RSS   Vulnerabilities for 'Snapd'   RSS

2022-02-17
 
CVE-2021-3155

CWE-276
 
 
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1

 
2019-04-24
 
CVE-2019-11503

CWE-59
 
 
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."

 
2019-04-23
 
CVE-2019-7304

CWE-20
 
 
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

 
 
CVE-2019-7303

CWE-264
 
 
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4.

 

 >>> Vendor: Canonical 40 Products
Spread
Ubuntu linux
Ubuntu enterprise cloud
PHP5
Ubuntu software properties
Telepathy-idle
MAAS
Libpam-modules
Update-manager
Accountsservice
Software-properties
Ltsp display manager
Acpi-support
Reportbug
Ubuntu
Lxcfs
Ubuntu core
Ubuntu touch
Ubuntu-core-launcher
LXD
Openstack ironic
JUJU
Ubuntu-image
Bazaar
Screen-resolution-extra
Apparmor
Ubuntu download manager
Snapd
Apt-xapian-index
Metal as a service
Cloud-init
Ubuntu cobbler
Microk8s
C-kernel
Subiquity
Checkinstall
Ubuntu-ui-toolkit
Remote-login-service
Courier-authlib
Multipass

Copyright 2024, cxsecurity.com

 

Back to Top