CVE reports

The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed.


Search CVEs


Recent CVEs

CVE-2025-24531

High priority
Needs evaluation

[Possible Authentication Bypass in Error Situations]

1 affected package

pam-pkcs11


CVE-2025-24032

High priority
Needs evaluation

Authentication bypass

1 affected package

pam-pkcs11


CVE-2025-0411

High priority
Not affected

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this...

2 affected packages

7zip, p7zip


CVE-2024-12084

High priority
Fixed

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes),...

1 affected package

rsync


CVE-2024-56672

High priority
Vulnerable

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() blkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcg_parent(blkcg) but...

126 affected packages

linux, linux-allwinner-5.19, linux-aws, linux-aws-5.0, linux-aws-5.11...