Apport Security Vulnerabilities and Issues — Apport CVE List

Lucene search

Apport ProjectApport

3 matches found

CVE•added 2016/12/17 3:59 a.m.•66 views

CVE-2016-9949

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

9.3CVSS7.7AI score0.16283EPSS

CVE•added 2016/12/17 3:59 a.m.•57 views

CVE-2016-9951

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in RespawnCommand or ProcCmdline fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Re...

6.5CVSS6.6AI score0.09955EPSS

CVE•added 2016/12/17 3:59 a.m.•56 views

CVE-2016-9950

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this pa...

9.3CVSS7.6AI score0.02361EPSS