Filtered by vendor Canonical
Subscribe
Total
4299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54291 | 1 Canonical | 1 Lxd | 2026-06-17 | N/A | 5.3 MEDIUM |
| Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses. | |||||
| CVE-2025-54290 | 2 Canonical, Linux | 2 Lxd, Linux Kernel | 2026-06-17 | N/A | 5.3 MEDIUM |
| Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints. | |||||
| CVE-2025-54289 | 1 Canonical | 1 Lxd | 2026-06-17 | N/A | 8.1 HIGH |
| Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format | |||||
| CVE-2025-54288 | 2 Canonical, Linux | 2 Lxd, Linux Kernel | 2026-06-17 | N/A | 6.8 MEDIUM |
| Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line. | |||||
| CVE-2025-54287 | 2 Canonical, Linux | 2 Lxd, Linux Kernel | 2026-06-17 | N/A | 6.5 MEDIUM |
| Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine. | |||||
| CVE-2025-54286 | 2 Canonical, Linux | 2 Lxd, Linux Kernel | 2026-06-17 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication. | |||||
| CVE-2025-53513 | 1 Canonical | 1 Juju | 2026-06-17 | N/A | 8.8 HIGH |
| The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm. | |||||
| CVE-2025-53512 | 1 Canonical | 1 Juju | 2026-06-17 | N/A | 6.5 MEDIUM |
| The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information. | |||||
| CVE-2025-33208 | 2 Canonical, Nvidia | 2 Ubuntu Linux, Tao Toolkit | 2026-06-17 | N/A | 8.8 HIGH |
| NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure. | |||||
| CVE-2025-32463 | 6 Canonical, Debian, Opensuse and 3 more | 8 Ubuntu Linux, Debian Linux, Leap and 5 more | 2026-06-17 | N/A | 9.3 CRITICAL |
| Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | |||||
| CVE-2025-26466 | 3 Canonical, Debian, Openbsd | 3 Ubuntu Linux, Debian Linux, Openssh | 2026-06-17 | N/A | 5.9 MEDIUM |
| A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. | |||||
| CVE-2025-15480 | 1 Canonical | 1 Ubuntu Desktop Provision | 2026-06-17 | N/A | 9.1 CRITICAL |
| In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs. | |||||
| CVE-2025-14551 | 1 Canonical | 1 Ubuntu Subiquity | 2026-06-17 | N/A | 8.1 HIGH |
| In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs. | |||||
| CVE-2025-0928 | 1 Canonical | 1 Juju | 2026-06-17 | N/A | 8.8 HIGH |
| In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution. | |||||
| CVE-2024-9313 | 1 Canonical | 1 Authd | 2026-06-17 | N/A | 8.8 HIGH |
| Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. | |||||
| CVE-2024-9312 | 1 Canonical | 1 Authd | 2026-06-17 | N/A | 7.5 HIGH |
| Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. | |||||
| CVE-2024-8287 | 1 Canonical | 1 Anbox Cloud | 2026-06-17 | N/A | 7.5 HIGH |
| Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this. | |||||
| CVE-2024-8038 | 1 Canonical | 1 Juju | 2026-06-17 | N/A | 7.9 HIGH |
| Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. | |||||
| CVE-2024-8037 | 1 Canonical | 1 Juju | 2026-06-17 | N/A | 6.5 MEDIUM |
| Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. | |||||
| CVE-2024-7558 | 1 Canonical | 1 Juju | 2026-06-17 | N/A | 8.7 HIGH |
| JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. | |||||