7 matches found
CVE-2023-1326
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privi...
CVE-2021-32557
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
CVE-2021-32556
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
CVE-2021-25684
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
CVE-2021-25682
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
CVE-2021-25683
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
CVE-2015-1341
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.