Page 5 of 4203 results (0.005 seconds)

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. Un valor predeterminado inseguro para permitir UEFI Shell en EDK2 se dejó habilitado en EDK2 de Ubuntu. Esto permite que un atacante residente en el sistema operativo omita el arranque seguro. • https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html https://nvd.nist.gov/vuln/detail/CVE-2023-48733 https://www.openwall.com/lists/oss-security/2024/02/14/4 •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. Pipewire-pulse en snap de Ubuntu otorga acceso al micrófono incluso cuando la interfaz snap para grabación de audio no está configurada. • https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1995707 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4964 https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/1779 https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567 • CWE-276: Incorrect Default Permissions •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. Una característica en LXD (LP#1829071) afecta la configuración predeterminada de Ubuntu Server que permite a los usuarios privilegiados del grupo lxd escalar su privilegio a root sin requerir una contraseña sudo. • https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536 https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4 https://ubuntu.com/security/CVE-2023-5536 • CWE-276: Incorrect Default Permissions •

CVSS: 6.3EPSS: 0%CPEs: 28EXPL: 0

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ pueden permitir que un dispositivo HID con función periférica no autenticada inicie y establezca una conexión cifrada y acepte informes de teclado HID, lo que potencialmente permite la inyección de mensajes HID cuando no se ha producido ninguna interacción del usuario en la función central para autorizar dicho acceso. Un ejemplo de paquete afectado es bluez 5.64-0ubuntu1 en Ubuntu 22.04LTS. • http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog http://seclists.org/fulldisclosure/2023/Dec/7 http://seclists.org/fulldisclosure/2023/Dec/9 https://bluetooth.com https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 https://github.com/skysafe/reblog/tree/main/cve-2023-45866 https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html https://lists.fedoraproject.org/archives/list/package • CWE-285: Improper Authorization CWE-287: Improper Authentication •

CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service. NVIDIA vGPU Software para Windows y Linux contiene una vulnerabilidad en Virtual GPU Manager (plugin vGPU), donde una desreferencia de puntero NULL puede provocar una denegación de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/5491 • CWE-476: NULL Pointer Dereference •