Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apport project apport - vulnerabilities and exploits
(subscribe to this query)
543
VMScore
CVE-2019-11481
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Apport Project Apport -
187
VMScore
CVE-2019-11483
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local malicious user to generate a crash report for a privileged process that is readable by an unprivileged user.
Apport Project Apport -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
187
VMScore
CVE-2019-11485
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
Apport Project Apport -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
392
VMScore
CVE-2019-7307
Apport prior to 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local malicious user to replace this file with a symlink to any...
Apport Project Apport 2.14.1
Apport Project Apport 2.20.1
Apport Project Apport 2.20.9
Apport Project Apport 2.20.10
642
VMScore
CVE-2018-6552
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_...
Apport Project Apport 2.14.1
Apport Project Apport 2.20.9
Apport Project Apport 2.20.7
Apport Project Apport 2.20.1
700
VMScore
CVE-2015-1862
The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment.
Abrt Project Abrt
2 EDB exploits
641
VMScore
CVE-2017-14180
Apport 2.13 up to and including 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, ...
Apport Project Apport
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
641
VMScore
CVE-2017-14177
Apport up to and including 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vul...
Apport Project Apport
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
641
VMScore
CVE-2017-14179
Apport prior to 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from conta...
Apport Project Apport
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
605
VMScore
CVE-2017-10708
An issue exists in Apport up to and including 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote malicious users to execute arbitrary code via a cr...
Apport Project Apport
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »