EUVD-2016-2675

Malware in sbrugna...

EUVD-2020-4270

Malware in sbrugna...

Debian dla-3215 : golang-github-snapcore-snapd-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3215 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3215-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DSA-5292-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5292-1 : snapd - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5292 advisory. The Qualys Research Team discovered a race condition in the snapd-confine binary which could result in local privilege escalation. For the stable distribution bullseye, th...

Dystopia - Low To Medium Multithreaded Ubuntu Core Honeypot Coded In Python

Low to medium Ubuntu Core honeypot coded in Python. Features Optional Login Prompt Logs commands used and IP addresses Customize MOTD, Port, Hostname and how many clients can connect at once default is unlimited Save and load config Add support to a plethora of commands Todo Packet Capture Better...

DEBIAN-CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

CVE-2020-11933

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security...

Design/Logic Flaw

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security...

Path traversal

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

CVE-2020-11934

CVE-2020-11934 concerns snapd’s snapctl user-open path where OpenURL() manipulates the XDG_DATA_DIRS environment variable, allowing a malicious snap to influence how host xdg-open opens URLs and potentially run a script within the snap with confinement bypass. The issue did not affect Ubuntu Core...

CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

CVE-2020-11934 Sandbox escape vulnerability via snapctl user-open (xdg-open)

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

CVE-2020-11933 local snapd exploit through cloud-init

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security...

CVE-2020-11933

The CVE-2020-11933 issue affects Ubuntu Core 16/18 when cloud-init is managed by snapd. It describes cloud-init running with no boot-time restrictions, enabling a physical attacker to craft cloud-init user-data/meta-data on external media to perform arbitrary changes and bypass security controls ...

Ubuntu: Security Advisory (USN-4424-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4424-1 snapd vulnerabilities

It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices ran on every boot without restrictions. A physical attacker could exploit this to craft cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intende...

UBUNTU-CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

CVE-2020-11933

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security...