CVE-2024-11586
https://notcve.org/view.php?id=CVE-2024-11586
Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected. • https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822 https://www.cve.org/CVERecord?id=CVE-2024-11586 •
CVE-2024-9312
https://notcve.org/view.php?id=CVE-2024-9312
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. • https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2 https://www.cve.org/CVERecord?id=CVE-2024-9312 • CWE-286: Incorrect User Management •
CVE-2024-9313
https://notcve.org/view.php?id=CVE-2024-9313
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. El módulo PAM de Authd anterior a la versión 0.3.5 puede permitir que los usuarios administrados por el broker se hagan pasar por cualquier otro usuario administrado por el mismo broker y realicen cualquier operación PAM con él, incluida la autenticación como ellos. • https://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787 https://www.cve.org/CVERecord?id=CVE-2024-9313 •
CVE-2024-8038
https://notcve.org/view.php?id=CVE-2024-8038
Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. • https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq https://www.cve.org/CVERecord?id=CVE-2024-8038 • CWE-420: Unprotected Alternate Channel •
CVE-2024-8037
https://notcve.org/view.php?id=CVE-2024-8037
Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. • https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x https://www.cve.org/CVERecord?id=CVE-2024-8037 • CWE-276: Incorrect Default Permissions •