Lucene search
K

373 matches found

OSV
OSV
added 2018/02/02 2:29 p.m.39 views

UBUNTU-CVE-2017-14178

In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions...

7.5CVSS7.1AI score0.01791EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/02/02 2:0 p.m.28 views

CVE-2017-14178

In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions...

7.7AI score0.01791EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/02/02 2:0 p.m.53 views

CVE-2017-14178

In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions...

7.5CVSS7.7AI score0.01791EPSS
Exploits0
CVE
CVE
added 2018/02/02 2:0 p.m.50 views

CVE-2017-14178

In snapd 2.27–2.29.2, the snap logs command could be made to invoke journalctl without match arguments, enabling unprivileged, unauthenticated users to bypass systemd-journald access restrictions. Affected component: snapd (logs handling). Root cause: the snap logs path allows journalctl invocati...

7.5CVSS7.6AI score0.01791EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/07/17 12:0 a.m.4 views

ubuntu-image Unauthorized Operation Vulnerability

ubuntu-image is an image package used in Ubuntu systems. A security vulnerability exists in ubuntu-image. A local attacker can exploit this vulnerability to gain access to the cloud-init and snapd directories...

5.9CVSS5.9AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2017/07/11 5:29 p.m.6 views

CVE-2017-10600

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...

5.9CVSS5.8AI score0.00286EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/07/11 5:29 p.m.38 views

CVE-2017-10600

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...

5.9CVSS6.2AI score0.00286EPSS
Exploits0References3
OSV
OSV
added 2017/07/11 5:29 p.m.5 views

UBUNTU-CVE-2017-10600

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...

5.9CVSS6.2AI score0.00286EPSS
Exploits0References4
Prion
Prion
added 2017/07/11 5:29 p.m.19 views

Design/Logic Flaw

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...

4.6CVSS5.5AI score0.00286EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/07/11 5:29 p.m.19 views

CVE-2017-10600

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...

5.9CVSS5.6AI score0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/07/11 5:0 p.m.29 views

CVE-2017-10600

ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the same uid as the image creator has unintended access to cloud-init and snapd directories...

5.6AI score0.00286EPSS
Exploits0References1
CVE
CVE
added 2017/07/11 5:0 p.m.63 views

CVE-2017-10600

CVE-2017-10600 affects ubuntu-image 1.0 (before 2017-07-07). When run as non-root, it creates files in the resulting image with the UID of the invoking user, enabling a local attacker who shares that UID to access cloud-init and snapd directories after boot. This is a local vulnerability with pot...

5.9CVSS5.6AI score0.00286EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/05/08 9:37 a.m.9 views

Denial Of Service(DoS)

github.com/snapcore/snapd is vulnerable to denial of service DoS attacks. The vulnerability exists because it does not perform enough sanitization when the interface code that is responsible for sanitization of user-controlled plug/slot definition...

6.6AI score
Exploits0
Rows per page
Query Builder