Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apport project apport vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-28657
Apport does not disable python crash handler before entering chroot
Apport Project Apport
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 22.04
Canonical Ubuntu Linux 21.10
7.8
CVSSv3
CVE-2019-11481
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Apport Project Apport -
7.8
CVSSv3
CVE-2018-6552
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_...
Apport Project Apport 2.14.1
Apport Project Apport 2.20.9
Apport Project Apport 2.20.7
Apport Project Apport 2.20.1
7.8
CVSSv3
CVE-2017-14179
Apport prior to 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from conta...
Apport Project Apport
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
7.8
CVSSv3
CVE-2017-14177
Apport up to and including 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vul...
Apport Project Apport
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
7.8
CVSSv3
CVE-2017-14180
Apport 2.13 up to and including 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, ...
Apport Project Apport
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
7.8
CVSSv3
CVE-2017-10708
An issue exists in Apport up to and including 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote malicious users to execute arbitrary code via a cr...
Apport Project Apport
7.8
CVSSv3
CVE-2016-9950
An issue exists in Apport prior to 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory...
Apport Project Apport
Canonical Ubuntu Linux
1 EDB exploit
1 Github repository
1 Article
7.8
CVSSv3
CVE-2016-9949
An issue exists in Apport prior to 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote malicious users to execute arbitrary Python code.
Apport Project Apport
Canonical Ubuntu Linux
1 EDB exploit
1 Github repository
1 Article
7.1
CVSSv3
CVE-2022-28655
is_closing_session() allows users to create arbitrary tcp dbus connections
Apport Project Apport
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 22.04
Canonical Ubuntu Linux 21.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »