Snapcore
Products
2- 6 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-4120 | 0.00 | — | 0.00 | Feb 17, 2022 | snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in… | |||
| CVE-2021-44730 | 0.00 | — | 0.00 | Feb 17, 2022 | snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04,… | |||
| CVE-2020-11933 | 0.00 | — | 0.00 | Jul 29, 2020 | cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass… | |||
| CVE-2019-11503 | 0.00 | — | 0.02 | Apr 24, 2019 | snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass." | |||
| CVE-2019-11502 | 0.00 | — | 0.02 | Apr 24, 2019 | snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory. | |||
| CVE-2016-1587 | 0.00 | — | 0.01 | Apr 22, 2019 | The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package,… | |||
| CVE-2017-14178 | Hig | 0.00 | 7.5 | 0.02 | Feb 2, 2018 | In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions. |
- CVE-2021-4120Feb 17, 2022risk 0.00cvss —epss 0.00
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in…
- CVE-2021-44730Feb 17, 2022risk 0.00cvss —epss 0.00
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04,…
- CVE-2020-11933Jul 29, 2020risk 0.00cvss —epss 0.00
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass…
- CVE-2019-11503Apr 24, 2019risk 0.00cvss —epss 0.02
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."
- CVE-2019-11502Apr 24, 2019risk 0.00cvss —epss 0.02
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.
- CVE-2016-1587Apr 22, 2019risk 0.00cvss —epss 0.01
The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package,…
- risk 0.00cvss 7.5epss 0.02
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.