CVE coverage

Ubuntu 24.04 LTS CVE list & vulnerability tracker

Noxen pulls Ubuntu 24.04 CVE data from OSV.dev's Ubuntu ecosystem feed — the same source Canonical itself publishes through their security tracker. Records are deduped against NVD/VulnCheck and shipped in a signed snapshot, daily.

Live

Headline numbers

Total CVE records (all distros)Loading…
Last buildLoading…
OSV records (Ubuntu + others)Loading…
NVD records (cross-platform)Loading…

Per-distro shard counts will appear here once shard metadata is exposed publicly. The full feed already filters Ubuntu records by ecosystem prefix on the client.

How matching works

What Noxen does for an Ubuntu 24.04 host

Reads /etc/os-release over SSH to confirm the host is on Ubuntu 24.04.
Reads the dpkg package list — every binary package, plus its corresponding source package via dpkg-query --showformat='${Source}'.
Filters the local feed cache to OSV records tagged with ecosystem Ubuntu:24.04:LTS or Ubuntu:Pro:24.04:LTS.
For each record, compares your installed version against the OSV-published fix version using the Debian/Ubuntu version-comparison rules (epoch, upstream, debian-revision).
Emits a finding only when the installed version is older than the fix. Records without a fix version don't generate findings (those are tracked but unactionable until the distro ships a backport).

Live listings

Top recent critical CVEs (Ubuntu)

Most-recently-published critical CVEs in the Ubuntu ecosystem. Auto-deduped to one row per CVE ID.

Loading…

Top recent high-severity CVEs (Ubuntu)

Loading…

New to severity terminology? CVE, CVSS, CWE, and CPE are explained in the blog.

Notable

Recent CVEs that Ubuntu 24.04 homelabs care about

Brief, non-exhaustive selection of high-severity CVEs that have materially affected Ubuntu 24.04 in the last 12 months.

CVE-2024-6387 (regreSSHion) — OpenSSH signal-handler race producing pre-auth RCE. Fixed in openssh-server 1:9.6p1-3ubuntu13.3.
CVE-2024-3094 (xz backdoor) — supply-chain backdoor in xz-utils 5.6.0/5.6.1. Ubuntu 24.04 was on a clean version, but the public-key check is still worth running on any imported xz-source.
CVE-2024-1086 (nf_tables UAF) — Linux kernel local privilege escalation, exploited in the wild. Patched in HWE kernels.

Scan an Ubuntu fleet with Noxen

Add your Ubuntu 24.04 hosts via your existing ~/.ssh/config; Noxen handles the rest. No agent, no SaaS round-trip. $79 one-time at launch.