4203 results (0.004 seconds)

CVSS: 4.0EPSS: %CPEs: 1EXPL: 0

Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected. • https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822 https://www.cve.org/CVERecord?id=CVE-2024-11586 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. • https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2 https://www.cve.org/CVERecord?id=CVE-2024-9312 • CWE-286: Incorrect User Management •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. El módulo PAM de Authd anterior a la versión 0.3.5 puede permitir que los usuarios administrados por el broker se hagan pasar por cualquier otro usuario administrado por el mismo broker y realicen cualquier operación PAM con él, incluida la autenticación como ellos. • https://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787 https://www.cve.org/CVERecord?id=CVE-2024-9313 •

CVSS: 7.9EPSS: 0%CPEs: 5EXPL: 0

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This enables denial of service attacks. • https://github.com/juju/juju/security/advisories/GHSA-xwgj-vpm9-q2rq https://www.cve.org/CVERecord?id=CVE-2024-8038 • CWE-420: Unprotected Alternate Channel •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. • https://github.com/juju/juju/security/advisories/GHSA-8v4w-f4r9-7h6x https://www.cve.org/CVERecord?id=CVE-2024-8037 • CWE-276: Incorrect Default Permissions •