Vulnerabilities > Canonical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-18 | CVE-2024-8287 | Improper Certificate Validation vulnerability in Canonical Anbox Cloud Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. | 7.5 |
| 2024-07-29 | CVE-2024-6984 | Information Exposure Through an Error Message vulnerability in Canonical Juju An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. | 3.8 |
| 2024-07-25 | CVE-2024-29068 | Unspecified vulnerability in Canonical Snapd In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. | 6.6 |
| 2024-07-25 | CVE-2024-29069 | Link Following vulnerability in Canonical Snapd In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. | 7.3 |
| 2024-07-25 | CVE-2024-1724 | Incorrect Permission Assignment for Critical Resource vulnerability in Canonical Snapd In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. | 8.2 |
| 2024-07-01 | CVE-2024-6387 | Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). | 8.1 |
| 2024-06-07 | CVE-2022-4968 | Unspecified vulnerability in Canonical Netplan netplan leaks the private key of wireguard to local users. | 6.5 |
| 2024-06-04 | CVE-2022-28652 | XML Entity Expansion vulnerability in multiple products ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | 5.5 |
| 2024-06-04 | CVE-2022-28654 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to fill up apport.log | 5.5 |
| 2024-06-04 | CVE-2022-28655 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to create arbitrary tcp dbus connections | 7.1 |