GCVE - cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*

part: o version: 23.04 update: *

Vendor	Canonical (`bedcba35-8c3d-5a60-8532-2ba876a6ec88`)
Product	Ubuntu Linux (`f82c71f7-7613-59c6-b78d-a15b5eb77bd3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-5616`	vulnerable	2026-06-03 14:53:49.103901	Details available In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user. Published: 2025-04-15T18:29:54.565Z Updated: 2025-04-15T20:51:31.399Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577 https://ubuntu.com/security/notices/USN-6554-1 https://ubuntu.com/security/CVE-2023-5616	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4911`	vulnerable	2026-06-03 14:53:29.936198	Glibc: buffer overflow in ld.so leading to privilege escalation HIGH (7.8) A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Published: 2023-10-03T17:25:08.434Z Updated: 2026-05-12T10:18:01.935Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5454 https://access.redhat.com/errata/RHSA-2023:5455 https://access.redhat.com/errata/RHSA-2023:5476 https://access.redhat.com/errata/RHSA-2024:0033	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3297`	vulnerable	2026-06-03 14:52:40.381882	Details available HIGH (8.1) In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. Published: 2023-09-01T20:49:43.576Z Updated: 2024-09-30T20:19:08.943Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-6190-1 https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/ https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3297`	not_vulnerable	2026-06-03 14:52:40.380158	Details available HIGH (8.1) In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. Published: 2023-09-01T20:49:43.576Z Updated: 2024-09-30T20:19:08.943Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-6190-1 https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/ https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-32629`	vulnerable	2026-06-03 14:51:59.427830	Details available HIGH (7.8) Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels Published: 2023-07-26T01:59:47.061Z Updated: 2025-02-13T16:54:52.620Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-6250-1 https://lists.ubuntu.com/archives/kernel-team/2023-July/140920.html https://wiz.io/blog/ubuntu-overlayfs-vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32629 http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2640`	vulnerable	2026-06-03 14:51:43.567102	Details available HIGH (7.8) On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks. Published: 2023-07-26T01:59:23.543Z Updated: 2024-10-23T14:59:17.779Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-6250-1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2640 https://wiz.io/blog/ubuntu-overlayfs-vulnerability https://lists.ubuntu.com/archives/kernel-team/2023-July/140923.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1786`	vulnerable	2026-06-03 14:48:56.500717	sensitive data exposure in cloud-init logs MEDIUM (5.5) Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. Published: 2023-04-26T22:23:47.305Z Updated: 2025-02-13T16:39:30.230Z Open on db.gcve.eu Reference links https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b https://bugs.launchpad.net/cloud-init/+bug/2013967 https://ubuntu.com/security/notices/USN-6042-1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATBJSXPL2IOAD2LDQRKWPLIC7QXS44GZ/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1523`	vulnerable	2026-06-03 14:48:55.682708	Details available CRITICAL (10) Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. Published: 2023-09-01T18:41:47.820Z Updated: 2024-10-01T13:08:45.851Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-6125-1 https://github.com/snapcore/snapd/pull/12849 https://marc.info/?l=oss-security&m=167879021709955&w=2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1523	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.