Known Vulnerabilities for Snapd by Canonical
Listed below are 10 of the newest known vulnerabilities associated with "Snapd" by "Canonical".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-1523 json | Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which co... | 10 - CRITICAL | 2023-09-01 | 2023-09-08 |
| CVE-2022-3328 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7 - HIGH | 2024-01-08 | 2024-01-12 |
| CVE-2021-44731 json | A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This co... | 7.8 - HIGH | 2022-02-17 | 2023-11-07 |
| CVE-2021-44730 json | snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary... | 8.8 - HIGH | 2022-02-17 | 2023-11-07 |
| CVE-2021-4120 json | snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for ... | 7.8 - HIGH | 2022-02-17 | 2023-11-07 |
| CVE-2021-3155 json | snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This ... | 5.5 - MEDIUM | 2022-02-17 | 2022-02-25 |
| CVE-2020-11933 json | cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which... | 6.8 - MEDIUM | 2020-07-29 | 2021-11-04 |
| CVE-2019-11503 json | snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current ... | 7.5 - HIGH | 2019-04-24 | 2023-11-07 |
| CVE-2019-11502 json | snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling... | 7.5 - HIGH | 2019-04-24 | 2019-05-02 |
| CVE-2019-7304 json | Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary co... | 9.8 - CRITICAL | 2019-04-23 | 2022-11-30 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Canonical | Snapd | 2.39 | |||
| Application | Canonical | Snapd | 2.38 | |||
| Application | Canonical | Snapd | 2.37.4 | |||
| Application | Canonical | Snapd | 2.37.3 | |||
| Application | Canonical | Snapd | 2.37.2 | |||
| Application | Canonical | Snapd | 2.37.1 | |||
| Application | Canonical | Snapd | 2.37 | |||
| Application | Canonical | Snapd | 2.36.3 | |||
| Application | Canonical | Snapd | 2.36.2 | |||
| Application | Canonical | Snapd | 2.36.1 | |||
| Application | Canonical | Snapd | 2.36 | |||
| Application | Canonical | Snapd | 2.35.5 | |||
| Application | Canonical | Snapd | 2.35.4 | |||
| Application | Canonical | Snapd | 2.35.3 | |||
| Application | Canonical | Snapd | 2.35.2 | |||
| Application | Canonical | Snapd | 2.35.1 | |||
| Application | Canonical | Snapd | 2.35 | |||
| Application | Canonical | Snapd | 2.34.3 | |||
| Application | Canonical | Snapd | 2.34.2 | |||
| Application | Canonical | Snapd | 2.34.1 |