Canonical Security Vulnerabilities (CVEs)

This vulnerability in Canonical's Apport crash reporting tool creates crash files with incorrect group ownership, potentially exposing sensitive crash...

An authenticated attacker can exploit improper input validation in MAAS's websocket handler to self-promote to administrator by injecting the is_super...

This path traversal vulnerability in Canonical LXD 5.0 LTS allows authenticated remote attackers to read arbitrary files on the host system by manipul...

This vulnerability allows attackers with read permissions in Canonical LXD to hijack terminal or console sessions via WebSocket connection hijacking, ...

This vulnerability allows unauthenticated network attackers to determine whether specific LXD projects exist by sending crafted requests with wildcard...

This vulnerability allows unauthenticated remote attackers to determine whether specific projects exist in Canonical LXD by observing different HTTP s...

This path traversal vulnerability in Canonical LXD LXD-UI allows authenticated attackers to access or modify resources outside intended directories by...

This CSRF vulnerability in LXD-UI allows attackers to create and start container instances without user consent by tricking authenticated users into s...

This vulnerability allows attackers with instance configuration permissions in Canonical LXD to perform template injection when creating instance snap...

This vulnerability allows attackers with root privileges inside any LXD container to spoof their process names to impersonate other containers. This e...

This vulnerability allows any authenticated Juju controller user to upload malicious agent binaries to any model or the controller itself, bypassing p...

This vulnerability allows unauthorized users to access the /log endpoint on Juju controllers, exposing debug messages that may contain sensitive infor...

This vulnerability allows any authenticated user on a Juju controller to upload malicious charms via the /charms endpoint due to insufficient authoriz...

Cloud-init grants root access to a hardcoded URL with a local IP address when detecting a non-x86 platform. This vulnerability affects systems using c...

CVE-2024-11584 is a privilege escalation vulnerability in cloud-init where the default world-writable permissions on a systemd socket allow unprivileg...

This vulnerability in Ubuntu's authd service incorrectly assigns root group membership to first-time SSH users during pre-authentication. This allows ...

A race condition vulnerability in Canonical's apport crash reporting tool allows local attackers to leak sensitive information from core dumps. By exp...

This vulnerability in Ubuntu's gnome-control-center fails to accurately display SSH remote login status when systemd socket activation is used for ope...

This vulnerability allows attackers to cause a kernel crash (denial of service) by launching DDoS attacks against TCP port 22 (SSH) on affected system...

CVE-2022-1804 is a privilege escalation vulnerability in accountsservice where the service fails to drop elevated permissions when writing to .pam_env...

This vulnerability allows authenticated users with read access to the Juju controller model to download arbitrary files from the controller's filesyst...

CVE-2022-28653 is a denial-of-service vulnerability where users can fill the /var/crash directory with crash reports, consuming unlimited disk space. ...

CVE-2024-9312 is an authentication bypass vulnerability in authd where insufficient user ID randomization allows local attackers to spoof other users'...

CVE-2024-7558 allows unprivileged users on the same network namespace to guess the JUJU_CONTEXT_ID authentication secret and access Juju charm informa...

This vulnerability allows local users within the same network namespace to access Juju's introspection abstract UNIX domain socket without authenticat...

A symbolic link vulnerability in snapd versions before 2.62 allows attackers to write privileged information to world-readable directories. Attackers ...

This vulnerability in snapd versions before 2.62 allows malicious snaps with 'home' plug permissions to write arbitrary scripts to the user's $HOME/bi...

This vulnerability in provd (Ubuntu Desktop Provision) before version 0.1.5 involves a setuid binary that allows local attackers to escalate privilege...

The Ubuntu Advantage Desktop Daemon before version 1.12 leaks Pro tokens to unprivileged users by passing them as plaintext arguments. This allows una...

This vulnerability in Apport's crash reporting tool allows local attackers to escape chroot restrictions by exploiting the Python crash handler. It af...

This vulnerability in Apport's settings file parsing allows a billion laughs attack (XML entity expansion) that can cause denial of service through ex...

CVE-2022-28655 is a vulnerability in the is_closing_session() function that allows users to create arbitrary TCP D-Bus connections, potentially bypass...

CVE-2022-1242 is a vulnerability in Apport, Ubuntu's crash reporting tool, that allows local attackers to trick Apport into connecting to arbitrary so...

CVE-2021-3899 is a race condition vulnerability in Apport's 'replaced executable' detection mechanism that allows local attackers to execute arbitrary...

CVE-2022-3328 is a race condition vulnerability in snap-confine's must_mkdir_and_open_with_perms() function that could allow local privilege escalatio...

CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that allows local attackers to exploit SUID binaries. B...

This CVE describes a use-after-free vulnerability in the Linux kernel's netfilter nf_tables component. It allows a local attacker to escalate privileg...

CVE-2023-3297 is a use-after-free vulnerability in Ubuntu's accountsservice that allows an unprivileged local attacker to potentially execute arbitrar...

CVE-2023-2640 is a privilege escalation vulnerability in Ubuntu's overlayfs implementation where unprivileged users can set privileged extended attrib...

This CVE describes a use-after-free vulnerability in the Linux kernel's virtual console screen driver (vc_screen). An attacker with local user access ...

This CVE-2023-31248 is a use-after-free vulnerability in the Linux kernel's nftables subsystem that allows local attackers to escalate privileges. The...

This vulnerability allows attackers to perform out-of-bounds writes in the Linux kernel's flower classifier code via specially crafted GENEVE packets....

This CVE describes a local privilege escalation vulnerability in apport-cli versions 2.26.0 and earlier. It allows unprivileged users to gain root pri...

A buffer overflow vulnerability in the Linux Kernel's Netfilter subsystem allows local attackers to leak memory addresses and potentially execute arbi...