Canonical Snapd
6 CVEs affecting Canonical Snapd. Latest disclosed: 2024-07-25. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-7304 | High | 8.8 | 2019-04-23 | Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects… |
CVE-2020-11933 | High | 7.3 | 2020-07-29 | cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit… |
CVE-2020-11934 | Medium | 5.9 | 2020-07-29 | It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/us… |
CVE-2024-29068 | Medium | 5.8 | 2024-07-25 | In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so ca… |
CVE-2019-7303 | Medium | 5.7 | 2019-04-23 | A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host… |
CVE-2024-29069 | Medium | 4.8 | 2024-07-25 | In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-s… |