CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5536
https://notcve.org/view.php?id=CVE-2023-5536
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. Una característica en LXD (LP#1829071) afecta la configuración predeterminada de Ubuntu Server que permite a los usuarios privilegiados del grupo lxd escalar su privilegio a root sin requerir una contraseña sudo. • https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536 https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4 https://ubuntu.com/security/CVE-2023-5536 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3492 – Ubuntu linux kernel shiftfs file system double free vulnerability
https://notcve.org/view.php?id=CVE-2021-3492
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. Shiftfs, un sistema de archivos de apilamiento fuera del árbol incluido en los kernels de Ubuntu Linux, no manejaba apropiadamente los fallos que ocurrían durante la función copy_from_user(). • https://github.com/synacktiv/CVE-2021-3492 http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333 https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6 https://ubuntu.com/security/notices/USN-4917-1 https://www.openwall.com/lists/oss-security/2021/04/16/2 https:&#x • CWE-401: Missing Release of Memory after Effective Lifetime CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 14CVE-2021-3493 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-3493
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. La implementación de overlayfs en el kernel de Linux no comprobó apropiadamente con respecto a los espacios de nombre de los usuarios, la configuración de las capacidades de los archivos en un sistema de archivos subyacente. Debido a la combinación de los espacios de nombre de usuarios no privilegiados junto con un parche incluido en el kernel de Ubuntu para permitir montajes de superposición no privilegiados, un atacante podría usar esto para alcanzar privilegios elevados The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation. • https://github.com/briskets/CVE-2021-3493 https://github.com/inspiringz/CVE-2021-3493 https://github.com/oneoy/CVE-2021-3493 https://github.com/cerodah/overlayFS-CVE-2021-3493 https://github.com/derek-turing/CVE-2021-3493 https://github.com/puckiestyle/CVE-2021-3493 https://github.com/smallkill/CVE-2021-3493 https://github.com/Abdennour-py/CVE-2021-3493 https://github.com/fei9747/CVE-2021-3493 https://github.com/ptkhai15/OverlayFS---CVE-2021-3493 https://git • CWE-270: Privilege Context Switching Error CWE-863: Incorrect Authorization •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2CVE-2016-9949 – Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
https://notcve.org/view.php?id=CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. En apport/ui.py, Apport lee el campo CashDB y después evalúa el campo como código Python si comienza con un "{". • https://www.exploit-db.com/exploits/40937 http://www.securityfocus.com/bid/95011 http://www.ubuntu.com/usn/USN-3157-1 https://bugs.launchpad.net/apport/+bug/1648806 https://donncha.is/2016/12/compromising-ubuntu-desktop https://github.com/DonnchaC/ubuntu-apport-exploitation • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2CVE-2016-9950 – Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
https://notcve.org/view.php?id=CVE-2016-9950
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. • https://www.exploit-db.com/exploits/40937 http://www.securityfocus.com/bid/95011 http://www.ubuntu.com/usn/USN-3157-1 https://bugs.launchpad.net/apport/+bug/1648806 https://donncha.is/2016/12/compromising-ubuntu-desktop https://github.com/DonnchaC/ubuntu-apport-exploitation • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •