Known Vulnerabilities for products from Ubuntu
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ubuntu".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-23428 json | Not Provided | 2026-04-03 | 2026-04-03 | |
| CVE-2026-23427 json | Not Provided | 2026-04-03 | 2026-04-03 | |
| CVE-2025-15480 json | Not Provided | 2026-04-09 | 2026-04-10 | |
| CVE-2025-14551 json | Not Provided | 2026-04-09 | 2026-04-10 | |
| CVE-2019-15796 json | Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or i... | 4.7 - MEDIUM | 2020-03-26 | 2020-10-19 |
| CVE-2019-15795 json | python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/packa... | 4.7 - MEDIUM | 2020-03-26 | 2020-04-08 |
| CVE-2017-14461 json | A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in ... | 7.1 - HIGH | 2018-03-02 | 2022-04-19 |
| CVE-2015-5479 json | The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of ... | 6.5 - MEDIUM | 2016-04-19 | 2023-11-07 |
| CVE-2015-2285 json | The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivi... | 7.2 - HIGH | 2015-03-12 | 2015-03-13 |
| CVE-2015-2150 json | Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which m... | 4.9 - MEDIUM | 2015-03-12 | 2023-11-07 |
| CVE-2015-1322 json | Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubunt... | 4.6 - MEDIUM | 2015-04-29 | 2016-05-26 |
| CVE-2014-1424 json | apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor pol... | 6.4 - MEDIUM | 2014-11-24 | 2014-11-24 |
| CVE-2013-2186 json | The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6... | 7.5 - HIGH | 2013-10-28 | 2018-01-09 |
| CVE-2013-1070 json | Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers t... | 4.3 - MEDIUM | 2014-02-17 | 2015-10-08 |
| CVE-2013-1069 json | Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to... | 2.1 - LOW | 2014-02-17 | 2014-02-21 |
| CVE-2011-4613 json | The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who i... | 4.6 - MEDIUM | 2014-02-05 | 2020-08-24 |
| CVE-2011-1842 json | dbus_backend/lsd.py in the D-Bus backend in language-selector before 0.6.7 does not validate the arguments to the (1) SetSyst... | 7.2 - HIGH | 2011-05-03 | 2017-08-17 |
| CVE-2011-0729 json | dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of ... | 7.2 - HIGH | 2011-04-29 | 2011-07-14 |
| CVE-2011-0724 json | The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, whi... | 9.3 - HIGH | 2011-02-19 | 2017-08-17 |
| CVE-2010-0834 json | The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped ... | 9.3 - HIGH | 2010-08-10 | 2010-08-10 |