{"vulnerability": "CVE-2024-2906", "sightings": [{"uuid": "48f7f282-14f8-4e22-954a-0dba62c2493a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29069", "type": "seen", "source": "https://t.me/cvedetector/1649", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-29069 - Snapd Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-29069 \nPublished : July 25, 2024, 8:15 p.m. | 28\u00a0minutes ago \nDescription : In snapd versions prior to 2.62, snapd failed to properly check the  \ndestination of symbolic links when extracting a snap. The snap format   \nis a squashfs file-system image and so can contain symbolic links and  \nother file types. Various file entries within the snap squashfs image  \n(such as icons and desktop files etc) are directly read by snapd when  \nit is extracted. An attacker who could convince a user to install a  \nmalicious snap which contained symbolic links at these paths could then   \ncause snapd to write out the contents of the symbolic link destination  \ninto a world-readable directory. This in-turn could allow an unprivileged  \nuser to gain access to privileged information. \nSeverity: 4.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-25T22:46:21.000000Z"}, {"uuid": "65723624-9e3a-4650-8b84-189607b2a9c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29068", "type": "seen", "source": "https://t.me/cvedetector/1647", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-29068 - Snapd Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-29068 \nPublished : July 25, 2024, 8:15 p.m. | 28\u00a0minutes ago \nDescription : In snapd versions prior to 2.62, snapd failed to properly check the file  \ntype when extracting a snap. The snap format is a squashfs file-system  \nimage and so can contain files that are non-regular files (such as pipes   \nor sockets etc). Various file entries within the snap squashfs image  \n(such as icons etc) are directly read by snapd when it is extracted. An   \nattacker who could convince a user to install a malicious snap which  \ncontained non-regular files at these paths could then cause snapd to block  \nindefinitely trying to read from such files and cause a denial of service. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-25T22:46:19.000000Z"}, {"uuid": "f1d206ab-05c5-4422-88b9-23f4a450b45f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-29063", "type": "seen", "source": "https://t.me/arpsyndicate/4496", "content": "#ExploitObserverAlert\n\nCVE-2024-29063\n\nDESCRIPTION: Exploit Observer has 2 entries in 1 file formats related to CVE-2024-29063. Azure AI Search Information Disclosure Vulnerability\n\nFIRST-EPSS: 0.000430000\nNVD-IS: 5.5\nNVD-ES: 1.8", "creation_timestamp": "2024-04-11T09:48:37.000000Z"}]}