Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32557 | 1 Canonical | 1 Apport | 2021-06-23 | 3.6 LOW | 7.1 HIGH |
| It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. | |||||
| CVE-2021-25683 | 1 Canonical | 1 Apport | 2021-06-22 | 7.2 HIGH | 7.8 HIGH |
| It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. | |||||
| CVE-2021-25682 | 1 Canonical | 1 Apport | 2021-06-22 | 7.2 HIGH | 7.8 HIGH |
| It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. | |||||
| CVE-2021-25684 | 1 Canonical | 1 Apport | 2021-06-22 | 4.6 MEDIUM | 7.8 HIGH |
| It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. | |||||
| CVE-2020-15702 | 1 Canonical | 2 Apport, Ubuntu Linux | 2020-09-14 | 4.4 MEDIUM | 7.0 HIGH |
| TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234. | |||||
| CVE-2015-1341 | 1 Canonical | 2 Apport, Ubuntu Linux | 2019-05-07 | 7.2 HIGH | 7.8 HIGH |
| Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. | |||||