If a system is connected then it is vulnerable, all end user OS whether it be a Linux Distro or Windows meet EAL 4 or 4+ in the common criteria which means they are all secure within reason whilst leaving functionality and ease of use the primary goals.
There are systems which meet higher criteria but they are not meant for end user use such as bespoke military or aerospace systems and the like.
Most Ubuntu distors meet EAL 4+ which is the same as most Windows versions, of course not every version or company puts forward for certification, Why ? because there is no need as they are end user OS.
The methods are often similar or vastly different but all connected systems have some type of vulnerability which is par for the course for being connected.
Point metasploit/meterpreter at most systems and something will pop up, usually a reverse shell (joke)
The whole "secure" thing is sadly misunderstood, I read in here all the time about not needing a firewall if behind a router.....shame people know nothing about how easy it can often be to compromise a home based NAT router, firewalk, use Hping to ping using TCP past firewalls that block ICMP, session splice, XSS, NMAP idle scans or FTP bounce, reverse connections from arbitrary port creation as no outgoing traffic is controlled....... ad nauseum ad infinitum I dont bother replying anymore.