Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Canonical — Vulnerabilities & Security Advisories 107

Browse all 107 CVE security advisories affecting Canonical. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Canonical Ltd. primarily develops and maintains Ubuntu, a widely deployed Linux distribution, alongside the OpenStack cloud infrastructure platform and the Snap package management system. Security audits reveal a significant volume of recorded vulnerabilities, currently totaling 107 CVEs, reflecting the extensive codebase and third-party dependencies inherent in these large-scale software ecosystems. Historically, the most prevalent vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from improper input validation or insecure default configurations within associated services. While no single catastrophic incident has defined the company’s security history, the sheer number of disclosed issues highlights the challenges of maintaining rigorous patch cycles across diverse components. These findings underscore the necessity for continuous monitoring and timely updates for organizations relying on Canonical’s open-source technologies to mitigate potential exploitation risks.

Found 27 results / 107Clear Filters
Top products by Canonical: apport LXD Juju snapd Python-apt Multipass aptdaemon pulseaudio cloud-init whoopsie Ubuntu authd unity-firefox-extension Ubuntu Kernel MAAS Ubuntu Linux Juju utils mysql-k8s-operator canonical-livepatch get-workflow-version-action snap operator Ubuntu Server add-apt-repository apt snapcraft Linux kernel software-properties ppp Subiquity
CVE IDTitleCVSSSeverityPublished
CVE-2025-5467 Ubuntu Apport Insecure File Permissions Vulnerability — apportCWE-708 3.3AILowAI2025-12-10
CVE-2025-5054 Race Condition in Canonical Apport — ApportCWE-362 4.7 Medium2025-05-30
CVE-2021-3710 Apport info disclosure via path traversal bug in read_file — apportCWE-24 6.5 Medium2021-10-01
CVE-2021-3709 Apport file permission bypass through emacs byte compilation errors — apportCWE-538 6.5 Medium2021-10-01
CVE-2021-32557 apport process_report() arbitrary file write — apportCWE-59 5.2 Medium2021-06-12
CVE-2021-32556 apport get_modified_conffiles() function command injection — apportCWE-78 3.8 Low2021-06-12
CVE-2021-32555 apport read_file() function could follow maliciously constructed symbolic links — apportCWE-59 7.3 High2021-06-12
CVE-2021-32554 apport read_file() function could follow maliciously constructed symbolic links — apportCWE-59 7.3 High2021-06-12
CVE-2021-32553 apport read_file() function could follow maliciously constructed symbolic links — apportCWE-59 7.3 High2021-06-12
CVE-2021-32552 apport read_file() function could follow maliciously constructed symbolic links — apportCWE-59 7.3 High2021-06-12
CVE-2021-32551 apport read_file() function could follow maliciously constructed symbolic links — apportCWE-59 7.3 High2021-06-12
CVE-2021-32550 apport read_file() function could follow maliciously constructed symbolic links — apportCWE-59 7.3 High2021-06-12
CVE-2021-32549 apport read_file() function could follow maliciously constructed symbolic links — apportCWE-59 7.3 High2021-06-12
CVE-2021-32548 apport read_file() function could follow maliciously constructed symbolic links — apportCWE-59 7.3 High2021-06-12
CVE-2021-32547 apport read_file() function could follow maliciously constructed symbolic links — apportCWE-59 7.3 High2021-06-12
CVE-2021-25684 apport can be stalled by reading a FIFO — apportCWE-20 8.8 High2021-06-11
CVE-2021-25683 apport improperly parses /proc/pid/stat — apportCWE-20 8.8 High2021-06-11
CVE-2021-25682 apport improperly parses /proc/pid/status — apportCWE-20 8.8 High2021-06-11
CVE-2020-15702 TOCTOU in apport — apportCWE-367 7.0 High2020-08-06
CVE-2020-15701 Unhandled exception in apport — apportCWE-755 5.5 Medium2020-08-06
CVE-2019-15790 Apport reads PID files with elevated privileges — ApportCWE-250 2.8 Low2020-04-27
CVE-2020-8833 Apport race condition in crash report permissions — ApportCWE-367 5.6 Medium2020-04-22
CVE-2020-8831 World writable root owned lock file created in user controllable location — ApportCWE-379 6.5 Medium2020-04-22
CVE-2019-11485 apport created lock file in wrong directory — apportCWE-412 3.3 Low2020-02-08
CVE-2019-11483 Apport 安全漏洞 — apport 7.0 High2020-02-08
CVE-2019-11481 Apport reads arbitrary files if ~/.config/apport/settings is a symlink — apport 3.8 Low2020-02-08
CVE-2019-11482 Race condition between reading current working directory and writing a core dump — apport 4.2 Medium2020-02-08

This page lists every published CVE security advisory associated with Canonical. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.