| Reporter | Title | Published | Views | Family All 30 |
|---|---|---|---|---|
| snapd < 2.37 (Ubuntu) - dirty_sock Local Privilege Escalation (1) | 13 Feb 201900:00 | – | zdt | |
| snapd < 2.37 (Ubuntu) - dirty_sock Local Privilege Escalation (2) | 13 Feb 201900:00 | – | zdt | |
| Exploit for Incorrect Authorization in Canonical Snapd | 28 Jul 202113:06 | – | githubexploit | |
| Exploit for Incorrect Authorization in Canonical Snapd | 12 Feb 201906:02 | – | githubexploit | |
| Exploit for Incorrect Authorization in Canonical Snapd | 28 Mar 202123:17 | – | githubexploit | |
| The vulnerability of the snapd package management tool, related to deficiencies in access control, allows a perpetrator to increase their privileges. | 26 Feb 201900:00 | – | bdu_fstec | |
| USN-3887-1: snapd vulnerability | Cloud Foundry | 15 Feb 201900:00 | – | cloudfoundry | |
| CVE-2019-7304 | 13 Feb 201910:39 | – | circl | |
| CVE-2019-7304 Local privilege escalation via snapd socket | 23 Apr 201915:57 | – | cvelist | |
| CVE-2019-7304 | 23 Apr 201915:57 | – | debiancve |
[
{
"product": "snapd",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.37.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]| Source | Link |
|---|---|
| exploit-db | www.exploit-db.com/exploits/46361 |
| usn | www.usn.ubuntu.com/3887-1/ |
| exploit-db | www.exploit-db.com/exploits/46362 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| request body | /v2/create-user | POST /v2/create-user vulnerable API used to create a local user after obtaining credentials from Ubuntu SSO. | CWE-863 | |
| username | request body | /v2/create-user | POST /v2/create-user vulnerable API used to create a local user after obtaining credentials from Ubuntu SSO. | CWE-863 |
| public SSH key | request body | /v2/create-user | POST /v2/create-user vulnerable API used to create a local user after obtaining credentials from Ubuntu SSO. | CWE-863 |
| devmode | request body | /v2/snaps | POST /v2/snaps used to sideload a trojan snap that creates a new privileged user. | CWE-863 |
| snap | request body | /v2/snaps | POST /v2/snaps used to sideload a trojan snap that creates a new privileged user. | CWE-863 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation