Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
canonical apport vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2015-1325
Race condition in Apport prior to 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, prior to 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, prior to 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and prior to 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to...
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
1 EDB exploit
6.1
CVSSv2
CVE-2019-11481
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Apport Project Apport -
5
CVSSv2
CVE-2019-7306
Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu
Byobu Byobu -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
5
CVSSv2
CVE-2012-0950
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote malicious users to read repository credentials by viewing a public bug report...
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
5
CVSSv2
CVE-2012-0949
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote malicious users to read repository credentials by viewing a public bug report.
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
4.9
CVSSv2
CVE-2013-1067
Apport 2.12.5 and previous versions uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.
Canonical Ubuntu Linux 13.04
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
4.7
CVSSv2
CVE-2021-3710
An information disclosure via path traversal exists in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions before 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions before 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions before 2.20.9-0ubuntu7.26; 2.20.11 versions ...
Canonical Apport 2.14.1-0ubuntu1
Canonical Apport 2.14.1-0ubuntu2
Canonical Apport 2.14.1-0ubuntu3
Canonical Apport 2.14.1-0ubuntu3.1
Canonical Apport 2.14.1-0ubuntu3.2
Canonical Apport 2.14.1-0ubuntu3.3
Canonical Apport 2.14.1-0ubuntu3.4
Canonical Apport 2.14.1-0ubuntu3.5
Canonical Apport 2.14.1-0ubuntu3.6
Canonical Apport 2.14.1-0ubuntu3.7
Canonical Apport 2.14.1-0ubuntu3.8
Canonical Apport 2.14.1-0ubuntu3.9
Canonical Apport 2.14.1-0ubuntu3.10
Canonical Apport 2.14.1-0ubuntu3.11
Canonical Apport 2.14.1-0ubuntu3.12
Canonical Apport 2.14.1-0ubuntu3.13
Canonical Apport 2.14.1-0ubuntu3.14
Canonical Apport 2.14.1-0ubuntu3.15
Canonical Apport 2.14.1-0ubuntu3.16
Canonical Apport 2.14.1-0ubuntu3.17
Canonical Apport 2.14.1-0ubuntu3.18
Canonical Apport 2.14.1-0ubuntu3.19
4.6
CVSSv2
CVE-2021-25684
It exists that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
Canonical Apport
4.4
CVSSv2
CVE-2020-15702
TOCTOU Race Condition vulnerability in apport allows a local malicious user to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be us...
Canonical Apport 2.20.11-0ubuntu8
Canonical Apport 2.20.11-0ubuntu9
Canonical Apport 2.20.11-0ubuntu10
Canonical Apport 2.20.11-0ubuntu11
Canonical Apport 2.20.11-0ubuntu12
Canonical Apport 2.20.11-0ubuntu13
Canonical Apport 2.20.11-0ubuntu14
Canonical Apport 2.20.11-0ubuntu15
Canonical Apport 2.20.11-0ubuntu16
Canonical Apport 2.20.11-0ubuntu17
Canonical Apport 2.20.11-0ubuntu18
Canonical Apport 2.20.11-0ubuntu19
Canonical Apport 2.20.11-0ubuntu20
Canonical Apport 2.20.11-0ubuntu21
Canonical Apport 2.20.11-0ubuntu22
Canonical Apport 2.20.11-0ubuntu23
Canonical Apport 2.20.11-0ubuntu24
Canonical Apport 2.20.11-0ubuntu25
Canonical Apport 2.20.11-0ubuntu26
Canonical Apport 2.20.11-0ubuntu27
Canonical Apport 2.20.11-0ubuntu27.2
Canonical Apport 2.20.11-0ubuntu27.3
3.6
CVSSv2
CVE-2021-32557
It exists that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
Canonical Apport
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »