CVE reports
The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed. You can find additional guidance for high-profile vulnerabilities in the Ubuntu Vulnerability Knowledge Base section
Search CVEs
By Ubuntu release
Recent CVEs
Some fixes available 5 of 13
container escape and denial of service due to arbitrary write gadgets and procfs write redirects
3 affected packages
runc, runc-app, runc-stable
Some fixes available 5 of 13
container escape with malicious config due to /dev/console mount and related races
3 affected packages
runc, runc-app, runc-stable
Some fixes available 5 of 13
container escape via 'masked path' abuse due to mount race conditions
3 affected packages
runc, runc-app, runc-stable
Some fixes available 10 of 13
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free...
3 affected packages
redict, redis, valkey
Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
1 affected package
chromium-browser
Resources
Join the discussion
Ubuntu Pro
10-year security coverage for Ubuntu and 23,000 open-source applications and toolchains.
Get Ubuntu Pro 30-day free trialFrom our blog
- Ubuntu Explained: How to ensure security and stability in cloud instances—part 3
- Ubuntu Explained: How to ensure security and stability in cloud instances—part 2
- Running OpenSSL 1.1.1 after EOL? Stay secure with Ubuntu Pro.
- Restricted unprivileged user namespaces are coming to Ubuntu 23.10
- Securing open source software dependencies in the public cloud