Lucene search
K

373 matches found

NVD
NVD
added 2024/07/25 8:15 p.m.49 views

CVE-2024-29068

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files such as pipes or sockets etc. Various file entries within the snap squashfs image such as icons...

6.6CVSS0.00212EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/07/25 8:0 p.m.20 views

CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS7AI score0.00306EPSS
Exploits1References6
CVE
CVE
added 2024/07/25 7:39 p.m.77 views

CVE-2024-29069

In CVE-2024-29069, snapd versions prior to 2.62 fail to validate the destination of symbolic links when extracting a snap from a squashfs image. This can allow a malicious snap to cause snapd to write the linked destination’s contents into a world-readable directory, enabling an unprivileged user...

7.3CVSS5.1AI score0.00228EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/07/25 7:39 p.m.20 views

CVE-2024-29069 snapd will follow archived symlinks when unpacking a filesystem

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image such as icons and...

4.8CVSS7.1AI score0.00228EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/25 7:39 p.m.30 views

CVE-2024-29069 snapd will follow archived symlinks when unpacking a filesystem

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image such as icons and...

4.8CVSS6.8AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/25 7:39 p.m.37 views

CVE-2024-29069 snapd will follow archived symlinks when unpacking a filesystem

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image such as icons and...

4.8CVSS0.00228EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/07/25 7:39 p.m.15 views

CVE-2024-29069

In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image such as icons and...

7.3CVSS5.4AI score0.00228EPSS
Exploits0
OSV
OSV
added 2024/07/25 7:28 p.m.16 views

CVE-2024-29068 snapd non-regular file indefinite blocking read

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files such as pipes or sockets etc. Various file entries within the snap squashfs image such as icons...

5.8CVSS6.7AI score0.00212EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/25 7:28 p.m.25 views

CVE-2024-29068 snapd non-regular file indefinite blocking read

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files such as pipes or sockets etc. Various file entries within the snap squashfs image such as icons...

5.8CVSS6.9AI score0.00212EPSS
Exploits0References2
CVE
CVE
added 2024/07/25 7:28 p.m.73 views

CVE-2024-29068

In snapd

6.6CVSS5.5AI score0.00212EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/07/25 7:28 p.m.30 views

CVE-2024-29068 snapd non-regular file indefinite blocking read

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files such as pipes or sockets etc. Various file entries within the snap squashfs image such as icons...

5.8CVSS0.00212EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/07/25 7:28 p.m.39 views

CVE-2024-29068

In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files such as pipes or sockets etc. Various file entries within the snap squashfs image such as icons...

6.6CVSS5.3AI score0.00212EPSS
Exploits0
OSV
OSV
added 2024/07/25 7:15 p.m.4 views

DEBIAN-CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS7.9AI score0.00306EPSS
Exploits1References1
NVD
NVD
added 2024/07/25 7:15 p.m.49 views

CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS0.00306EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/07/25 7:5 p.m.24 views

CVE-2024-1724 snapd allows $HOME/bin symlink

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

6.3CVSS7.2AI score0.00306EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/07/25 7:5 p.m.58 views

CVE-2024-1724 snapd allows $HOME/bin symlink

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

6.3CVSS0.00306EPSS
Exploits1References3
OSV
OSV
added 2024/07/25 7:5 p.m.31 views

CVE-2024-1724 snapd allows $HOME/bin symlink

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

6.3CVSS7.3AI score0.00306EPSS
Exploits1References6
CVE
CVE
added 2024/07/25 7:5 p.m.89 views

CVE-2024-1724

CVE-2024-1724 affects snapd prior to 2.62, where AppArmor sandbox enforcement failed to restrict writes to $HOME/bin. In Ubuntu, this path is added to the user PATH when present, enabling a user-wurnished malicious snap using the home plug to drop scripts into PATH and potentially execute them ou...

8.2CVSS6.5AI score0.00306EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2024/07/25 7:5 p.m.14 views

CVE-2024-1724

In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap whic...

8.2CVSS7.9AI score0.00306EPSS
Exploits1
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.6 views

snapd 安全漏洞

snapd is a cross-platform package management tool open-sourced by snapcore. Enables systems to use .snap files. A security vulnerability exists in snapd versions prior to 2.62 that stems from the inability to restrict writes to the $HOME/bin path when sandboxing permissions is enforced using...

8.2CVSS7.8AI score0.00306EPSS
Exploits1References5
Rows per page
Query Builder