[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgOgc9RhJ6xA2P-PfBNK-dA7RtsVEzPJGAycmGWgbijM":3},{"product":4,"cycleMajor":14,"releases":15,"cves":31,"nextMajor":144},{"id":5,"slug":6,"name":7,"category":8,"vendor":9,"description":10,"logo_url":11,"official_url":9,"synced_at":12,"created_at":13},"869a0b9c-2a21-449a-95c3-5745623dacd4","ubuntu","Ubuntu","os",null,"Developers rely on a stable and secure operating system to build and deploy their applications, and one popular choice is a Linux distribution that has been around since 2004. Created by a British company and a community of contributors, this operating system is based on Debian and composed primarily of free and open-source software. Under a meritocratic governance model, new versions are regularly released, with the latest stable version being 22.04.5. With a large community of users and contributors, this operating system is widely used in various environments, from desktops to servers, due to its flexibility and customizability.\n\nThe end-of-life landscape for this operating system is complex, with a total of 44 versions released so far. Out of these, 40 versions have already reached their end-of-life, which means they no longer receive security updates or support. Currently, only 4 versions are still active and supported, with the next version to expire being 25.10, which will reach its end-of-life on 2026-07-01. This means that developers who are still using this version should start planning their upgrade to a newer version to ensure they continue to receive security updates and support. The last version to reach its end-of-life was 25.04, which expired on 2026-01-17.\n\nThe security picture for this operating system is a concern, with a total of 161 CVEs tracked, out of which 12 are critical. The most affected version is 14.04, which has 15 CVEs, highlighting the importance of keeping the operating system up-to-date. Developers should take action to ensure they are running a supported version and apply security patches regularly to protect their systems from potential vulnerabilities. Additionally, they should monitor the Known Exploited Vulnerabilities catalog for any updates related to this operating system, and take prompt action to mitigate any known vulnerabilities.","https:\u002F\u002Fcdn.simpleicons.org\u002Fubuntu","2026-07-17T02:10:37.93+00:00","2026-05-30T16:23:56.027772+00:00","14",[16,23],{"id":17,"product_id":5,"cycle":18,"release_date":19,"eol":20,"eol_boolean":9,"latest":18,"latest_release_date":19,"lts":21,"support":20,"created_at":22},"e4084eac-c9ee-4feb-9d79-4741e692e230","14.10","2014-10-23","2015-07-23",false,"2026-05-30T16:26:03.614798+00:00",{"id":24,"product_id":5,"cycle":25,"release_date":26,"eol":27,"eol_boolean":9,"latest":28,"latest_release_date":29,"lts":30,"support":27,"created_at":22},"62d9ff42-c5d5-459e-a965-b98e612fe5a0","14.04","2014-04-17","2019-04-02","14.04.6","2019-03-07",true,[32,40,41,47,55,62,69,76,82,90,97,103,109,116,123,129,137,138],{"cveId":33,"releaseId":17,"cycle":18,"description":34,"severity":35,"cvssScore":36,"epssScore":37,"inKev":30,"publishedAt":38,"url":39},"CVE-2026-31431","In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.","HIGH",7.8,0.96267,"2026-04-22T09:16:21.27+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2026-31431",{"cveId":33,"releaseId":24,"cycle":25,"description":34,"severity":35,"cvssScore":36,"epssScore":37,"inKev":30,"publishedAt":38,"url":39},{"cveId":42,"releaseId":24,"cycle":25,"description":43,"severity":35,"cvssScore":36,"epssScore":44,"inKev":30,"publishedAt":45,"url":46},"CVE-2022-0492","A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel\u002Fcgroup\u002Fcgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.",0.05528,"2022-03-03T19:15:08.633+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2022-0492",{"cveId":48,"releaseId":24,"cycle":25,"description":49,"severity":50,"cvssScore":51,"epssScore":52,"inKev":21,"publishedAt":53,"url":54},"CVE-2020-29372","An issue was discovered in do_madvise in mm\u002Fmadvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.","MEDIUM",4.7,0.00394,"2020-11-28T07:15:11.727+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2020-29372",{"cveId":56,"releaseId":24,"cycle":25,"description":57,"severity":50,"cvssScore":58,"epssScore":59,"inKev":21,"publishedAt":60,"url":61},"CVE-2019-11135","TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.",6.5,0.03133,"2019-11-14T19:15:13.113+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2019-11135",{"cveId":63,"releaseId":24,"cycle":25,"description":64,"severity":35,"cvssScore":65,"epssScore":66,"inKev":21,"publishedAt":67,"url":68},"CVE-2019-18197","In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.",7.5,0.04446,"2019-10-18T21:15:10.793+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2019-18197",{"cveId":70,"releaseId":24,"cycle":25,"description":71,"severity":50,"cvssScore":72,"epssScore":73,"inKev":21,"publishedAt":74,"url":75},"CVE-2019-13118","In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character\u002Flength combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.",5.3,0.05147,"2019-07-01T02:15:09.8+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2019-13118",{"cveId":77,"releaseId":24,"cycle":25,"description":78,"severity":50,"cvssScore":72,"epssScore":79,"inKev":21,"publishedAt":80,"url":81},"CVE-2019-13117","In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.",0.06457,"2019-07-01T02:15:09.737+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2019-13117",{"cveId":83,"releaseId":24,"cycle":25,"description":84,"severity":85,"cvssScore":86,"epssScore":87,"inKev":21,"publishedAt":88,"url":89},"CVE-2019-11068","libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.","CRITICAL",9.8,0.05089,"2019-04-10T20:29:01.147+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2019-11068",{"cveId":91,"releaseId":24,"cycle":25,"description":92,"severity":50,"cvssScore":93,"epssScore":94,"inKev":21,"publishedAt":95,"url":96},"CVE-2019-6109","An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",6.8,0.03807,"2019-01-31T18:29:00.71+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2019-6109",{"cveId":98,"releaseId":24,"cycle":25,"description":99,"severity":35,"cvssScore":36,"epssScore":100,"inKev":21,"publishedAt":101,"url":102},"CVE-2018-10902","It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.",0.00523,"2018-08-21T19:29:00.22+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2018-10902",{"cveId":104,"releaseId":24,"cycle":25,"description":105,"severity":50,"cvssScore":58,"epssScore":106,"inKev":21,"publishedAt":107,"url":108},"CVE-2018-13785","In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.",0.0447,"2018-07-09T13:29:00.443+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2018-13785",{"cveId":110,"releaseId":24,"cycle":25,"description":111,"severity":50,"cvssScore":112,"epssScore":113,"inKev":21,"publishedAt":114,"url":115},"CVE-2018-3639","Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.",5.5,0.60631,"2018-05-22T12:29:00.25+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2018-3639",{"cveId":117,"releaseId":24,"cycle":25,"description":118,"severity":50,"cvssScore":119,"epssScore":120,"inKev":21,"publishedAt":121,"url":122},"CVE-2017-5753","Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",5.6,0.93838,"2018-01-04T13:29:00.257+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2017-5753",{"cveId":124,"releaseId":24,"cycle":25,"description":125,"severity":35,"cvssScore":36,"epssScore":126,"inKev":21,"publishedAt":127,"url":128},"CVE-2015-8325","The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the \u002Fbin\u002Flogin program, as demonstrated by an LD_PRELOAD environment variable.",0.00627,"2016-05-01T01:59:00.143+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2015-8325",{"cveId":130,"releaseId":24,"cycle":25,"description":131,"severity":132,"cvssScore":133,"epssScore":134,"inKev":21,"publishedAt":135,"url":136},"CVE-2015-4000","The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.","LOW",3.7,0.9986,"2015-05-21T00:59:00.087+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2015-4000",{"cveId":130,"releaseId":17,"cycle":18,"description":131,"severity":132,"cvssScore":133,"epssScore":134,"inKev":21,"publishedAt":135,"url":136},{"cveId":139,"releaseId":24,"cycle":25,"description":140,"severity":132,"cvssScore":133,"epssScore":141,"inKev":21,"publishedAt":142,"url":143},"CVE-2015-2808","The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue.",0.73851,"2015-04-01T02:00:35.097+00:00","https:\u002F\u002Fnvd.nist.gov\u002Fvuln\u002Fdetail\u002FCVE-2015-2808","15"]