Page 3 of 4203 results (0.007 seconds)

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service. • https://github.com/snapcore/snapd/commit/b66fee81606a1c05f965a876ccbaf44174194063 https://github.com/snapcore/snapd/pull/13682 • CWE-20: Improper Input Validation •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement. • https://github.com/snapcore/snapd/commit/aa191f97713de8dc3ce3ac818539f0b976eb8ef6 https://github.com/snapcore/snapd/pull/13689 https://gld.mcphail.uk/posts/explaining-cve-2024-1724 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in provd before version 0.1.5 with a setuid binary, which allows a local attacker to escalate their privilege. Se descubrió un problema en provd anterior a la versión 0.1.5 con un binario setuid, que permite a un atacante local escalar sus privilegios. • https://bugs.launchpad.net/ubuntu/+source/provd/+bug/2071574 https://github.com/canonical/ubuntu-desktop-provision/commit/8d9086de0f82894ff27a9e429ff4f45231020092 https://www.cve.org/CVERecord?id=CVE-2024-6714 • CWE-73: External Control of File Name or Path •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing `subprocess.CalledProcessError`. This vulnerability is fixed in 2.15.0. La librería ops es un framework de Python para desarrollar y probar Kubernetes y accesos a máquinas. • https://github.com/canonical/operator/commit/fea6d2072435a62170d4c01272572f1a7e916e61 https://github.com/canonical/operator/security/advisories/GHSA-hcmv-jmqh-fjgm • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 44

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anteriores de OpenSSH), luego se llama al controlador SIGALRM de sshd de forma asincrónica. Sin embargo, este controlador de señales llama a varias funciones que no son seguras para señales asíncronas, por ejemplo, syslog(). • https://github.com/l0n3m4n/CVE-2024-6387 https://github.com/thegenetic/CVE-2024-6387-exploit https://github.com/d0rb/CVE-2024-6387 https://github.com/devarshishimpi/CVE-2024-6387-Check https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387 https://github.com/Symbolexe/CVE-2024-6387 https://github.com/xonoxitron/regreSSHion https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit https://github.com/4lxprime/regreSSHive https://github.com/shamo0/CVE-2024-6387_PoC https:&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •