Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE reports

The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed.


Search CVEs


Recent CVEs

CVE-2024-9680

High priority

Some fixes available 3 of 13

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...


CVE-2024-31449

High priority
Needs evaluation

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code...

1 affected packages

redis


CVE-2024-43882

High priority

Some fixes available 7 of 95

In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata...

125 affected packages

linux, linux-allwinner-5.19, linux-aws, linux-aws-5.0, linux-aws-5.11...


CVE-2024-7542

High priority
Needs evaluation

oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the...

1 affected packages

ofono


CVE-2024-7541

High priority
Needs evaluation

oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the...

1 affected packages

ofono