VYPR

Vendor CVEs

Canonical

All CVEs

2,026 total · sorted by risk
  • CVE-2006-1728Apr 14, 2006
    risk 0.01cvss epss 0.09

    Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.

  • CVE-2005-2970Oct 25, 2005
    risk 0.01cvss epss 0.14

    Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

  • CVE-2026-28385Jun 28, 2026
    risk 0.00cvss epss 0.00

    In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. When…

  • CVE-2026-12411Jun 28, 2026
    risk 0.00cvss epss 0.00

    Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

  • CVE-2026-9640Jun 27, 2026
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment…

  • CVE-2026-9639Jun 27, 2026
    risk 0.00cvss epss 0.00

    Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at…

  • CVE-2026-12249Jun 22, 2026
    risk 0.00cvss epss 0.00

    An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py),…

  • CVE-2026-10720Jun 19, 2026
    risk 0.00cvss epss 0.00

    Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster…

  • CVE-2026-32694Mar 18, 2026
    risk 0.00cvss epss 0.00

    In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past…

  • CVE-2026-32693Mar 18, 2026
    risk 0.00cvss epss 0.00

    In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation…

  • CVE-2026-32692Mar 18, 2026
    risk 0.00cvss epss 0.00

    An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing…

  • CVE-2026-32691Mar 18, 2026
    risk 0.00cvss epss 0.00

    A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated…

  • CVE-2026-28384Mar 12, 2026
    risk 0.00cvss epss 0.01

    An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and…

  • CVE-2025-13350Mar 5, 2026
    risk 0.00cvss epss 0.00

    Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two…

  • CVE-2026-3351Mar 3, 2026
    risk 0.00cvss epss 0.00

    Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.

  • CVE-2025-5467Dec 10, 2025
    risk 0.00cvss epss 0.00

    It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.

  • CVE-2025-54293Oct 2, 2025
    risk 0.00cvss epss 0.01

    Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

  • CVE-2025-54292Oct 2, 2025
    risk 0.00cvss epss 0.00

    Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.

  • CVE-2025-54291Oct 2, 2025
    risk 0.00cvss epss 0.00

    Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.

  • CVE-2025-54290Oct 2, 2025
    risk 0.00cvss epss 0.00

    Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.

  • CVE-2025-54289Oct 2, 2025
    risk 0.00cvss epss 0.00

    Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format

  • CVE-2025-54288Oct 2, 2025
    risk 0.00cvss epss 0.00

    Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed…

  • CVE-2025-54287Oct 2, 2025
    risk 0.00cvss epss 0.00

    Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

  • CVE-2025-54286Oct 2, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.

  • CVE-2025-33013Jul 24, 2025
    risk 0.00cvss epss 0.00

    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory…

  • CVE-2025-36005Jul 24, 2025
    risk 0.00cvss epss 0.00

    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session…

  • CVE-2024-6107Jul 21, 2025
    risk 0.00cvss epss 0.00

    Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.

  • CVE-2025-5199Jul 11, 2025
    risk 0.00cvss epss 0.00

    In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.

  • CVE-2025-7021Jul 10, 2025
    risk 0.00cvss epss 0.00

    Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with…

  • CVE-2025-0928Jul 8, 2025
    risk 0.00cvss epss 0.01

    In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned…

  • CVE-2025-53513Jul 8, 2025
    risk 0.00cvss epss 0.01

    The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running…

  • CVE-2025-53512Jul 8, 2025
    risk 0.00cvss epss 0.00

    The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.

  • CVE-2025-5689Jun 16, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.

  • CVE-2025-36041Jun 15, 2025
    risk 0.00cvss epss 0.00

    IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which…

  • CVE-2025-5054May 30, 2025
    risk 0.00cvss epss 0.00

    Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a…

  • CVE-2023-0092Jan 31, 2025
    risk 0.00cvss epss 0.01

    An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.

  • CVE-2025-22394Jan 15, 2025
    risk 0.00cvss epss 0.00

    Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation.

  • CVE-2025-21101Jan 15, 2025
    risk 0.00cvss epss 0.00

    Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion.

  • CVE-2024-6219Dec 5, 2024
    risk 0.00cvss epss 0.00

    Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.

  • CVE-2024-6156Dec 5, 2024
    risk 0.00cvss epss 0.00

    Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.

  • CVE-2024-9312Oct 10, 2024
    risk 0.00cvss epss 0.00

    Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.

  • CVE-2024-9313Oct 3, 2024
    risk 0.00cvss epss 0.01

    Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.

  • CVE-2024-8038Oct 2, 2024
    risk 0.00cvss epss 0.00

    Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.

  • CVE-2024-8037Oct 2, 2024
    risk 0.00cvss epss 0.00

    Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are…

  • CVE-2024-7558Oct 2, 2024
    risk 0.00cvss epss 0.01

    JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the…

  • CVE-2024-6984Jul 29, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.

  • CVE-2024-29069Jul 25, 2024
    risk 0.00cvss epss 0.00

    In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image…

  • CVE-2024-29068Jul 25, 2024
    risk 0.00cvss epss 0.00

    In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap…

  • CVE-2024-1724Jul 25, 2024
    risk 0.00cvss epss 0.00

    In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a…

  • CVE-2020-27352Jun 21, 2024
    risk 0.00cvss epss 0.00

    When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself…

Page 22 of 41