Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Canonical — Vulnerabilities & Security Advisories 106

Browse all 106 CVE security advisories affecting Canonical. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Canonical:apportLXDJujusnapdPython-aptMultipassaptdaemonpulseaudiocloud-initwhoopsieUbuntuunity-firefox-extensionUbuntu KernelMAASUbuntu LinuxJuju utilsauthdmysql-k8s-operatorcanonical-livepatchget-workflow-version-actionsnapoperatorUbuntu Serveradd-apt-repositoryaptsnapcraftLinux kernelsoftware-propertiespppSubiquity
CVE IDTitleCVSSSeverityPaused
CVE-2026-6369 Exposed Session Token in canonical-livepatch client snap — canonical-livepatchCWE-306 7.8AIHighAI2026-04-20
CVE-2026-5412 Juju CloudSpec API could leak senstive information — JujuCWE-285 9.9 Critical2026-04-10
CVE-2026-5774 Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map — JujuCWE-362 8.8 -2026-04-10
CVE-2025-14551 Senstive information disclosure was affecting subiquity — UbuntuCWE-1258 6.2AIMediumAI2026-04-09
CVE-2025-15480 Senstive information disclosure was affecting ubuntu-desktop-provision — UbuntuCWE-1258 5.5AIMediumAI2026-04-09
CVE-2026-34179 Update of type field in restricted TLS certificate allows privilege escalation to cluster admin — lxdCWE-915 9.1 Critical2026-04-09
CVE-2026-34178 Importing a crafted backup leads to project restriction bypass — lxdCWE-20 9.1 Critical2026-04-09
CVE-2026-34177 VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf — lxdCWE-184 9.1 Critical2026-04-09
CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster — JujuCWE-295 10.0 Critical2026-04-01
CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju — JujuCWE-343 6.6 Medium2026-03-18
CVE-2026-32693 Unauthorized access to Kubernetes secrets in Juju — JujuCWE-863 8.8 High2026-03-18
CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets — JujuCWE-285 7.6 High2026-03-18
CVE-2026-32691 Timing ownership claim attack on new external back-end secrets — JujuCWE-708 5.3 Medium2026-03-18
CVE-2026-28384 Authenticated RCE via unsanitized compression_algorithm — lxdCWE-78 8.8AIHighAI2026-03-12
CVE-2025-13350 Use-after-free of orphaned AF_UNIX in Ubuntu builds of Linux kernel — Ubuntu LinuxCWE-416 5.5 -2026-03-05
CVE-2026-3351 Authorization Bypass in LXD GET /1.0/certificates Endpoint — lxdCWE-862 4.3AIMediumAI2026-03-03
CVE-2026-1237 Juju 安全漏洞 — jujuCWE-672 8.8AIHighAI2026-01-28
CVE-2025-5467 Ubuntu Apport Insecure File Permissions Vulnerability — apportCWE-708 3.3AILowAI2025-12-10
CVE-2025-6966 Null-pointer dereference in python-apt TagSection.keys() — python-aptCWE-476 5.5 -2025-12-05
CVE-2025-54293 Path Traversal in LXD Instance Log File Retrieval — LXDCWE-22 6.5AIMediumAI2025-10-02
CVE-2025-54292 Client-Side Path Traversal in LXD-UI — LXDCWE-22 8.1AIHighAI2025-10-02
CVE-2025-54291 Project existence disclosure in LXD images API — LXDCWE-209 5.3AIMediumAI2025-10-02
CVE-2025-54290 Project Existence Disclosure via Error Handling in LXD Image Export — LXDCWE-200 5.3AIMediumAI2025-10-02
CVE-2025-54289 Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API — LXDCWE-1385 8.8AIHighAI2025-10-02
CVE-2025-54288 Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server — LXDCWE-290 5.1AIMediumAI2025-10-02
CVE-2025-54287 Arbitrary File Read via Template Injection in Snapshot Patterns — LXDCWE-1336 6.5AIMediumAI2025-10-02
CVE-2025-54286 CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI — LXDCWE-352 8.8AIHighAI2025-10-02
CVE-2024-6107 Canonical MAAS 安全漏洞 — MAASCWE-287 9.6 Critical2025-07-21
CVE-2025-5199 LPE on Multipass for macOS — MultipassCWE-276 7.3 High2025-07-11
CVE-2025-0928 Arbitrary executable upload via authenticated endpoint — JujuCWE-285 8.8 High2025-07-08

This page lists every published CVE security advisory associated with Canonical. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.