VYPR

Apport

by Ubuntu

CVEs (7)

  • CVE-2016-9949HigDec 17, 2016
    risk 0.55cvss 7.8epss 0.18

    An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

  • CVE-2018-6552HigMay 31, 2018
    risk 0.51cvss 7.8epss 0.00

    Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The…

  • CVE-2015-1324HigAug 25, 2017
    risk 0.51cvss 7.8epss 0.00

    Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files…

  • CVE-2015-1325HigAug 25, 2017
    risk 0.49cvss 7.0epss 0.01

    Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write…

  • CVE-2015-1338Oct 1, 2015
    risk 0.03cvss epss 0.01

    kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

  • CVE-2013-1067Oct 25, 2013
    risk 0.00cvss epss 0.00

    Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.

  • CVE-2009-1295Apr 30, 2009
    risk 0.00cvss epss 0.00

    Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.