CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8287
https://notcve.org/view.php?id=CVE-2024-8287
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this. • https://bugs.launchpad.net/anbox-cloud/+bug/2077570 https://discourse.ubuntu.com/t/anbox-cloud-1-23-1-has-been-released/48141 https://www.cve.org/CVERecord?id=CVE-2024-8287 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-5290
https://notcve.org/view.php?id=CVE-2024-5290
An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist. • https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613 https://ubuntu.com/security/notices/USN-6945-1 https://snyk.io/blog/abusing-ubuntu-root-privilege-escalation • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-6984
https://notcve.org/view.php?id=CVE-2024-6984
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. • https://github.com/juju/juju/commit/da929676853092a29ddf8d589468cf85ba3efaf2 https://github.com/juju/juju/security/advisories/GHSA-6vjm-54vp-mxhx https://www.cve.org/CVERecord?id=CVE-2024-6984 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29069 – snapd will follow archived symlinks when unpacking a filesystem
https://notcve.org/view.php?id=CVE-2024-29069
In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information. • https://github.com/snapcore/snapd/pull/13682 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29068 – snapd non-regular file indefinite blocking read
https://notcve.org/view.php?id=CVE-2024-29068
In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service. • https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063 https://github.com/snapcore/snapd/pull/13682 • CWE-20: Improper Input Validation •