CVE reports

The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed.


Search CVEs


Recent CVEs

CVE-2024-12797

High priority
Fixed

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don’t abort as expected when the SSL_VERIFY_PEER...

4 affected packages

edk2, nodejs, openssl, openssl1.0


CVE-2025-24032

High priority
Needs evaluation

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of...

1 affected package

pam-pkcs11


CVE-2025-24531

High priority
Needs evaluation

[Possible Authentication Bypass in Error Situations]

1 affected package

pam-pkcs11


CVE-2025-0411

High priority
Not affected

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this...

2 affected packages

7zip, p7zip


CVE-2024-12084

High priority
Fixed

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes),...

1 affected package

rsync