UBUNTU-CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer becau...

UBUNTU-CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Pr...

UBUNTU-CVE-2026-55200

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bou...

UBUNTU-CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

UBUNTU-CVE-2026-12151

Impact: The undici WebSocket client enforces maxPayloadSize on the cum...

UBUNTU-CVE-2026-12292

Incorrect boundary conditions in the Web Audio component. This vulnera...

UBUNTU-CVE-2026-12330

Incorrect boundary conditions in the Internationalization component. T...

UBUNTU-CVE-2026-12289

Privilege escalation in the Graphics: WebRender component. This vulner...

UBUNTU-CVE-2026-12300

Memory safety bug fixed in Thunderbird 152. This vulnerability was fix...

USN-8430-1 adsys vulnerabilities

It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 26.04 LTS. CVE-2026-27141 It was discovered that ADSys did not properly handle certain HTTP/2 SETTINGS frames. ...

UBUNTU-CVE-2026-32836

drlibsdrflac.h version 0.13.3 and earlier fixed in commits fefced4,...

UBUNTU-CVE-2026-6009

Java Deserialisation Vulnerability in Jaspersoft Reports Library leads...

UBUNTU-CVE-2026-7790

Uncontrolled Resource Consumption vulnerability in ninenines cowlib c...

UBUNTU-CVE-2026-44172

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : uriparser vulnerability (USN-8409-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8409-1 advisory. It was discovered that uriparser incorrectly handled certain URI strings. An attacker could possibly u...

UBUNTU-CVE-2026-48855

Exposure of Sensitive Information to an Unauthorized Actor vulnerabili...

UBUNTU-CVE-2026-6893

Root code execution via DHCP options command injection...

UBUNTU-CVE-2026-2049

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

UBUNTU-CVE-2026-11824

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

UBUNTU-CVE-2026-46320

In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tapgetuserxdp tapgetuserxdp rejects a frame shorter than ETHHLEN with -EINVAL, and returns -ENOMEM when buildskb fails. Both paths jump to the err label without freeing the page that...