VDB

CVE-2019-7304

CVE-2019-7304 PUBLISHED

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

EPSS 84.56% · 99.3th percentile

Risk Scores

EPSS Score
84.56%
99.3th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSsnapd2.27.5, 2.0.2, 2.0.3
Ubuntu:18.04:LTSsnapd2.28.5+17.10, 2.29.4.1+18.04, 2.29.4.2+18.04
Ubuntu:14.04:LTSsnapd*, 2.22.3~14.04, 2.21~14.04.2

Exploit Intelligence

…and 45 more exploits

Timeline

  • Feb 12, 2019 CVE Published
  • Feb 13, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Dec 19, 2023 EPSS Score
  • Feb 8, 2024 EPSS Score
  • Feb 24, 2024 EPSS Score
  • Mar 12, 2024 EPSS Score
  • May 23, 2024 EPSS Score
  • Jul 5, 2024 EPSS Score
  • Dec 17, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›