canonical

4,248 tracked vulnerabilities.

CVE-2026-10037 HIGH
Sandbox Escape in Ubuntu OpenJDK Packages via xdg-desktop-portal
Jul 08, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-28385 MEDIUM
SSRF via image import from URL allows internal network probing by authenticated users
Jun 26, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-9640 HIGH
Canonical - LXD Snapshot Import Privilege Escalation Vulnerability
Jun 26, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-9639 MEDIUM
Authenticated Denial of Service via Malicious Backup Tarball in LXD
Jun 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-12411 HIGH
Broken Access Control in Canonical LXD DevLXD API
Jun 26, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-12249 CRITICAL
Canonical ADSys Trust Store Poisoning via Plaintext HTTP Certificate Auto-Enrollment
Jun 22, 2026
CVSS 9.0
EPSS 0.00
CVE-2026-10720 MEDIUM
MicroCeph squid/tentacle remote-import API - Path Traversal
Jun 19, 2026
EPSS 0.00
CVE-2026-47337 LOW
NULL pointer dereference in Ubuntu Linux AppArmor IPv4/IPv6 socket mediation
May 28, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-47336 LOW
Use of uninitialized value in Ubuntu Linux AppArmor IPv4/IPv6 socket mediation rules
May 28, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-47335 MEDIUM
NULL pointer dereference in Ubuntu Linux AppArmor notification handling
May 28, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-47334 MEDIUM
Deadlock or kernel panic in Ubuntu Linux AppArmor notification handling
May 28, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-47333 HIGH
Out-of-bounds read in Ubuntu Linux AppArmor notification handling
May 28, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-47332 MEDIUM
Out-of-bounds read in Ubuntu Linux AppArmor notification handling
May 28, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-47331 HIGH
Use-after-free in Ubuntu Linux AppArmor notification handling
May 28, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-47330 LOW
Use of uninitialized value in Ubuntu Linux AppArmor notification handling
May 28, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-47329 LOW
Incorrect validation of field size in Ubuntu Linux AppArmor notification responses
May 28, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-47328 MEDIUM
Invalid pointer deallocation in Ubuntu Linux AppArmor notification handling
May 28, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-47327 LOW
NULL pointer dereference in Ubuntu Linux AppArmor notification handling
May 28, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-47326 MEDIUM
Memory leak in Ubuntu Linux AppArmor large notification response allocation
May 28, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-49238 HIGH
SFTP Server VM Escape in Canonical Multipass
May 28, 2026
CVSS 8.4
EPSS 0.01
CVE-2026-49237 HIGH
Local Privilege Escalation in Canonical Multipass
May 28, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-6970 HIGH
authd Denial of Service and Local Privilege Escalation
Apr 27, 2026
EPSS 0.00
CVE-2026-31431 HIGH KEVNUCLEI
crypto: algif_aead - Revert to operating out-of-place
Apr 22, 2026
CVSS 7.8
EPSS 0.96
CVE-2026-6369 MEDIUM
Exposed Session Token in canonical-livepatch client snap
Apr 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-5774 MEDIUM
Juju API Server Denial of Service and Authentication Replay via Unsynchronized Token Map
Apr 10, 2026
CVSS 6.4
EPSS 0.00