GCVE - cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*

part: o version: 22.10 update: *

Vendor	Canonical (`bedcba35-8c3d-5a60-8532-2ba876a6ec88`)
Product	Ubuntu Linux (`f82c71f7-7613-59c6-b78d-a15b5eb77bd3`)
Edition	*
Language	*
Software edition	-
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-6387`	vulnerable	2026-06-03 14:58:02.997258	Openssh: regresshion - race condition in ssh allows rce/dos HIGH (8.1) A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Published: 2024-07-01T12:37:25.431Z Updated: 2026-05-12T11:39:26.672Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2024:4312 https://access.redhat.com/errata/RHSA-2024:4340 https://access.redhat.com/errata/RHSA-2024:4389 https://access.redhat.com/errata/RHSA-2024:4469 https://access.redhat.com/errata/RHSA-2024:4474	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3297`	vulnerable	2026-06-03 14:52:40.381863	Details available HIGH (8.1) In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. Published: 2023-09-01T20:49:43.576Z Updated: 2024-09-30T20:19:08.943Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-6190-1 https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/ https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3297`	not_vulnerable	2026-06-03 14:52:40.380706	Details available HIGH (8.1) In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. Published: 2023-09-01T20:49:43.576Z Updated: 2024-09-30T20:19:08.943Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-6190-1 https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/ https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2612`	vulnerable	2026-06-03 14:51:43.504563	shiftfs lock unbalance in Ubuntu-specific kernels MEDIUM (4.4) Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock). Published: 2023-05-30T23:12:29.867Z Updated: 2025-02-13T16:44:50.457Z Open on db.gcve.eu Reference links https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/commit/?id=02b47547824b1cd0d55c6744f91886f04de8947e https://ubuntu.com/security/CVE-2023-2612 https://ubuntu.com/security/notices/USN-6122-1 https://ubuntu.com/security/notices/USN-6123-1 https://ubuntu.com/security/notices/USN-6124-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1786`	vulnerable	2026-06-03 14:48:56.500698	sensitive data exposure in cloud-init logs MEDIUM (5.5) Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. Published: 2023-04-26T22:23:47.305Z Updated: 2025-02-13T16:39:30.230Z Open on db.gcve.eu Reference links https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b https://bugs.launchpad.net/cloud-init/+bug/2013967 https://ubuntu.com/security/notices/USN-6042-1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1523`	vulnerable	2026-06-03 14:48:55.681634	Details available CRITICAL (10) Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. Published: 2023-09-01T18:41:47.820Z Updated: 2024-10-01T13:08:45.851Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-6125-1 https://github.com/snapcore/snapd/pull/12849 https://marc.info/?l=oss-security&m=167879021709955&w=2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1326`	vulnerable	2026-06-03 14:48:54.289847	local privilege escalation in apport-cli HIGH (7.7) A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. Published: 2023-04-13T22:35:19.704Z Updated: 2025-02-07T15:54:48.365Z Open on db.gcve.eu Reference links https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb https://ubuntu.com/security/notices/USN-6018-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1032`	vulnerable	2026-06-03 14:48:53.558232	Details available MEDIUM (4.7) The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067. Published: 2024-01-08T18:11:31.951Z Updated: 2024-08-27T15:48:22.031Z Open on db.gcve.eu Reference links https://www.openwall.com/lists/oss-security/2023/03/13/2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032 https://ubuntu.com/security/notices/USN-6033-1 https://ubuntu.com/security/notices/USN-6024-1 https://ubuntu.com/security/notices/USN-5977-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3328`	vulnerable	2026-06-03 14:47:52.903752	Details available HIGH (7.8) Race condition in snap-confine's must_mkdir_and_open_with_perms() Published: 2024-01-08T18:04:10.534Z Updated: 2025-06-03T14:35:04.952Z Open on db.gcve.eu Reference links https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328 https://ubuntu.com/security/notices/USN-5753-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2602`	vulnerable	2026-06-03 14:47:06.769066	Details available MEDIUM (5.3) io_uring UAF, Unix SCM garbage collection Published: 2024-01-08T17:56:16.403Z Updated: 2025-04-17T17:54:49.459Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-5692-1 https://ubuntu.com/security/notices/USN-5752-1 https://ubuntu.com/security/notices/USN-5693-1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2602 https://ubuntu.com/security/notices/USN-5691-1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.