CPE-BB6B3D53-AC35-4220-855E-C2DA359A149B Détail

CPE Details

Canonical Snapd 2.60.2

Vendor

canonical

Product

snapd

Version

2.60.2

Created

2023-09-07
12h46 +00:00

Modifié

2023-09-07
12h56 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:canonical:snapd:2.60.2:::::::*

Informations

Vendor

canonical

Product

snapd

Version

2.60.2

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2024-29069	2024-07-25 19h39 +00:00	In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format is a squashfs file-system image and so can contain symbolic links and other file types. Various file entries within the snap squashfs image (such as icons and desktop files etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained symbolic links at these paths could then cause snapd to write out the contents of the symbolic link destination into a world-readable directory. This in-turn could allow an unprivileged user to gain access to privileged information.	7.3	Haute
CVE-2024-29068	2024-07-25 19h28 +00:00	In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs file-system image and so can contain files that are non-regular files (such as pipes or sockets etc). Various file entries within the snap squashfs image (such as icons etc) are directly read by snapd when it is extracted. An attacker who could convince a user to install a malicious snap which contained non-regular files at these paths could then cause snapd to block indefinitely trying to read from such files and cause a denial of service.	6.6	Moyen
CVE-2024-1724	2024-07-25 19h05 +00:00	In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/bin path. In Ubuntu, when this path exists, it is automatically added to the users PATH. An attacker who could convince a user to install a malicious snap which used the 'home' plug could use this vulnerability to install arbitrary scripts into the users PATH which may then be run by the user outside of the expected snap sandbox and hence allow them to escape confinement.	8.2	Haute
CVE-2022-3328	2024-01-08 18h04 +00:00	Race condition in snap-confine's must_mkdir_and_open_with_perms()	7.8	Haute

Canonical Snapd 2.60.2

CPE Details

CPE Name: cpe:2.3:a:canonical:snapd:2.60.2:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:canonical:snapd:2.60.2:::::::*