cbcvebase.

Apport Project Apport vulnerabilities

50 known vulnerabilities affecting apport_project/apport.

Total CVEs
50
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
HIGH24MEDIUM21LOW5

Vulnerabilities

Page 3 of 3
CVE-2019-11482P4MEDIUMCVSS 4.7≥ 0, < 2.14.1-0ubuntu3.29+esm2≥ 0, < 2.20.1-0ubuntu2.20+1 more2019-10-29
CVE-2019-11482 [MEDIUM] CVE-2019-11482: Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitr Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
osv
CVE-2022-28654P4MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28654 [MEDIUM] CWE-770 CVE-2022-28654: is_closing_session() allows users to fill up apport.log is_closing_session() allows users to fill up apport.log
nvdosv
CVE-2022-28656P4MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28656 [MEDIUM] CWE-770 CVE-2022-28656: is_closing_session() allows users to consume RAM in the Apport process is_closing_session() allows users to consume RAM in the Apport process
nvdosv
CVE-2020-15701P4MEDIUMCVSS 5.5≥ 0, < 2.14.1-0ubuntu3.29+esm5≥ 0, < 2.20.1-0ubuntu2.24+2 more2020-05-13
CVE-2020-15701 [MEDIUM] CVE-2020-15701: An unhandled exception in check_ignored() in apport/report An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.
osv
CVE-2022-28652P4MEDIUMCVSS 5.5fixed in 2.21.02024-06-04
CVE-2022-28652 [MEDIUM] CWE-776 CVE-2022-28652: ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
nvdosv
CVE-2019-15790P4LOWCVSS 3.3≥ 0, < 2.14.1-0ubuntu3.29+esm2≥ 0, < 2.20.1-0ubuntu2.20+1 more2019-10-29
CVE-2019-15790 [LOW] CVE-2019-15790: Apport reads and writes information on a crashed process to /proc/pid with elevated privileges Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could
osv
CVE-2021-32556P4LOWCVSS 3.3≥ 0, < 2.14.1-0ubuntu3.29+esm7≥ 0, < 2.20.1-0ubuntu2.30+esm1+2 more2021-05-25
CVE-2021-32556 [LOW] CVE-2021-32556: It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
osv
CVE-2019-11483P4LOWCVSS 3.3≥ 0, < 2.14.1-0ubuntu3.29+esm2≥ 0, < 2.20.1-0ubuntu2.20+1 more2019-10-29
CVE-2019-11483 [LOW] CVE-2019-11483: Sander Bos discovered Apport mishandled crash dumps originating from containers Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.
osv
CVE-2019-11485P4LOWCVSS 3.3≥ 0, < 2.14.1-0ubuntu3.29+esm2≥ 0, < 2.20.1-0ubuntu2.20+1 more2019-10-29
CVE-2019-11485 [LOW] CVE-2019-11485: Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
osv
CVE-2020-11936LOWCVSS 3.1≥ 0, < 2.14.1-0ubuntu3.29+esm52020-09-02
CVE-2020-11936 [LOW] apport vulnerabilities apport vulnerabilities USN-4449-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that Apport incorrectly dropped privileges when making certain D-Bus calls. A local attacker could use this issue to read arbitrary files. (CVE-2020-11936) Seong-Joong Kim discovered that Apport incorrectly pars
osv
Apport Project Apport vulnerabilities | cvebase