Apport@* Security Vulnerabilities and Issues — Apport@* CVE List

Lucene search

Apport ProjectApport*

14 matches found

CVE•added 2024/06/04 10:15 p.m.•193 views

CVE-2022-28652

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

5.5CVSS6.6AI score0.00043EPSS

CVE•added 2017/07/18 8:29 p.m.•110 views

CVE-2017-10708

An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.

7.8CVSS7.8AI score0.00777EPSS

CVE•added 2015/10/01 8:59 p.m.•79 views

CVE-2015-1338

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

7.2CVSS6.7AI score0.00379EPSS

CVE•added 2024/06/04 10:15 p.m.•67 views

CVE-2022-28658

Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing

5.5CVSS6.6AI score0.00055EPSS

CVE•added 2016/12/17 3:59 a.m.•64 views

CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

9.3CVSS7.7AI score0.16283EPSS

CVE•added 2018/02/02 2:29 p.m.•60 views

CVE-2017-14177

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an...

7.8CVSS7.6AI score0.00109EPSS

CVE•added 2016/12/17 3:59 a.m.•57 views

CVE-2016-9951

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in RespawnCommand or ProcCmdline fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Re...

6.5CVSS6.6AI score0.09955EPSS

CVE•added 2024/06/04 10:15 p.m.•55 views

CVE-2022-28655

is_closing_session() allows users to create arbitrary tcp dbus connections

7.1CVSS6.6AI score0.00053EPSS

CVE•added 2016/12/17 3:59 a.m.•54 views

CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this pa...

9.3CVSS7.6AI score0.02361EPSS

CVE•added 2018/02/02 2:29 p.m.•50 views

CVE-2017-14180

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than ...

7.8CVSS7.5AI score0.00052EPSS

CVE•added 2018/02/02 2:29 p.m.•45 views

CVE-2017-14179

Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.

7.8CVSS7.5AI score0.00034EPSS

CVE•added 2024/06/04 10:15 p.m.•45 views

CVE-2022-28656

is_closing_session() allows users to consume RAM in the Apport process

5.5CVSS6.5AI score0.00038EPSS

CVE•added 2024/06/04 10:15 p.m.•45 views

CVE-2022-28657

Apport does not disable python crash handler before entering chroot

7.8CVSS6.6AI score0.00054EPSS

CVE•added 2024/06/04 10:15 p.m.•38 views

CVE-2022-28654

is_closing_session() allows users to fill up apport.log

5.5CVSS6.5AI score0.00044EPSS