CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1736 – Ubuntu Security Notice USN-5430-1
https://notcve.org/view.php?id=CVE-2022-1736
19 May 2022 — Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default. It was discovered that GNOME Settings incorrectly handled the remote desktop sharing configuration. When turning off desktop sharing, it may be turned on again after rebooting, contrary to expectations. • https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1242 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-1242
17 May 2022 — Apport can be tricked into connecting to arbitrary sockets as the root user Se puede engañar a Apport para que se conecte a sockets arbitrarios como usuario root Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly us... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 1CVE-2021-3899 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2021-3899
17 May 2022 — There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. Existe una condición de ejecución en la detección de 'ejecutable reemplazado' que, con la configuración local correcta, permite a un atacante ejecutar código arbitrario como root. Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to e... • https://github.com/liumuqing/CVE-2021-3899_PoC • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27352 – Ubuntu Security Notice USN-4728-1
https://notcve.org/view.php?id=CVE-2020-27352
10 Feb 2021 — When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended. Al generar las unidades de servicio systemd para el complemento de Docker (y otros complementos simi... • https://bugs.launchpad.net/snapd/+bug/1910456 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11936 – Canonical Ubuntu apport Unnecessary Privileges Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-11936
05 Aug 2020 — gdbus setgid privilege escalation This vulnerability allows local attackers to disclose sensitive information on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the apport package. The issue results from the use of unnecessary privileges. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code... • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1885633 •