EUVD-2021-33996

Malicious code in bioql PyPI...

CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

CVE-2024-1724

CVE-2024-1724 affects snapd prior to 2.62, where AppArmor sandbox enforcement failed to restrict writes to $HOME/bin. In Ubuntu, this path is added to the user PATH when present, enabling a user-wurnished malicious snap using the home plug to drop scripts into PATH and potentially execute them ou...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass due to failure to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layou...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass due to failure to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layou...

Ubuntu 18.04 LTS / 20.04 LTS : snapd vulnerabilities (USN-5292-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5292-1 advisory. James Troup discovered that snap did not properly manage the permissions for the snap directories. A local attacker could possibly use this...

USN-3713-1 cups vulnerabilities

It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. CVE-2017-18248 Dan...

CVE-2015-1334

attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted 1 AppArmor profile or 2 SELinux label...

openSUSE Security Update : lxc (openSUSE-2015-523)

lxc was updated to fix two security issues. The following vulnerabilities were fixed : - CVE-2015-1331: directory traversal flaw allowing arbitrary file creation as the root user bnc938522 - CVE-2015-1334: AppArmor or SELinux confinement escape via fake /proc bnc938523 %NASLMINLEVEL 70300 C Tenab...