25 matches found
CVE-2020-11934
It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : snapd vulnerabilities (USN-4424-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4424-1 advisory. It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices ran on every boot without...
Ubuntu: Security Advisory (USN-4424-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4424-1: snapd vulnerabilities
It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices ran on every boot without restrictions. A physical attacker could exploit this to craft cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intende...
CVE-2020-11934
It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...