8 matches found
CVE-2020-11934
creationtimestamp| type| source ---|---|--- 2020-07-29 20:55:26+00:00| seen| https://t.me/cibsecurity/13739 2026-07-08 11:11:39+00:00| seen| https://gist.github.com/julian-klode/eb0381c1cb2cec713ba78d7462ad6167...
CVE-2020-11934
It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...
CVE-2020-11934
It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...
CVE-2020-11934
CVE-2020-11934 concerns snapd’s snapctl user-open path where OpenURL() manipulates the XDG_DATA_DIRS environment variable, allowing a malicious snap to influence how host xdg-open opens URLs and potentially run a script within the snap with confinement bypass. The issue did not affect Ubuntu Core...
Fedora 31 : snapd (2020-ccb155ea2c)
Update to v2.45.2 to fix CVE-2020-11933 and CVE-2020-11934 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora 32 : snapd (2020-7685deba9b)
Update to v2.45.2 to fix CVE-2020-11933 and CVE-2020-11934 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Ubuntu: Security Advisory (USN-4424-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-11934
It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...