Canonical Ubuntu_linux
1663 CVEs affecting Canonical Ubuntu_linux. Latest disclosed: 2026-05-28. Critical: 79, High: 302.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-16845 | Critical | 10.0 | 2017-11-17 | hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. |
CVE-2015-8104 | Critical | 10.0 | 2015-11-16 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by… |
CVE-2019-17571 | Critical | 9.8 | 2019-12-20 | Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code… |
CVE-2019-11068 | Critical | 9.8 | 2019-04-10 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error… |
CVE-2017-17499 | Critical | 9.8 | 2017-12-11 | ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp. |
CVE-2017-17480 | Critical | 9.8 | 2017-12-08 | In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write… |
CVE-2017-14746 | Critical | 9.8 | 2017-11-27 | Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. |
CVE-2017-16548 | Critical | 9.8 | 2017-11-06 | The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote… |
CVE-2017-12629 | Critical | 9.8 | 2017-10-14 | Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener com… |
CVE-2017-0903 | Critical | 9.8 | 2017-10-11 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can byp… |
CVE-2017-15032 | Critical | 9.8 | 2017-10-05 | ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. |
CVE-2017-14491 | Critical | 9.8 | 2017-10-04 | Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS resp… |
CVE-2017-14493 | Critical | 9.8 | 2017-10-03 | Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6… |
CVE-2017-14492 | Critical | 9.8 | 2017-10-03 | Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 rou… |
CVE-2017-14632 | Critical | 9.8 | 2017-09-21 | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels… |
CVE-2017-14626 | Critical | 9.8 | 2017-09-21 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. |
CVE-2017-14625 | Critical | 9.8 | 2017-09-21 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. |
CVE-2017-14624 | Critical | 9.8 | 2017-09-21 | ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. |
CVE-2017-14532 | Critical | 9.8 | 2017-09-18 | ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. |
CVE-2017-14064 | Critical | 9.8 | 2017-08-31 | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ex… |