Vulnerabilities (CVE)

Filtered by vendor Canonical Subscribe
Filtered by product Apport
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3710 1 Canonical 2 Apport, Ubuntu Linux 2021-10-08 4.7 MEDIUM 5.5 MEDIUM
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
CVE-2021-3709 1 Canonical 2 Apport, Ubuntu Linux 2021-10-08 2.1 LOW 5.5 MEDIUM
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
CVE-2021-32557 1 Canonical 1 Apport 2021-06-23 3.6 LOW 7.1 HIGH
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
CVE-2021-32556 1 Canonical 1 Apport 2021-06-23 2.1 LOW 3.3 LOW
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
CVE-2021-25682 1 Canonical 1 Apport 2021-06-22 7.2 HIGH 7.8 HIGH
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
CVE-2021-25683 1 Canonical 1 Apport 2021-06-22 7.2 HIGH 7.8 HIGH
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
CVE-2021-25684 1 Canonical 1 Apport 2021-06-22 4.6 MEDIUM 7.8 HIGH
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
CVE-2020-15702 1 Canonical 2 Apport, Ubuntu Linux 2020-09-14 4.4 MEDIUM 7.0 HIGH
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
CVE-2020-15701 1 Canonical 2 Apport, Ubuntu Linux 2020-09-14 2.1 LOW 5.5 MEDIUM
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.
CVE-2015-1341 1 Canonical 2 Apport, Ubuntu Linux 2019-05-07 7.2 HIGH 7.8 HIGH
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.