github.com/snapcore/snapd (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/snapcore/snapd, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2024-5138 — CVSS 8.1 (high): The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of…
CVE-2024-1724 — CVSS 6.3 (medium): In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the…
CVE-2024-29068 — CVSS 5.8 (medium): In snapd versions prior to 2.62, snapd failed to properly check the file type when extracting a snap. The snap format is a squashfs…
CVE-2024-29069 — CVSS 4.8 (medium): In snapd versions prior to 2.62, snapd failed to properly check the destination of symbolic links when extracting a snap. The snap format…