |
| Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval(). | |||||
| CVE-2025-48382 | 1 Codelibs | 1 Fess | 2025-08-26 | N/A | 5.5 MEDIUM |
| Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files. This issue primarily affects environments where Fess is deployed in a shared or multi-user context. Typical single-user or isolated deployments have minimal or negligible practical impact. This issue has been patched in version 14.19.2. A workaround for this issue involves ensuring local access to the environment running Fess is restricted to trusted users only. | |||||
| CVE-2025-48495 | 1 Forceu | 1 Gokapi | 2025-08-26 | N/A | 5.4 MEDIUM |
| Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code. | |||||
| CVE-2025-48494 | 1 Forceu | 1 Gokapi | 2025-08-26 | N/A | 5.4 MEDIUM |
| Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users using a version prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A possible workaround would be to disable end-to-end encryption. | |||||
| CVE-2024-11586 | 2 Canonical, Pulseaudio | 2 Ubuntu Linux, Pulseaudio | 2025-08-26 | N/A | 4.0 MEDIUM |
| Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected. | |||||
| CVE-2024-6156 | 1 Canonical | 1 Lxd | 2025-08-26 | N/A | 3.8 LOW |
| Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. | |||||
| CVE-2024-4140 | 2 Fedoraproject, Rjbs | 2 Fedora, Email-mime | 2025-08-26 | N/A | 7.5 HIGH |
| An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts. | |||||
| CVE-2024-5138 | 1 Canonical | 1 Snapd | 2025-08-26 | N/A | 8.1 HIGH |
| The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar. | |||||
| CVE-2021-3899 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-26 | N/A | 7.8 HIGH |
| There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. | |||||
| CVE-2022-0555 | 1 Canonical | 1 Subiquity | 2025-08-26 | N/A | 8.4 HIGH |
| Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions | |||||
| CVE-2020-27352 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2025-08-26 | N/A | 9.3 CRITICAL |
| When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended. | |||||