Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
canonical apport vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2016-9950
An issue exists in Apport prior to 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory...
Apport Project Apport
Canonical Ubuntu Linux
1 EDB exploit
1 Github repository
1 Article
7.8
CVSSv3
CVE-2016-9949
An issue exists in Apport prior to 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote malicious users to execute arbitrary Python code.
Apport Project Apport
Canonical Ubuntu Linux
1 EDB exploit
1 Github repository
1 Article
7.5
CVSSv3
CVE-2019-7306
Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu
Byobu Byobu -
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
7.1
CVSSv3
CVE-2021-32557
It exists that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
Canonical Apport
7
CVSSv3
CVE-2020-15702
TOCTOU Race Condition vulnerability in apport allows a local malicious user to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be us...
Canonical Apport 2.20.11-0ubuntu8
Canonical Apport 2.20.11-0ubuntu9
Canonical Apport 2.20.11-0ubuntu10
Canonical Apport 2.20.11-0ubuntu11
Canonical Apport 2.20.11-0ubuntu12
Canonical Apport 2.20.11-0ubuntu13
Canonical Apport 2.20.11-0ubuntu14
Canonical Apport 2.20.11-0ubuntu15
Canonical Apport 2.20.11-0ubuntu16
Canonical Apport 2.20.11-0ubuntu17
Canonical Apport 2.20.11-0ubuntu18
Canonical Apport 2.20.11-0ubuntu19
Canonical Apport 2.20.11-0ubuntu20
Canonical Apport 2.20.11-0ubuntu21
Canonical Apport 2.20.11-0ubuntu22
Canonical Apport 2.20.11-0ubuntu23
Canonical Apport 2.20.11-0ubuntu24
Canonical Apport 2.20.11-0ubuntu25
Canonical Apport 2.20.11-0ubuntu26
Canonical Apport 2.20.11-0ubuntu27
Canonical Apport 2.20.11-0ubuntu27.2
Canonical Apport 2.20.11-0ubuntu27.3
7
CVSSv3
CVE-2015-1325
Race condition in Apport prior to 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, prior to 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, prior to 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and prior to 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to...
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
1 EDB exploit
5.5
CVSSv3
CVE-2021-3709
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions before 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions before 2.20.1-0ubuntu2.30+esm2; 2.20.9 ...
Canonical Apport 2.14.1-0ubuntu1
Canonical Apport 2.14.1-0ubuntu2
Canonical Apport 2.14.1-0ubuntu3.1
Canonical Apport 2.14.1-0ubuntu3.2
Canonical Apport 2.14.1-0ubuntu3.3
Canonical Apport 2.14.1-0ubuntu3.4
Canonical Apport 2.14.1-0ubuntu3.5
Canonical Apport 2.14.1-0ubuntu3.6
Canonical Apport 2.14.1-0ubuntu3.7
Canonical Apport 2.14.1-0ubuntu3.8
Canonical Apport 2.14.1-0ubuntu3.9
Canonical Apport 2.14.1-0ubuntu3.10
Canonical Apport 2.14.1-0ubuntu3.11
Canonical Apport 2.14.1-0ubuntu3.12
Canonical Apport 2.14.1-0ubuntu3.13
Canonical Apport 2.14.1-0ubuntu3.14
Canonical Apport 2.14.1-0ubuntu3.15
Canonical Apport 2.14.1-0ubuntu3.16
Canonical Apport 2.14.1-0ubuntu3.17
Canonical Apport 2.14.1-0ubuntu3.18
Canonical Apport 2.14.1-0ubuntu3.19
Canonical Apport 2.14.1-0ubuntu3.20
5.5
CVSSv3
CVE-2021-3710
An information disclosure via path traversal exists in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions before 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions before 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions before 2.20.9-0ubuntu7.26; 2.20.11 versions ...
Canonical Apport 2.14.1-0ubuntu1
Canonical Apport 2.14.1-0ubuntu2
Canonical Apport 2.14.1-0ubuntu3
Canonical Apport 2.14.1-0ubuntu3.1
Canonical Apport 2.14.1-0ubuntu3.2
Canonical Apport 2.14.1-0ubuntu3.3
Canonical Apport 2.14.1-0ubuntu3.4
Canonical Apport 2.14.1-0ubuntu3.5
Canonical Apport 2.14.1-0ubuntu3.6
Canonical Apport 2.14.1-0ubuntu3.7
Canonical Apport 2.14.1-0ubuntu3.8
Canonical Apport 2.14.1-0ubuntu3.9
Canonical Apport 2.14.1-0ubuntu3.10
Canonical Apport 2.14.1-0ubuntu3.11
Canonical Apport 2.14.1-0ubuntu3.12
Canonical Apport 2.14.1-0ubuntu3.13
Canonical Apport 2.14.1-0ubuntu3.14
Canonical Apport 2.14.1-0ubuntu3.15
Canonical Apport 2.14.1-0ubuntu3.16
Canonical Apport 2.14.1-0ubuntu3.17
Canonical Apport 2.14.1-0ubuntu3.18
Canonical Apport 2.14.1-0ubuntu3.19
5.5
CVSSv3
CVE-2021-32553
It exists that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
Canonical Ubuntu Linux 21.10
Oracle Openjdk 17
5.5
CVSSv3
CVE-2021-32548
It exists that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 20.10
Canonical Ubuntu Linux 21.04
Canonical Ubuntu Linux 21.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »