VYPR

apport-cli

by Canonical

CVEs (29)

  • CVE-2021-25684HigJun 11, 2021
    risk 0.57cvss 8.8epss 0.01

    It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.

  • CVE-2021-25683HigJun 11, 2021
    risk 0.57cvss 8.8epss 0.00

    It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

  • CVE-2021-25682HigJun 11, 2021
    risk 0.57cvss 8.8epss 0.00

    It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.

  • CVE-2021-32555HigJun 12, 2021
    risk 0.47cvss 7.3epss 0.00

    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.

  • CVE-2021-32554HigJun 12, 2021
    risk 0.47cvss 7.3epss 0.00

    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.

  • CVE-2021-32553HigJun 12, 2021
    risk 0.47cvss 7.3epss 0.00

    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.

  • CVE-2021-32552HigJun 12, 2021
    risk 0.47cvss 7.3epss 0.00

    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.

  • CVE-2021-32551HigJun 12, 2021
    risk 0.47cvss 7.3epss 0.00

    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.

  • CVE-2021-32550HigJun 12, 2021
    risk 0.47cvss 7.3epss 0.00

    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.

  • CVE-2021-32549HigJun 12, 2021
    risk 0.47cvss 7.3epss 0.00

    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.

  • CVE-2021-32548HigJun 12, 2021
    risk 0.47cvss 7.3epss 0.00

    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.

  • CVE-2021-32547HigJun 12, 2021
    risk 0.47cvss 7.3epss 0.00

    It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.

  • CVE-2020-15702HigAug 6, 2020
    risk 0.46cvss 7.0epss 0.01

    TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to…

  • CVE-2019-11483HigFeb 8, 2020
    risk 0.46cvss 7.0epss 0.00

    Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.

  • CVE-2019-7307HigAug 29, 2019
    risk 0.46cvss 7.0epss 0.00

    Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to…

  • CVE-2021-3710MedOct 1, 2021
    risk 0.42cvss 6.5epss 0.00

    An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26;…

  • CVE-2021-3709MedOct 1, 2021
    risk 0.42cvss 6.5epss 0.00

    Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2;…

  • CVE-2020-8831MedApr 22, 2020
    risk 0.42cvss 6.5epss 0.01

    Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using…

  • CVE-2020-15701MedAug 6, 2020
    risk 0.36cvss 5.5epss 0.00

    An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in…

  • CVE-2020-8833MedApr 22, 2020
    risk 0.36cvss 5.6epss 0.00

    Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron…

Page 1 of 2