Vendor CVEs
Canonical
All CVEs
2,026 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-1728 | 0.01 | — | 0.09 | Apr 14, 2006 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. | |||
| CVE-2005-2970 | 0.01 | — | 0.14 | Oct 25, 2005 | Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. | |||
| CVE-2026-28385 | 0.00 | — | 0.00 | Jun 28, 2026 | In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. When… | |||
| CVE-2026-12411 | 0.00 | — | 0.00 | Jun 28, 2026 | Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled. | |||
| CVE-2026-9640 | 0.00 | — | 0.00 | Jun 27, 2026 | A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment… | |||
| CVE-2026-9639 | 0.00 | — | 0.00 | Jun 27, 2026 | Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at… | |||
| CVE-2026-12249 | 0.00 | — | 0.00 | Jun 22, 2026 | An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py),… | |||
| CVE-2026-10720 | 0.00 | — | 0.00 | Jun 19, 2026 | Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster… | |||
| CVE-2026-32694 | 0.00 | — | 0.00 | Mar 18, 2026 | In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past… | |||
| CVE-2026-32693 | 0.00 | — | 0.00 | Mar 18, 2026 | In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation… | |||
| CVE-2026-32692 | 0.00 | — | 0.00 | Mar 18, 2026 | An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing… | |||
| CVE-2026-32691 | 0.00 | — | 0.00 | Mar 18, 2026 | A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated… | |||
| CVE-2026-28384 | 0.00 | — | 0.01 | Mar 12, 2026 | An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and… | |||
| CVE-2025-13350 | 0.00 | — | 0.00 | Mar 5, 2026 | Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two… | |||
| CVE-2026-3351 | 0.00 | — | 0.00 | Mar 3, 2026 | Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server. | |||
| CVE-2025-5467 | 0.00 | — | 0.00 | Dec 10, 2025 | It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups. | |||
| CVE-2025-54293 | 0.00 | — | 0.01 | Oct 2, 2025 | Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links. | |||
| CVE-2025-54292 | 0.00 | — | 0.00 | Oct 2, 2025 | Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths. | |||
| CVE-2025-54291 | 0.00 | — | 0.00 | Oct 2, 2025 | Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses. | |||
| CVE-2025-54290 | 0.00 | — | 0.00 | Oct 2, 2025 | Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints. | |||
| CVE-2025-54289 | 0.00 | — | 0.00 | Oct 2, 2025 | Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format | |||
| CVE-2025-54288 | 0.00 | — | 0.00 | Oct 2, 2025 | Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed… | |||
| CVE-2025-54287 | 0.00 | — | 0.00 | Oct 2, 2025 | Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine. | |||
| CVE-2025-54286 | 0.00 | — | 0.00 | Oct 2, 2025 | Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication. | |||
| CVE-2025-33013 | 0.00 | — | 0.00 | Jul 24, 2025 | IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory… | |||
| CVE-2025-36005 | 0.00 | — | 0.00 | Jul 24, 2025 | IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session… | |||
| CVE-2024-6107 | 0.00 | — | 0.00 | Jul 21, 2025 | Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps. | |||
| CVE-2025-5199 | 0.00 | — | 0.00 | Jul 11, 2025 | In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup. | |||
| CVE-2025-7021 | 0.00 | — | 0.00 | Jul 10, 2025 | Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with… | |||
| CVE-2025-0928 | 0.00 | — | 0.01 | Jul 8, 2025 | In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned… | |||
| CVE-2025-53513 | 0.00 | — | 0.01 | Jul 8, 2025 | The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running… | |||
| CVE-2025-53512 | 0.00 | — | 0.00 | Jul 8, 2025 | The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information. | |||
| CVE-2025-5689 | 0.00 | — | 0.00 | Jun 16, 2025 | A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session. | |||
| CVE-2025-36041 | 0.00 | — | 0.00 | Jun 15, 2025 | IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which… | |||
| CVE-2025-5054 | 0.00 | — | 0.00 | May 30, 2025 | Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a… | |||
| CVE-2023-0092 | 0.00 | — | 0.01 | Jan 31, 2025 | An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem. | |||
| CVE-2025-22394 | 0.00 | — | 0.00 | Jan 15, 2025 | Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation. | |||
| CVE-2025-21101 | 0.00 | — | 0.00 | Jan 15, 2025 | Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion. | |||
| CVE-2024-6219 | 0.00 | — | 0.00 | Dec 5, 2024 | Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. | |||
| CVE-2024-6156 | 0.00 | — | 0.00 | Dec 5, 2024 | Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. | |||
| CVE-2024-9312 | 0.00 | — | 0.00 | Oct 10, 2024 | Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. | |||
| CVE-2024-9313 | 0.00 | — | 0.01 | Oct 3, 2024 | Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. | |||
| CVE-2024-8038 | 0.00 | — | 0.00 | Oct 2, 2024 | Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. | |||
| CVE-2024-8037 | 0.00 | — | 0.00 | Oct 2, 2024 | Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are… | |||
| CVE-2024-7558 | 0.00 | — | 0.01 | Oct 2, 2024 | JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the… | |||
| CVE-2024-6984 | 0.00 | — | 0.00 | Jul 29, 2024 | An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. | |||
| CVE-2024-29069 | 0.00 | — | 0.00 | Jul 25, 2024 | In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image… | |||
| CVE-2024-29068 | 0.00 | — | 0.00 | Jul 25, 2024 | In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap… | |||
| CVE-2024-1724 | 0.00 | — | 0.00 | Jul 25, 2024 | In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a… | |||
| CVE-2020-27352 | 0.00 | — | 0.00 | Jun 21, 2024 | When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself… |
- CVE-2006-1728Apr 14, 2006risk 0.01cvss —epss 0.09
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
- CVE-2005-2970Oct 25, 2005risk 0.01cvss —epss 0.14
Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
- CVE-2026-28385Jun 28, 2026risk 0.00cvss —epss 0.00
In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in the image import functionality allows authenticated users with the can_create_images entitlement to interact with internal network infrastructure via the /images endpoint. When…
- CVE-2026-12411Jun 28, 2026risk 0.00cvss —epss 0.00
Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.
- CVE-2026-9640Jun 27, 2026risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment…
- CVE-2026-9639Jun 27, 2026risk 0.00cvss —epss 0.00
Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_storage_volumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expires_at…
- CVE-2026-12249Jun 22, 2026risk 0.00cvss —epss 0.00
An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services (AD CS) certificate auto-enrollment via the vendored Samba client script (internal/policies/certificate/python/vendor_samba/gp/gp_cert_auto_enroll_ext.py),…
- CVE-2026-10720Jun 19, 2026risk 0.00cvss —epss 0.00
Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate (such as enrolled cluster members) or join token can manipulate files in an imported remote cluster…
- CVE-2026-32694Mar 18, 2026risk 0.00cvss —epss 0.00
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past…
- CVE-2026-32693Mar 18, 2026risk 0.00cvss —epss 0.00
In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation…
- CVE-2026-32692Mar 18, 2026risk 0.00cvss —epss 0.00
An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing…
- CVE-2026-32691Mar 18, 2026risk 0.00cvss —epss 0.00
A race condition in the secrets management subsystem of Juju versions 3.0.0 through 3.6.18 allows an authenticated unit agent to claim ownership of a newly initialized secret. Between generating a Juju Secret ID and creating the secret's first revision, an attacker authenticated…
- CVE-2026-28384Mar 12, 2026risk 0.00cvss —epss 0.01
An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and…
- CVE-2025-13350Mar 5, 2026risk 0.00cvss —epss 0.00
Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two…
- CVE-2026-3351Mar 3, 2026risk 0.00cvss —epss 0.00
Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server.
- CVE-2025-5467Dec 10, 2025risk 0.00cvss —epss 0.00
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
- CVE-2025-54293Oct 2, 2025risk 0.00cvss —epss 0.01
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
- CVE-2025-54292Oct 2, 2025risk 0.00cvss —epss 0.00
Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
- CVE-2025-54291Oct 2, 2025risk 0.00cvss —epss 0.00
Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
- CVE-2025-54290Oct 2, 2025risk 0.00cvss —epss 0.00
Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
- CVE-2025-54289Oct 2, 2025risk 0.00cvss —epss 0.00
Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
- CVE-2025-54288Oct 2, 2025risk 0.00cvss —epss 0.00
Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed…
- CVE-2025-54287Oct 2, 2025risk 0.00cvss —epss 0.00
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
- CVE-2025-54286Oct 2, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
- CVE-2025-33013Jul 24, 2025risk 0.00cvss —epss 0.00
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory…
- CVE-2025-36005Jul 24, 2025risk 0.00cvss —epss 0.00
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session…
- CVE-2024-6107Jul 21, 2025risk 0.00cvss —epss 0.00
Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.
- CVE-2025-5199Jul 11, 2025risk 0.00cvss —epss 0.00
In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.
- CVE-2025-7021Jul 10, 2025risk 0.00cvss —epss 0.00
Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with…
- CVE-2025-0928Jul 8, 2025risk 0.00cvss —epss 0.01
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned…
- CVE-2025-53513Jul 8, 2025risk 0.00cvss —epss 0.01
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running…
- CVE-2025-53512Jul 8, 2025risk 0.00cvss —epss 0.00
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.
- CVE-2025-5689Jun 16, 2025risk 0.00cvss —epss 0.00
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.
- CVE-2025-36041Jun 15, 2025risk 0.00cvss —epss 0.00
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which…
- CVE-2025-5054May 30, 2025risk 0.00cvss —epss 0.00
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a…
- CVE-2023-0092Jan 31, 2025risk 0.00cvss —epss 0.01
An authenticated user who has read access to the juju controller model, may construct a remote request to download an arbitrary file from the controller's filesystem.
- CVE-2025-22394Jan 15, 2025risk 0.00cvss —epss 0.00
Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation.
- CVE-2025-21101Jan 15, 2025risk 0.00cvss —epss 0.00
Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion.
- CVE-2024-6219Dec 5, 2024risk 0.00cvss —epss 0.00
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.
- CVE-2024-6156Dec 5, 2024risk 0.00cvss —epss 0.00
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
- CVE-2024-9312Oct 10, 2024risk 0.00cvss —epss 0.00
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
- CVE-2024-9313Oct 3, 2024risk 0.00cvss —epss 0.01
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.
- CVE-2024-8038Oct 2, 2024risk 0.00cvss —epss 0.00
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks.
- CVE-2024-8037Oct 2, 2024risk 0.00cvss —epss 0.00
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are…
- CVE-2024-7558Oct 2, 2024risk 0.00cvss —epss 0.01
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the…
- CVE-2024-6984Jul 29, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm.
- CVE-2024-29069Jul 25, 2024risk 0.00cvss —epss 0.00
In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image…
- CVE-2024-29068Jul 25, 2024risk 0.00cvss —epss 0.00
In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap…
- CVE-2024-1724Jul 25, 2024risk 0.00cvss —epss 0.00
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a…
- CVE-2020-27352Jun 21, 2024risk 0.00cvss —epss 0.00
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself…
Page 22 of 41