CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1724 – snapd allows $HOME/bin symlink
https://notcve.org/view.php?id=CVE-2024-1724
In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement. • https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6 https://github.com/snapcore/snapd/pull/13689 https://gld.mcphail.uk/posts/explaining-cve-2024-1724 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6714
https://notcve.org/view.php?id=CVE-2024-6714
An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege. Se descubrió un problema en provd anterior a la versión 0.1.5 con un binario setuid, que permite a un atacante local escalar sus privilegios. • https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574 https://github.com/canonical/ubuntu-desktop-provision/commit/8d9086de0f82894ff27a9e429ff4f45231020092 https://www.cve.org/CVERecord?id=CVE-2024-6714 • CWE-73: External Control of File Name or Path •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41129 – The ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command
https://notcve.org/view.php?id=CVE-2024-41129
The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing `subprocess.CalledProcessError`. This vulnerability is fixed in 2.15.0. La librería ops es un framework de Python para desarrollar y probar Kubernetes y accesos a máquinas. • https://github.com/canonical/operator/commit/fea6d2072435a62170d4c01272572f1a7e916e61 https://github.com/canonical/operator/security/advisories/GHSA-hcmv-jmqh-fjgm • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 44CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anteriores de OpenSSH), luego se llama al controlador SIGALRM de sshd de forma asincrónica. Sin embargo, este controlador de señales llama a varias funciones que no son seguras para señales asíncronas, por ejemplo, syslog(). • https://github.com/l0n3m4n/CVE-2024-6387 https://github.com/thegenetic/CVE-2024-6387-exploit https://github.com/d0rb/CVE-2024-6387 https://github.com/devarshishimpi/CVE-2024-6387-Check https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387 https://github.com/Symbolexe/CVE-2024-6387 https://github.com/xonoxitron/regreSSHion https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit https://github.com/4lxprime/regreSSHive https://github.com/shamo0/CVE-2024-6387_PoC https:&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6388
https://notcve.org/view.php?id=CVE-2024-6388
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext. • https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944 https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24 https://www.cve.org/CVERecord?id=CVE-2024-6388 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •