Vulnerabilities in Canonical
124 resultsCVE-2026-3888HIGHLocal Privilege Escalation in snapdEPSS 0.4%CVE-2026-4370CRITICALImproper TLS Client/Server authentication and certificate verification on Database ClusterEPSS 0.4%CVE-2020-27350MEDIUMapt integer wraparoundEPSS 0.4%CVE-2019-11483HIGHSander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash EPSS 0.4%CVE-2014-1422MEDIUMLocation service uses cached authorization even after revocationEPSS 0.4%CVE-2015-7946HIGHMTP service exposed during emergency dialerEPSS 0.4%CVE-2020-11934MEDIUMSandbox escape vulnerability via snapctl user-open (xdg-open)EPSS 0.4%CVE-2020-15704MEDIUMpppd arbitrary file read information disclosure vulnerabilityEPSS 0.4%CVE-2024-6107CRITICALDue to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region.EPSS 0.4%CVE-2026-34177CRITICALVM lowlevel restriction bypass via raw.apparmor and raw.qemu.confEPSS 0.4%CVE-2018-10896MEDIUMThe default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh hoEPSS 0.4%CVE-2025-54291MEDIUMProject existence disclosure in LXD images APIEPSS 0.3%CVE-2020-8833MEDIUMApport race condition in crash report permissionsEPSS 0.3%CVE-2020-16128LOWAptdaemon error messages disclosed file existence to unprivileged users via dbus propertiesEPSS 0.3%CVE-2021-32556LOWapport get_modified_conffiles() function command injectionEPSS 0.3%CVE-2025-54287HIGHArbitrary File Read via Template Injection in Snapshot PatternsEPSS 0.3%CVE-2020-11931LOWUbuntu modifications to pulseaudio to provide snap security enforcement could be unloadedEPSS 0.3%CVE-2025-5054MEDIUMRace Condition in Canonical ApportEPSS 0.3%CVE-2021-32553HIGHapport read_file() function could follow maliciously constructed symbolic linksEPSS 0.3%CVE-2025-54290MEDIUMProject Existence Disclosure via Error Handling in LXD Image ExportEPSS 0.3%