Ubuntu - Page 6 of Ubuntu Vulnerabilities List

Ubuntu•added 2026/04/28 8:10 a.m.•14 views

USN-8214-1: NLTK vulnerability

It was discovered that NLTK incorrectly handled file extraction when opening a maliciously crafted zip file. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code...

10CVSS8.6AI score0.00878EPSS

Ubuntu•added 2026/04/28 7:32 a.m.•7 views

USN-8216-1: .NET vulnerabilities

Ludvig Pedersen discovered that the System.Security.Cryptography.Xml library in .NET incorrectly handled certain XML inputs. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. CVE-2026-33116, CVE-2026-26171 Ludvig Pedersen and Kevin Jones...

9.1CVSS6.4AI score0.08014EPSS

Ubuntu•added 2026/04/28 7:10 a.m.•7 views

USN-8215-1: .NET vulnerability

It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges...

9.1CVSS5.8AI score0.00023EPSS

Ubuntu•added 2026/04/28 4:18 a.m.•10 views

USN-8202-2: jq vulnerabilities

USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute...

8.2CVSS5.9AI score0.00137EPSS

Exploits5

Ubuntu•added 2026/04/27 8:30 p.m.•8 views

USN-8213-1: Vim vulnerabilities

Michał Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. CVE-2026-35177 It was discovered that Vim's netbeans...

7.8CVSS6AI score0.00016EPSS

Ubuntu•added 2026/04/27 3:39 p.m.•8 views

USN-8212-1: authd vulnerability

It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achieve privilege escalation, or gain unauthorized access to files belonging to other users...

7.3CVSS5.4AI score0.00017EPSS

Ubuntu•added 2026/04/27 12:11 p.m.•8 views

USN-8209-1: Little CMS vulnerability

It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use this issue to cause Little CMS to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS6.1AI score0.00045EPSS

Ubuntu•added 2026/04/24 9:40 a.m.•5 views

USN-8180-5: Linux kernel (IBM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; - Bluetooth drivers; - DMA engine subsystem; - GPU...

8.8CVSS5.9AI score0.00099EPSS

Ubuntu•added 2026/04/23 4:5 p.m.•6 views

USN-8206-1: OpenMPT vulnerability

Antonio Morales Maldonado discovered that OpenMPT did not properly limit the length of strings in certain cases, leading to a buffer overflow. An attacker could possibly use this issue to cause OpenMPT to crash, resulting in a denial of service...

9.8CVSS6AI score0.01642EPSS

Ubuntu•added 2026/04/23 12:16 p.m.•7 views

USN-8205-1: GStreamer Bad Plugins vulnerabilities

It was discovered that multiple plugins in GStreamer contained arithmetic overflows. An attacker could possibly use this issue to cause applications using the plugins to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-37329, CVE-2023-40474, CVE-2023-40475,...

8.8CVSS7.3AI score0.063EPSS

Ubuntu•added 2026/04/23 10:16 a.m.•9 views

USN-8180-4: Linux kernel (Azure FIPS) vulnerabilities

8.8CVSS6.9AI score0.00099EPSS

Ubuntu•added 2026/04/23 10:8 a.m.•10 views

USN-8180-3: Linux kernel vulnerabilities

8.8CVSS6.9AI score0.00099EPSS

Ubuntu•added 2026/04/23 10:0 a.m.•10 views

USN-8204-1: Linux kernel (Raspberry Pi Real-time) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

9.8CVSS7.2AI score0.00092EPSS

Ubuntu•added 2026/04/23 9:52 a.m.•7 views

USN-8203-1: Linux kernel (Oracle) vulnerabilities

9.8CVSS7.2AI score0.00092EPSS

Exploits3

Ubuntu•added 2026/04/23 9:41 a.m.•7 views

USN-8179-3: Linux kernel vulnerabilities

9.8CVSS7.2AI score0.00092EPSS

Ubuntu•added 2026/04/23 9:27 a.m.•7 views

USN-8183-2: Linux kernel vulnerabilities

Ubuntu•added 2026/04/23 7:35 a.m.•8 views

USN-8202-1: jq vulnerabilities

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS...

8.2CVSS5.9AI score0.00137EPSS

Exploits5

Ubuntu•added 2026/04/22 7:9 p.m.•12 views

USN-8201-1: Linux kernel (Azure) vulnerabilities

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...

7.8CVSS6.9AI score0.00104EPSS

Exploits0References1

Ubuntu•added 2026/04/22 6:24 p.m.•8 views

USN-8200-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; CVE-2022-49046,...

7.8CVSS7.2AI score0.00055EPSS

Ubuntu•added 2026/04/22 6:15 p.m.•11 views

USN-8200-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; CVE-2022-49046,...

7.8CVSS7.2AI score0.00055EPSS

Ubuntu•added 2026/04/22 6:4 p.m.•8 views

USN-8199-1: OpenStack Glance vulnerabilities

Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...

6.5CVSS5.9AI score0.00214EPSS

Ubuntu•added 2026/04/22 5:52 p.m.•9 views

USN-8198-1: Tornado vulnerabilities

It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. CVE-2026-31958 It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use...

8.7CVSS5.8AI score0.00028EPSS

Ubuntu•added 2026/04/22 1:36 p.m.•7 views

USN-8197-1: Slurm vulnerability

It was discovered that Slurm did not properly handle access control when dealing with RPC traffic through PMI2 and PMIx, which could allow an unprivileged user to send data to an arbitrary unix socket on the host. An attacker could possibly use this issue to execute arbitrary code as the root use...

9CVSS6.2AI score0.01932EPSS

Ubuntu•added 2026/04/21 5:25 p.m.•9 views

USN-8194-1: league/commonmark vulnerabilities

It was discovered that league/commonmark did not properly restrict unsafe attributes when the Attributes extension was enabled. An attacker could possibly use this issue to cause cross-site scripting by injecting malicious code into rendered HTML. This issue only affected Ubuntu 22.04 LTS and...

6.4CVSS5.7AI score0.0005EPSS

Ubuntu•added 2026/04/21 11:36 a.m.•8 views

USN-8191-1: Apache Commons IO vulnerability

It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...

4.3CVSS5.8AI score0.00127EPSS

Ubuntu•added 2026/04/20 3:18 p.m.•7 views

USN-8190-1: Rack::Session vulnerability

SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access...

9.8CVSS5.8AI score0.00064EPSS

Ubuntu•added 2026/04/20 1:49 p.m.•7 views

USN-8189-1: RapidJSON vulnerability

It was discovered that RapidJSON did not properly protect against integer overflows in certain instances when parsing JSON text. A remote attacker could possibly use this issue to craft a malicious JSON file, that when read by RapidJSON, would lead to an elevation of privilege, resulting in the...

7.8CVSS5.8AI score0.00137EPSS

Ubuntu•added 2026/04/20 9:57 a.m.•5 views

USN-8098-10: Linux kernel (Raspberry Pi) vulnerabilities

7.8CVSS6.9AI score0.00104EPSS

Exploits0References1

Ubuntu•added 2026/04/17 10:28 a.m.•12 views

USN-8188-1: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - Drivers core; - Bluetooth drivers; - DMA engine...

Ubuntu•added 2026/04/17 10:20 a.m.•7 views

Exploits3

USN-8187-1: Linux kernel (NVIDIA) vulnerabilities

Ubuntu•added 2026/04/17 10:11 a.m.•6 views

USN-8186-1: Linux kernel (Real-time) vulnerabilities

Ubuntu•added 2026/04/17 10:3 a.m.•6 views

USN-8180-2: Linux kernel (FIPS) vulnerabilities

Ubuntu•added 2026/04/17 9:55 a.m.•2 views

USN-8185-1: Linux kernel (NVIDIA) vulnerabilities

Ubuntu•added 2026/04/17 9:36 a.m.•4 views

USN-8179-2: Linux kernel (FIPS) vulnerabilities

Ubuntu•added 2026/04/17 9:26 a.m.•5 views

USN-8184-1: Linux kernel (Real-time) vulnerabilities

Ubuntu•added 2026/04/17 9:6 a.m.•8 views

USN-8183-1: Linux kernel (GCP) vulnerabilities

Ubuntu•added 2026/04/17 8:33 a.m.•2 views

USN-8177-1: Linux kernel vulnerabilities

Ubuntu•added 2026/04/17 8:30 a.m.•4 views

USN-8177-2: Linux kernel (Real-time) vulnerabilities

Ubuntu•added 2026/04/17 12:23 a.m.•6 views

USN-8182-1: Rack vulnerabilities

Andrew Lacambra discovered that Rack did not properly parse certain regular expressions. An attacker could possibly use this issue to bypass network security filters. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. CVE-2026-26961 William T. Nelson...

7.5CVSS5.9AI score0.00131EPSS

Ubuntu•added 2026/04/16 5:56 p.m.•6 views

USN-8181-1: ESAPI vulnerabilities

Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory paths during path verification. An attacker could possibly use this issue to bypass directory validation checks, leading to control-flow bypass. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,...

9.8CVSS5.8AI score0.01032EPSS

Exploits4

Ubuntu•added 2026/04/16 5:36 p.m.•3 views

USN-8148-7: Linux kernel (NVIDIA) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Netfilter; - Network traffic control; CVE-2026-23060, CVE-2026-23074, CVE-2026-23111...

7.8CVSS5.8AI score0.00023EPSS

Exploits3

Ubuntu•added 2026/04/16 3:55 p.m.•2 views

USN-8178-1: oFono vulnerabilities

It was discovered that oFono incorrectly handled crafted responses from AT commands. An attacker could possibly use this issue to crash the program, resulting in a denial of service or arbitrary code execution. CVE-2024-7538, CVE-2024-7539, CVE-2024-7540, CVE-2024-7541, CVE-2024-7542 Lucas Leong...

7.8CVSS6AI score0.00182EPSS

Ubuntu•added 2026/04/16 2:56 p.m.•2 views

USN-8180-1: Linux kernel vulnerabilities

Ubuntu•added 2026/04/16 2:13 p.m.•4 views

USN-8179-1: Linux kernel vulnerabilities

Ubuntu•added 2026/04/15 8:25 p.m.•11 views

USN-8145-5: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - UDF file system; - NFC subsystem; - Network traffic control;...

7.8CVSS6.7AI score0.00055EPSS

Ubuntu•added 2026/04/15 7:22 p.m.•4 views

USN-8176-1: .NET vulnerabilities

7.5CVSS6.2AI score0.08014EPSS

Ubuntu•added 2026/04/15 3:6 a.m.•3 views

USN-8175-1: FRR vulnerability

It was discovered that FRR did not correctly handle certain network requests. A remote attacker could possibly use this issue to gain unauthorized access to resources...

4.2CVSS5.8AI score0.00018EPSS

Ubuntu•added 2026/04/14 8:1 p.m.•5 views

USN-8138-2: tar-rs vulnerability

USN-8138-1 fixed a vulnerability in tar-rs. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a speciall...

6.5CVSS6AI score0.00019EPSS

Ubuntu•added 2026/04/14 6:1 p.m.•2 views

USN-8168-2: Rust vulnerability

USN-8168-1 fixed a vulnerability in Rust. This update provides the corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archiv...

6.5CVSS6AI score0.00019EPSS