373 matches found
UBUNTU-CVE-2017-14178
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions...
CVE-2017-14178
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions...
CVE-2017-14178
In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions...
CVE-2017-14178
In snapd 2.27–2.29.2, the snap logs command could be made to invoke journalctl without match arguments, enabling unprivileged, unauthenticated users to bypass systemd-journald access restrictions. Affected component: snapd (logs handling). Root cause: the snap logs path allows journalctl invocati...
ubuntu-image Unauthorized Operation Vulnerability
ubuntu-image is an image package used in Ubuntu systems. A security vulnerability exists in ubuntu-image. A local attacker can exploit this vulnerability to gain access to the cloud-init and snapd directories...
CVE-2017-10600
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...
CVE-2017-10600
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...
UBUNTU-CVE-2017-10600
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...
Design/Logic Flaw
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...
CVE-2017-10600
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...
CVE-2017-10600
ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...
CVE-2017-10600
CVE-2017-10600 affects ubuntu-image 1.0 (before 2017-07-07). When run as non-root, it creates files in the resulting image with the UID of the invoking user, enabling a local attacker who shares that UID to access cloud-init and snapd directories after boot. This is a local vulnerability with pot...
Denial Of Service(DoS)
github.com/snapcore/snapd is vulnerable to denial of service DoS attacks. The vulnerability exists because it does not perform enough sanitization when the interface code that is responsible for sanitization of user-controlled plug/slot definition...