Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Ubuntu — Vulnerabilities & Security Advisories 38

Browse all 38 CVE security advisories affecting Ubuntu. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ubuntu is an open-source Linux distribution primarily utilized for cloud infrastructure, enterprise servers, and Internet of Things (IoT) devices. Its extensive package repository and long-term support cycles make it a foundational component for modern data centers, though this breadth introduces a complex attack surface. Historically, vulnerabilities within the ecosystem frequently involve privilege escalation, remote code execution, and improper access controls, often stemming from third-party dependencies or misconfigured default settings rather than core kernel flaws. While major security incidents are relatively rare due to rigorous patching processes, the sheer volume of installed instances means that any critical flaw can have widespread impact. The current record of 38 Common Vulnerabilities and Exposures highlights the ongoing need for diligent system maintenance. Administrators must prioritize timely updates and strict configuration management to mitigate risks associated with these identified weaknesses and ensure the integrity of deployed services.

Top products by Ubuntu: maas grub2 in Ubuntu Linux kernel Shiftfs in the Linux kernel Apport Unity8 base-files openssh edk2 Ubuntu package linux-bluefield Linux accountsservice 18.04 LTS (bionic) Linux kernel libvirt Linux kernel (aufs filesystem module) Whoopsie Cobbler snapweb Oxide Ubuntu Download Manager unity-scope-gdrive LXD Content Hub python-dbusmock Juju signon
CVE IDTitleCVSSSeverityPublished
CVE-2026-3497 OpenSSH 安全漏洞 — opensshCWE-908 9.1AICriticalAI2026-03-12
CVE-2025-7044 Privilege Escalation in MAAS via Websocket Request Manipulation — MAASCWE-269 7.7 High2025-12-03
CVE-2025-2486 UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu — edk2CWE-489 6.0AIMediumAI2025-11-26
CVE-2023-0881 DDoS in Ubuntu package linux-bluefield — Ubuntu package linux-bluefieldCWE-20 7.5 High2025-03-31
CVE-2022-1804 Accountsservice incorrectly drops privileges — LinuxCWE-269 5.5 Medium2025-03-25
CVE-2020-11935 aufs: improperly managed inode reference counts in the vfsub_dentry_open() method — Linux kernel (aufs filesystem module)CWE-911 4.4 Medium2023-04-07
CVE-2021-3939 Free of static data in accountsservice — accountsserviceCWE-590 7.8 High2021-11-17
CVE-2021-3493 Linux kernel 安全漏洞 — linux kernelCWE-270 8.8 High2021-04-17
CVE-2021-3492 Ubuntu linux kernel shiftfs file system double free vulnerability — Linux kernelCWE-415 8.8 High2021-04-17
CVE-2020-15708 Libvirt Service Arbitrary File Write Privilege Escalation Vulnerability — libvirtCWE-732 9.3 Critical2020-11-06
CVE-2020-15707 GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow. — grub2 in UbuntuCWE-362 5.7 Medium2020-07-29
CVE-2020-15706 GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing. — grub2 in UbuntuCWE-362 6.4 Medium2020-07-29
CVE-2020-15705 GRUB2: avoid loading unsigned kernels when GRUB is booted directly under secureboot without shim — grub2 in UbuntuCWE-347 6.4 Medium2020-07-29
CVE-2014-1423 Online Accounts Signon daemon gives out all oauth tokens to any app — signonCWE-522 5.9 Medium2020-05-07
CVE-2019-15793 Mishandling of file-system uid/gid with namespaces in shiftfs — Shiftfs in the Linux kernelCWE-538 6.5 Medium2020-04-23
CVE-2019-15794 Reference counting error in overlayfs/shiftfs error path when used in conjuction with aufs — Linux kernelCWE-672 7.1 High2020-04-23
CVE-2019-15791 Reference count underflow in shiftfs — Shiftfs in the Linux kernelCWE-672 7.1 High2020-04-23
CVE-2019-15792 Type confusion in shiftfs — Shiftfs in the Linux kernelCWE-843 7.1 High2020-04-23
CVE-2020-8832 Ubuntu 18.04 Linux kernel i915 incomplete fix for CVE-2019-14615 — 18.04 LTS (bionic) Linux kernelCWE-200 5.5 Medium2020-04-09
CVE-2012-2092 Ubuntu Cobbler 数据伪造问题漏洞 — Cobbler 7.4 -2019-12-06
CVE-2019-7307 Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml — apportCWE-367 7.0 -2019-08-29
CVE-2019-11476 Integer overflow in whoopsie results in out-of-bounds heap write — WhoopsieCWE-190 8.4 -2019-08-29
CVE-2016-1586 Oxide 输入验证错误漏洞 — Oxide 7.5 -2019-04-22
CVE-2016-1587 Snapweb interface 访问控制错误漏洞 — snapweb 7.5 -2019-04-22
CVE-2016-1584 Unity8 converged application lifecycle allows background applications to use on-screen keyboard when not top-most — Unity8 5.3 -2019-04-22
CVE-2016-1579 UDM doesn't check for confinement before running post-processing commands — Ubuntu Download Manager 9.8 -2019-04-22
CVE-2016-1573 Using a specially crafted fallback art property, scopes can execute arbitrary QML code in context of unity8-dash — Unity8 8.4 -2019-04-22
CVE-2015-1343 unity-scope-gdrive search feature logs search terms to syslog — unity-scope-gdrive 5.3 -2019-04-22
CVE-2015-1341 Apport privilege escalation through Python module imports — Apport 8.4 -2019-04-22
CVE-2015-1340 chmod race in doUidshiftIntoContainer — LXD 8.1 -2019-04-22

This page lists every published CVE security advisory associated with Ubuntu. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.