Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Ubuntu Number Of NVD 4093 CRITICAL 341 HIGH 1595 MEDIUM 1941 LOW 216
URL https://ubuntu.com/
Explanation A release without LTS is a normal release and provides support for 9 months after it is released.
LTS (Long Term Support) provides support for five years.
After the end of LTS, we also offer a service that provides extended support (about 5 years) for a fee.
Tag
  • Linux
Add Information URL
No Type Name URL
1 https://ubuntu.com/about/release-cycle
2 https://wiki.ubuntu.com/
3 https://wiki.ubuntu.com/Releases
4 https://ubuntu.com/licensing
5 https://ubuntu.com/security/notices
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
131 Ubuntu 24 24.04.3 Aug. 7, 2025 April 25, 2024 0 0 1 0
132 Ubuntu 23.04 23.04 April 24, 2023 April 24, 2023 April 30, 2024 1 5 2 0
133 Ubuntu 22.04 LTS 22.04.5 Sept. 12, 2024 April 21, 2022 April 30, 2027 April 30, 2032 1 25 11 0
134 Ubuntu 21.10 21.10 Oct. 14, 2021 Oct. 14, 2021 June 14, 2022 June 14, 2022 1 18 19 0
135 Ubuntu 21.04 21.04 April 22, 2021 April 22, 2021 Jan. 30, 2022 0 12 11 0
136 Ubuntu 20.10 20.10 Oct. 22, 2020 Oct. 22, 2020 July 30, 2021 0 5 13 1
137 Ubuntu 20.04 LTS 20.04.6 March 23, 2023 April 23, 2020 April 30, 2025 April 30, 2030 21 144 239 32
138 Ubuntu 19.10 Oct. 17, 2019 July 30, 2020 32 133 227 44
139 Ubuntu 19.04 April 18, 2019 Jan. 30, 2020 45 126 184 23
140 Ubuntu 18.10 Oct. 18, 2018 July 31, 2019 66 174 182 5
141 Ubuntu 18.04 LTS 18.04.6 Sept. 17, 2021 April 26, 2018 April 30, 2023 April 30, 2028 202 645 891 80
142 Ubuntu 17.10 Oct. 18, 2017 July 19, 2018 4 18 14 0
143 Ubuntu 17.04 April 13, 2017 July 20, 2017 4 18 14 0
144 Ubuntu 16.10 Oct. 13, 2016 July 28, 2016 6 24 8 0
145 Ubuntu 16.04 LTS 16.04.7 Aug. 13, 2020 April 21, 2016 April 30, 2021 April 30, 2024 239 852 1060 83
146 Ubuntu 15.10 Oct. 22, 2015 Feb. 4, 2016 20 148 162 24
147 Ubuntu 15.04 April 23, 2015 July 23, 2015 5 100 130 29
148 Ubuntu 14.10 Oct. 23, 2014 July 14, 2014 0 3 1 0
149 Ubuntu 14.04 LTS 14.04.6 March 7, 2019 April 17, 2014 April 30, 2019 April 30, 2022 216 844 1015 82
150 Ubuntu 13.10 Oct. 17, 2013 July 14, 2014 15 56 68 15
151 Ubuntu 13.04 April 25, 2013 Jan. 27, 2014 6 16 60 9
152 Ubuntu 12.04 LTS April 26, 2012 April 28, 2017 April 30, 2019 90 577 669 83
153 Ubuntu 11.10 Oct. 13, 2011 May 9, 2013 1 111 108 13
154 Ubuntu 11.04 April 28, 2011 Oct. 28, 2012 1 56 56 8
155 Ubuntu 10.10 Oct. 10, 2010 April 10, 2012 2 47 52 17
156 Ubuntu 9.10 Oct. 29, 2009 April 30, 2011 5 56 56 16
157 Ubuntu 9.04 April 23, 2009 Oct. 23, 2010 3 46 57 8
158 Ubuntu 8.10 Oct. 30, 2008 April 30, 2010 2 49 47 6
159 Ubuntu 8.04 LTS 8.04.4 Jan. 28, 2010 April 24, 2008 May 9, 2013 7 99 119 18
160 Ubuntu 7.10 Oct. 18, 2007 April 18, 2009 3 48 37 5
161 Ubuntu 7.04 April 19, 2007 Oct. 19, 2008 4 46 28 4
162 Ubuntu 6.10 Oct. 26, 2006 April 26, 2008 2 33 32 4
163 Ubuntu 5.10 Oct. 13, 2005 April 13, 2007 0 22 19 1
164 Ubuntu 5.04 April 8, 2005 Oct. 31, 2006 0 14 13 2
165 Ubuntu 4.10 Oct. 20, 2004 April 30, 2006 1 13 8 2
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
131 7.5
5.0 		HIGH
Network 		url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. T… CWE-674
 Uncontrolled Recursion 		CVE-2020-25219 cpe:2.3:o:canonical:ubuntu_linux:20.04:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*
cpe:2.3:o:canonical:ubuntu_linu… 		2024-11-21 14:17
2020-09-10 		Show GitHub Exploit DB Packet Storm
132 9.8
10.0 		CRITICAL
Network 		CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. CWE-78
OS Command  		CVE-2020-24916 cpe:2.3:o:canonical:ubuntu_linux:18.04:* 2024-11-21 14:16
2020-09-10 		Show GitHub Exploit DB Packet Storm
133 9.8
6.8 		CRITICAL
Network 		WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. CWE-611
XXE 		CVE-2020-24379 cpe:2.3:o:canonical:ubuntu_linux:18.04:* 2024-11-21 14:14
2020-09-10 		Show GitHub Exploit DB Packet Storm
134 7.0
4.4 		HIGH
Local 		A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nf… CWE-787
CWE-367
 Out-of-bounds Write
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2020-25212 cpe:2.3:o:canonical:ubuntu_linux:20.04:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*
cpe:2.3:o:canonical:ubuntu_linu… 		2024-11-21 14:17
2020-09-10 		Show GitHub Exploit DB Packet Storm
135 3.7
4.3 		LOW
Network 		The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based cipher… CWE-203
 Information Exposure Through Discrepancy 		CVE-2020-1968 cpe:2.3:o:canonical:ubuntu_linux:18.04:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:* 		2024-11-21 14:11
2020-09-9 		Show GitHub Exploit DB Packet Storm
136 7.5
5.0 		HIGH
Network 		An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid se… CWE-787
CWE-476
 Out-of-bounds Write
 NULL Pointer Dereference 		CVE-2020-24659 cpe:2.3:o:canonical:ubuntu_linux:20.04:* 2024-11-21 14:15
2020-09-5 		Show GitHub Exploit DB Packet Storm
137 7.1
4.6 		HIGH
Network 		The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside gr… CWE-1188
 Insecure Default Initialization of Resource 		CVE-2020-7729 cpe:2.3:o:canonical:ubuntu_linux:18.04:* 2024-11-21 14:37
2020-09-3 		Show GitHub Exploit DB Packet Storm
138 3.3
4.3 		LOW
Local 		In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. CWE-59
Link Following 		CVE-2020-24654 cpe:2.3:o:canonical:ubuntu_linux:20.04:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*
cpe:2.3:o:canonical:ubuntu_linu… 		2024-11-21 14:15
2020-09-3 		Show GitHub Exploit DB Packet Storm
139 6.5
4.0 		MEDIUM
Network 		An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… CWE-697
 Incorrect Comparison 		CVE-2020-15811 cpe:2.3:o:canonical:ubuntu_linux:20.04:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*
cpe:2.3:o:canonical:ubuntu_linu… 		2024-11-21 14:06
2020-09-3 		Show GitHub Exploit DB Packet Storm
140 6.5
3.5 		MEDIUM
Network 		An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poi… CWE-444
HTTP Request Smuggling 		CVE-2020-15810 cpe:2.3:o:canonical:ubuntu_linux:20.04:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*
cpe:2.3:o:canonical:ubuntu_linu… 		2024-11-21 14:06
2020-09-3 		Show GitHub Exploit DB Packet Storm