22 matches found
EUVD-2020-0181
Malware in sbrugna...
Canonical Snapcraft Packages Installed (Linux)
Binary data canonicalsnapcraftpackagesnixinstalled.nbin...
Arbitrary Code Execution
snapcraft is vulnerable to Arbitrary Code Execution. The vulnerability is due to including the current directory in LDLIBRARYPATH under certain conditions, allowing a malicious snap to execute code within the context of another snap if both have access to the home interface or similar...
Security update for opera (important)
openSUSE Security Update: Security update for opera Announcement ID: openSUSE-SU-2022:10057-1 Rating: important References: Cross-References: CVE-2022-2007 CVE-2022-2008 CVE-2022-2010 CVE-2022-2011 CVE-2022-2294 Affected Products: openSUSE Leap 15.3:NonFree openSUSE Leap 15.4:NonFree An update th...
GHSA-QXM5-VX5J-PP6W snapcraft Access Restriction Bypass
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...
snapcraft Access Restriction Bypass
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...
NinjaDroid - Ninja Reverse Engineering On Android APK Packages
NinjaDroid is a simple tool to reverse engineering Android APK packages. Published at: https://snapcraft.io/ninjadroid $ snap install ninjadroid --channel=beta Overview NinjaDroid uses AXMLParser together with a series of Python scripts based on aapt, keytool, string and such to extract a series ...
Internet Bug Bounty: Canonical Snapcraft vulnerable to remote code execution under certain conditions
Preface: I apologize for previously submitting this bug to hacker1 before it was fully addressed by the Ubuntu Security Team I have reported this issue to the Ubuntu Security team and it has been fixed: CVE-2020-27348 Bug link: https://bugs.launchpad.net/snapcraft/+bug/1901572 Ubuntu Security Tea...
CVE-2020-27348
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...
PYSEC-2020-109
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...
PYSEC-2020-109
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...
Design/Logic Flaw
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...
CVE-2020-27348
The CVE-2020-27348 issue is concrete: snapcraft builds can set LD_LIBRARY_PATH to include the current directory, enabling a malicious snap to execute code inside the context of another snap when both use the home interface. Affected are snapcraft before 4.4.4 and before 2.43.1+16.04.1/2.43.1+18.0...
CVE-2020-27348 snapcraft may build snaps with incorrect LD_LIBRARY_PATH
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...
Ubuntu: Security Advisory (USN-4661-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS : Snapcraft vulnerability (USN-4661-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4661-1 advisory. It was discovered that Snapcraft includes the current directory when configuring LDLIBRARYPATH for application commands. If a user were tricked into...
USN-4661-1: Snapcraft vulnerability
It was discovered that Snapcraft includes the current directory when configuring LDLIBRARYPATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode sna...
USN-4661-1 snapcraft vulnerability
It was discovered that Snapcraft includes the current directory when configuring LDLIBRARYPATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode sna...
CVE-2020-27348
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...
UBUNTU-CVE-2020-27348
In some conditions, a snap package built by snapcraft includes the current directory in LDLIBRARYPATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to...