Lucene search
K

18 matches found

UbuntuCve
UbuntuCve
added 2022/11/30 12:0 a.m.43 views

CVE-2022-3328

Race condition in snap-confine's mustmkdirandopenwithperms...

7.8CVSS7.2AI score0.00384EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2022/05/20 11:0 p.m.107 views

CVE-2021-44731

A race condition vulnerability in the snap-confine component setupprivatemount of snapd was found by Qualys. This flaw could lead to local privilege escalation from any user to root...

7.8CVSS3.3AI score0.00966EPSS
Exploits4References2
ALT Linux
ALT Linux
added 2022/04/26 12:0 a.m.68 views

Security fix for the ALT Linux 10 package snapd version 2.54.3-alt1

2.54.3-alt1 built April 26, 2022 Andrey Cherepanov in task 299035 --- Feb. 20, 2022 Alexey Shabalin - 2.54.3 Fixes: CVE-2021-44730, CVE-2021-44731, CVE-2021-4120...

6.9CVSS3AI score0.00966EPSS
Exploits5
Ubuntu
Ubuntu
added 2022/02/24 1:23 p.m.126 views

USN-5292-4: snapd regression

USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for...

7.5AI score
Exploits0References2
OSV
OSV
added 2022/02/24 1:23 p.m.10 views

USN-5292-4 snapd regression

USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced a regression that could break the fish shell. This update fixes the problem. We apologize for the inconvenience. Original advisory details: James Troup discovered that snap did not properly manage the permissions for...

6.1AI score
Exploits0References3
hivepro
hivepro
added 2022/02/21 4:34 a.m.56 views

Privilege Escalation Vulnerability in Snap Package Manager puts Linux users at risk

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here A privilege escalation vulnerability has been identified in Canonical Snap software package manager that affects the Linux-based operating systems. Successful exploitation of this issue might allow an attacker to escalate...

6.9CVSS1.9AI score0.00966EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2022/02/21 12:0 a.m.37 views

Debian DSA-5080-1 : snapd - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5080 advisory. - snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause...

8.8CVSS8.7AI score0.00966EPSS
Exploits4References8
OpenVAS
OpenVAS
added 2022/02/19 12:0 a.m.22 views

Ubuntu: Security Advisory (USN-5292-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.3AI score0.00966EPSS
Exploits5References2
Debian
Debian
added 2022/02/18 7:3 p.m.52 views

[SECURITY] [DSA 5080-1] snapd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5080-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2022 https://www.debian.org/security/faq -...

8.8CVSS9AI score0.00966EPSS
Exploits4
The Hacker News
The Hacker News
added 2022/02/18 8:37 a.m.80 views

New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager

Multiple security vulnerabilities have been disclosed in Canonical's Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating syste...

8.8CVSS1.5AI score0.01561EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2022/02/18 12:0 a.m.39 views

Ubuntu 16.04 ESM : snapd vulnerabilities (USN-5292-3)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5292-3 advisory. USN-5292-1 fixed several vulnerabilities in snapd. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

8.8CVSS7.2AI score0.00966EPSS
Exploits5References5
OSV
OSV
added 2022/02/17 11:15 p.m.32 views

CVE-2021-44731

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitra...

7.8CVSS8.9AI score
Exploits0References10
Circl
Circl
added 2022/02/17 8:21 p.m.7 views

CVE-2021-44731

creationtimestamp| type| source ---|---|--- 2022-02-17 20:21:50+00:00| seen| https://t.me/ctinow/47175 2022-02-18 11:01:34+00:00| seen| https://t.me/ctinow/47201 2022-02-18 15:40:49+00:00| seen| https://t.me/habrcomnews/3647...

7.8CVSS8.1AI score0.00966EPSS
Exploits4References3
Ubuntu
Ubuntu
added 2022/02/17 5:24 p.m.123 views

USN-5292-1: snapd vulnerabilities

James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this issue to expose sensitive information. CVE-2021-3155 Ian Johnson discovered that snapd did not properly validate content interfaces and layout paths. A local...

8.8CVSS7.4AI score0.00966EPSS
Exploits5
UbuntuCve
UbuntuCve
added 2022/02/17 5:0 p.m.48 views

CVE-2021-44731

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitra...

7.8CVSS7.3AI score0.00966EPSS
Exploits4References6
CVE
CVE
added 2022/02/17 12:0 a.m.232 views

CVE-2021-44731

CVE-2021-44731 describes a race condition in the snapd ecosystem: the snap-confine binary could be induced to execute arbitrary code when preparing a private mount namespace for a snap, enabling a local attacker to escalate to root. Public details show a local-privilege-escalation path via bind-m...

7.8CVSS8.5AI score0.00966EPSS
Exploits4References10Affected Software1
Cvelist
Cvelist
added 2022/02/17 12:0 a.m.32 views

CVE-2021-44731 snapd could be made to escalate privileges and run programs as administrator

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitra...

7.8CVSS8.6AI score0.00966EPSS
Exploits4References10
Debian CVE
Debian CVE
added 2022/02/17 12:0 a.m.55 views

CVE-2021-44731

A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitra...

7.8CVSS8.2AI score0.00966EPSS
Exploits4
Rows per page
Query Builder