CVE-2024-6714
https://notcve.org/view.php?id=CVE-2024-6714
An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege. Se descubrió un problema en provd anterior a la versión 0.1.5 con un binario setuid, que permite a un atacante local escalar sus privilegios. • https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574 https://github.com/canonical/ubuntu-desktop-provision/commit/8d9086de0f82894ff27a9e429ff4f45231020092 https://www.cve.org/CVERecord?id=CVE-2024-6714 • CWE-73: External Control of File Name or Path •
CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anteriores de OpenSSH), luego se llama al controlador SIGALRM de sshd de forma asincrónica. Sin embargo, este controlador de señales llama a varias funciones que no son seguras para señales asíncronas, por ejemplo, syslog(). • https://github.com/l0n3m4n/CVE-2024-6387 https://github.com/thegenetic/CVE-2024-6387-exploit https://github.com/d0rb/CVE-2024-6387 https://github.com/devarshishimpi/CVE-2024-6387-Check https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387 https://github.com/Symbolexe/CVE-2024-6387 https://github.com/xonoxitron/regreSSHion https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit https://github.com/4lxprime/regreSSHive https://github.com/shamo0/CVE-2024-6387_PoC https: • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVE-2024-6388
https://notcve.org/view.php?id=CVE-2024-6388
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext. • https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944 https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24 https://www.cve.org/CVERecord?id=CVE-2024-6388 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVE-2023-48733
https://notcve.org/view.php?id=CVE-2023-48733
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. Un valor predeterminado inseguro para permitir UEFI Shell en EDK2 se dejó habilitado en EDK2 de Ubuntu. Esto permite que un atacante residente en el sistema operativo omita el arranque seguro. • https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html https://nvd.nist.gov/vuln/detail/CVE-2023-48733 https://www.openwall.com/lists/oss-security/2024/02/14/4 •
CVE-2022-4964
https://notcve.org/view.php?id=CVE-2022-4964
Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. Pipewire-pulse en snap de Ubuntu otorga acceso al micrófono incluso cuando la interfaz snap para grabación de audio no está configurada. • https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4964 https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1779 https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567 • CWE-276: Incorrect Default Permissions •