cbcvebase.
CVE-2020-11936
published 2020-08-04

CVE-2020-11936: Title: Apport vulnerabilities Summary: Several security issues were fixed in Apport. Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered…

low3.1CVSS 3.1
AVNACHPRLUINSUCLINAN
EPSS
0.34%
25.5th percentile
Title: Apport vulnerabilities Summary: Several security issues were fixed in Apport. Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. (CVE-2020-11936) Seong-Joong Kim discovered that Apport incorrectly parsed configuration files. A local attacker could use this issue to cause Apport to crash, resulting in a denial of service. (CVE-2020-15701) Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly implemented certain checks. A local attacker could use this issue to escalate privileges and run arbitrary code. (CVE-2020-15702) Instructions: In general, a standard system update will make all the necessary changes.

Affected

4 ranges
VendorProductVersion rangeFixed in
apport_projectapport>= 0 < 2.20.1-0ubuntu2.242.20.1-0ubuntu2.24
apport_projectapport>= 0 < 2.20.9-0ubuntu7.162.20.9-0ubuntu7.16
apport_projectapport>= 0 < 2.20.11-0ubuntu27.62.20.11-0ubuntu27.6
apport_projectapport>= 0 < 2.14.1-0ubuntu3.29+esm52.14.1-0ubuntu3.29+esm5

CVSS provenance

nvdv3.13.1LOWCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
osv3.1LOW
vendor_ubuntu3.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.