Lucene search
K

8 matches found

OSV
OSV
added 2025/05/13 11:15 a.m.5 views

CVE-2025-32917

Privilege escalation in jarsignature agent plugin in Checkmk versions 2.4.0b7 beta, 2.3.0p32, 2.2.0p42, and 2.1.0p49 EOL allow user with write access to JAVAHOME/bin directory to escalate privileges...

8.8CVSS7.4AI score
Exploits0References1
OSV
OSV
added 2024/08/06 10:3 p.m.31 views

GO-2024-3007 snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd

snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

8.2CVSS6.7AI score0.00306EPSS
Exploits1References5
Veracode
Veracode
added 2024/08/05 7:43 a.m.16 views

Incorrect Permission Assignment For Critical Resource

github.com/snapcore/snapd is vulnerable to Incorrect Permission Assignment for Critical Resource. The vulnerability is due to the improper restriction of writes to the $HOME/bin path. An attacker can execute arbitrary scripts outside of the expected snap sandbox, potentially allowing them to esca...

8.2CVSS7.2AI score0.00306EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2024/07/25 9:31 p.m.16 views

GHSA-4MH8-9689-38VR snapd failed to restrict writes to the $HOME/bin path

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

6.3CVSS6.9AI score0.00306EPSS
Exploits1References6
OSV
OSV
added 2024/07/25 7:15 p.m.4 views

DEBIAN-CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS7.9AI score0.00306EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.5 views

snapd 安全漏洞

snapd is a cross-platform package management tool open-sourced by snapcore. Enables systems to use .snap files. A security vulnerability exists in snapd versions prior to 2.62 that stems from the inability to restrict writes to the $HOME/bin path when sandboxing permissions is enforced using...

8.2CVSS7.8AI score0.00306EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2024/07/01 12:0 a.m.21 views

CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS7.2AI score0.00306EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.5 views

PT-2024-18253 · Canonical +2 · Snapd +3

Name of the Vulnerable Software and Affected Versions: snapd versions prior to 2.62 Description: The issue arises when using AppArmor for enforcement of sandbox permissions in snapd. It failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to...

8.2CVSS6.9AI score0.00306EPSS
Exploits1References37
Rows per page
Query Builder