Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

canonical snapd vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv3
CVE-2019-11502
snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory....
Canonical Snapd
5.5
CVSSv3
CVE-2021-3155
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1...
Canonical SnapdCanonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04Canonical Ubuntu Linux 21.10
7.5
CVSSv3
CVE-2019-11503
snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."...
Canonical Snapd
7.5
CVSSv3
CVE-2019-7303
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel...
Canonical SnapdCanonical Ubuntu Linux 14.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.10
7.8
CVSSv3
CVE-2021-4120
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in...
Canonical SnapdCanonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04Canonical Ubuntu Linux 21.10Fedoraproject Fedora 34Fedoraproject Fedora 35
6.8
CVSSv3
CVE-2020-11933
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass...
Canonical SnapdCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 19.10Canonical Ubuntu Linux 20.04
9.8
CVSSv3
CVE-2019-7304
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1....
Canonical SnapdCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 14.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10
8.8
CVSSv3
CVE-2021-44730
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04,...
Canonical SnapdCanonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04Canonical Ubuntu Linux 21.10Fedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 10.0Debian Debian Linux 11.0
7.8
CVSSv3
CVE-2021-44731
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing...
Canonical SnapdCanonical Ubuntu Linux 18.04Canonical Ubuntu Linux 20.04Canonical Ubuntu Linux 21.10Fedoraproject Fedora 34Fedoraproject Fedora 35Debian Debian Linux 10.0Debian Debian Linux 11.0
5.9
CVSSv3
CVE-2020-11934
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious...
Canonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 19.10Canonical Ubuntu Linux 20.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-25675CVE-2023-21072physicalCVE-2023-28446encryptionCVE-2023-21076server-side request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook