CVE reports
The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed. You can find additional guidance for high-profile vulnerabilities in the Ubuntu Vulnerability Knowledge Base section
Search CVEs
By Ubuntu release
Recent CVEs
Some fixes available 4 of 8
The receiver's compressed-token decoder accumulated a 32-bit signed counter without overflow checking. A malicious sender can trigger an overflow that, with careful manipulation, leaks process memory contents to the attacker --...
1 affected package
rsync
In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fundamentally about the memory image of the task - the concept comes from whether it...
157 affected packages
linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...
Some fixes available 4 of 8
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible...
1 affected package
nginx
Fragnesia linux kernel local privilege escalation issue
157 affected packages
linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-hwe-5.11...
Some fixes available 4 of 8
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a...
1 affected package
exim4
Resources
Join the discussion
Ubuntu Pro
Up to 15 years of security coverage for Ubuntu and your full stack of open-source applications and toolchains.
Get Ubuntu Pro 30-day free trialFrom our blog
- Ubuntu Explained: How to ensure security and stability in cloud instances—part 3
- Ubuntu Explained: How to ensure security and stability in cloud instances—part 2
- Running OpenSSL 1.1.1 after EOL? Stay secure with Ubuntu Pro.
- Restricted unprivileged user namespaces are coming to Ubuntu 23.10
- Securing open source software dependencies in the public cloud