6 matches found
SUSE CVE-2021-3709
Function checkattachmentforerrors in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to...
CVE-2021-3709
Function checkattachmentforerrors in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to...
CVE-2021-3709
Function checkattachmentforerrors in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to...
CVE-2017-10708
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file...
UBUNTU-CVE-2017-10708
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file...
Immunity Canvas: APPORT_CRASH_HANDLER
Name| apportcrashhandler ---|--- CVE| CVE-2016-9949 Exploit Pack| CANVAS Description| Ubuntu Apport Crash Handler RCE Notes| CVE Name: CVE-2016-9949 Vendor: Ubuntu Notes: This module creates a crafted Apport crash file report that seems to be a simple text file. When the text file is double click...