Canonical Ubuntu vulnerabilities

CVE-2025-15480 [LOW] CWE-1258 CVE-2025-15480: In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during cra In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.

CVE-2025-14551 [LOW] CWE-1258 CVE-2025-14551: In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. U In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.

CVE-2014-1949 [HIGH] CWE-284 CVE-2014-1949: GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.

CVE-2014-1424 [MEDIUM] CWE-264 CVE-2014-1424: apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attacke apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."