Vulnerabilities in canonical
124 resultsCVE-2026-32694MEDIUMInsecure Direct Object Reference attack via predictable secret ID in JujuEPSS 0.3%CVE-2019-11485LOWapport created lock file in wrong directoryEPSS 0.3%CVE-2025-5689HIGHImproper Permission Management in SSH Session HandlingEPSS 0.3%CVE-2023-5536MEDIUMA feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalateEPSS 0.2%CVE-2026-5774MEDIUMJuju API Server Denial of Service and Authentication Replay via Unsynchronized Token MapEPSS 0.2%CVE-2021-3626HIGHWindows version of Multipass unauthenticated localhost tcp control socket can perform mountsEPSS 0.2%CVE-2021-3747HIGHMacOS version of Multipass incorrect owner for application directoryEPSS 0.2%CVE-2026-32691MEDIUMTiming ownership claim attack on new external back-end secretsEPSS 0.2%CVE-2019-11482MEDIUMRace condition between reading current working directory and writing a core dumpEPSS 0.2%CVE-2024-29069MEDIUMsnapd will follow archived symlinks when unpacking a filesystemEPSS 0.2%CVE-2020-11933HIGHlocal snapd exploit through cloud-initEPSS 0.2%CVE-2024-29068MEDIUMsnapd non-regular file indefinite blocking readEPSS 0.2%CVE-2026-10720MEDIUMMicroCeph path traversal issue in the remote-import APIEPSS 0.2%CVE-2024-6174HIGHWhen a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init dEPSS 0.2%CVE-2024-41129MEDIUMThe ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI commandEPSS 0.2%CVE-2025-54289HIGHPrivilege Escalation via WebSocket Connection Hijacking in LXD Operations APIEPSS 0.2%CVE-2013-1053MEDIUMInsecure crypto for storing passwordsEPSS 0.2%CVE-2026-32692HIGHUnauthorized update of out-of-scope Vault secretsEPSS 0.2%CVE-2025-5199HIGHLPE on Multipass for macOSEPSS 0.1%CVE-2025-5467LOWUbuntu Apport Insecure File Permissions VulnerabilityEPSS 0.1%