CVE reports

The Common Vulnerabilities and Exposures (CVE) system is used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Canonical keeps track of all CVEs affecting Ubuntu, and releases a security notice when an issue is fixed.

Search CVEs

By Ubuntu release

Recent CVEs

CVE-2024-12797

High priority
Fixed

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER...

4 affected packages

edk2, nodejs, openssl, openssl1.0

CVE-2025-24032

High priority
Needs evaluation

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of...

1 affected package

pam-pkcs11

CVE-2025-24531

High priority
Needs evaluation

[Possible Authentication Bypass in Error Situations]

1 affected package

pam-pkcs11

CVE-2025-0411

High priority
Not affected

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this...

2 affected packages

7zip, p7zip

CVE-2024-57798

High priority
Vulnerable

In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() While receiving an MST up request message from one thread...

128 affected packages

linux, linux-allwinner-5.19, linux-aws, linux-aws-5.0, linux-aws-5.11...

Resources

Join the discussion

Ubuntu Pro

10-year security coverage for Ubuntu and 23,000 open-source applications and toolchains.

Get Ubuntu Pro

From our blog