CVE reports
The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed. You can find additional guidance for high-profile vulnerabilities in the Ubuntu Vulnerability Knowledge Base section
Search CVEs
By Ubuntu release
Recent CVEs
Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an...
2 affected packages
incus, lxd
Some fixes available 3 of 17
security update
5 affected packages
webkitgtk, webkit2gtk, qtwebkit-source, qtwebkit-opensource-src, wpewebkit
Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code...
1 affected package
crashmail
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in...
2 affected packages
golang-google-grpc, google-guest-agent
Some fixes available 75 of 142
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the...
157 affected packages
linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux, linux-hwe-5.11...
Resources
Join the discussion
Ubuntu Pro
Up to 15 years of security coverage for Ubuntu and your full stack of open-source applications and toolchains.
Get Ubuntu Pro 30-day free trialFrom our blog
- Ubuntu Explained: How to ensure security and stability in cloud instances—part 3
- Ubuntu Explained: How to ensure security and stability in cloud instances—part 2
- Running OpenSSL 1.1.1 after EOL? Stay secure with Ubuntu Pro.
- Restricted unprivileged user namespaces are coming to Ubuntu 23.10
- Securing open source software dependencies in the public cloud