Filtered by vendor Canonical
Subscribe
Total
4251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53512 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 6.5 MEDIUM |
| The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information. | |||||
| CVE-2022-28653 | 1 Canonical | 1 Apport | 2025-08-26 | N/A | 7.5 HIGH |
| Users can consume unlimited disk space in /var/crash | |||||
| CVE-2020-11936 | 1 Canonical | 1 Apport | 2025-08-26 | N/A | 3.1 LOW |
| gdbus setgid privilege escalation | |||||
| CVE-2022-1736 | 2 Canonical, Gnome | 2 Ubuntu Linux, Gnome-remote-desktop | 2025-08-26 | N/A | 9.8 CRITICAL |
| Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default. | |||||
| CVE-2023-0092 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 4.9 MEDIUM |
| An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. | |||||
| CVE-2024-8037 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 6.5 MEDIUM |
| Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. | |||||
| CVE-2024-8038 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 7.9 HIGH |
| Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. | |||||
| CVE-2024-9313 | 1 Canonical | 1 Authd | 2025-08-26 | N/A | 8.8 HIGH |
| Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. | |||||
| CVE-2024-9312 | 1 Canonical | 1 Authd | 2025-08-26 | N/A | 7.5 HIGH |
| Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. | |||||
| CVE-2024-7558 | 1 Canonical | 1 Juju | 2025-08-26 | N/A | 8.7 HIGH |
| JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. | |||||
| CVE-2024-11586 | 2 Canonical, Pulseaudio | 2 Ubuntu Linux, Pulseaudio | 2025-08-26 | N/A | 4.0 MEDIUM |
| Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected. | |||||
| CVE-2024-6156 | 1 Canonical | 1 Lxd | 2025-08-26 | N/A | 3.8 LOW |
| Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. | |||||
| CVE-2024-5138 | 1 Canonical | 1 Snapd | 2025-08-26 | N/A | 8.1 HIGH |
| The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar. | |||||
| CVE-2021-3899 | 1 Canonical | 2 Apport, Ubuntu Linux | 2025-08-26 | N/A | 7.8 HIGH |
| There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. | |||||
| CVE-2022-0555 | 1 Canonical | 1 Subiquity | 2025-08-26 | N/A | 8.4 HIGH |
| Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions | |||||
| CVE-2020-27352 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2025-08-26 | N/A | 9.3 CRITICAL |
| When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended. | |||||
| CVE-2023-48733 | 3 Canonical, Debian, Tianocore | 3 Lxd, Debian Linux, Edk2 | 2025-08-26 | N/A | 6.7 MEDIUM |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. | |||||
| CVE-2023-49721 | 2 Canonical, Tianocore | 2 Lxd, Edk2 | 2025-08-26 | N/A | 6.7 MEDIUM |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. | |||||
| CVE-2024-3250 | 1 Canonical | 1 Pebble | 2025-08-26 | N/A | 6.5 MEDIUM |
| It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4. | |||||
| CVE-2022-1804 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2025-08-26 | N/A | 5.5 MEDIUM |
| accountsservice no longer drops permissions when writting .pam_environment | |||||