CVSS: 8.1EPSS: 83%CPEs: 54EXPL: 99CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
01 Jul 2024 — A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anter... • https://packetstorm.news/files/id/179290 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5536
https://notcve.org/view.php?id=CVE-2023-5536
12 Dec 2023 — A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. Una característica en LXD (LP#1829071) afecta la configuración predeterminada de Ubuntu Server que permite a los usuarios privilegiados del grupo lxd escalar su privilegio a root sin requerir una contraseña sudo. • https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071 • CWE-276: Incorrect Default Permissions •
CVSS: 6.3EPSS: 31%CPEs: 28EXPL: 8CVE-2023-45866 – bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution
https://notcve.org/view.php?id=CVE-2023-45866
07 Dec 2023 — Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ ... • https://github.com/pentestfunctions/BlueDucky • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 2CVE-2023-44216
https://notcve.org/view.php?id=CVE-2023-44216
26 Sep 2023 — PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresión tr... • https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3777 – Use-after-free in Linux kernel's netfilter: nf_tables component
https://notcve.org/view.php?id=CVE-2023-3777
30 Aug 2023 — A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. Una vulnerabilidad de Use-After-Free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para l... • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-40283 – kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
https://notcve.org/view.php?id=CVE-2023-40283
14 Aug 2023 — An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. A flaw was found in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in so... • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 64%CPEs: 1EXPL: 11CVE-2023-2640 – Canonical Ubuntu OverlayFS File System Missing Authorization Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-2640
26 Jul 2023 — On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks. This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in orde... • https://packetstorm.news/files/id/183270 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 33%CPEs: 1EXPL: 9CVE-2023-32629 – Ubuntu Security Notice USN-6285-1
https://notcve.org/view.php?id=CVE-2023-32629
26 Jul 2023 — Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels La vulnerabilidad de escalada de privilegios locales en los kernels de Ubuntu que superpone ovl_copy_up_meta_inode_data omite comprobaciones de permisos al llamar a ovl_do_setxattr en kernels de Ubuntu It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out... • https://packetstorm.news/files/id/183270 • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-3567 – Kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race
https://notcve.org/view.php?id=CVE-2023-3567
24 Jul 2023 — A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It w... • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-31248 – Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-31248
05 Jul 2023 — Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace Vulnerabilidad de Escalada de Privilegios Locales de Use-After-Free de Linux nftables; 'nft_chain_lookup_byid()' no pudo comprobar si una cadena estaba activa y CAP_NET_ADMIN está en cualquier espacio de nombres de usuario o red A use-after-free flaw was found in the Linux kernel's Netfilter module in net/net... • http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html • CWE-416: Use After Free •