Vulnerabilities > Apport Project

DATE CVE VULNERABILITY TITLE RISK
2020-02-08 CVE-2019-11483 Sander Bos discovered Apport mishandled crash dumps originating from containers.
local
low complexity
apport-project canonical
3.3
2020-02-08 CVE-2019-11482 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
local
high complexity
canonical apport-project CWE-367
4.7
2020-02-08 CVE-2019-11481 Link Following vulnerability in multiple products
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges.
local
low complexity
canonical apport-project CWE-59
7.8
2019-08-29 CVE-2019-7307 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apport Project Apport
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report.
local
high complexity
apport-project CWE-367
7.0
2018-05-31 CVE-2018-6552 Unspecified vulnerability in Apport Project Apport
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
local
low complexity
apport-project
7.8
2018-02-02 CVE-2017-14180 Resource Exhaustion vulnerability in multiple products
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
local
low complexity
apport-project canonical CWE-400
7.8
2018-02-02 CVE-2017-14179 Resource Exhaustion vulnerability in multiple products
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
local
low complexity
apport-project canonical CWE-400
7.8
2018-02-02 CVE-2017-14177 Resource Exhaustion vulnerability in multiple products
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges.
local
low complexity
apport-project canonical CWE-400
7.8
2017-07-18 CVE-2017-10708 Path Traversal vulnerability in Apport Project Apport
An issue was discovered in Apport through 2.20.x.
local
low complexity
apport-project CWE-22
7.8
2016-12-17 CVE-2016-9951 Improper Access Control vulnerability in Apport Project Apport
An issue was discovered in Apport before 2.20.4.
network
low complexity
apport-project CWE-284
6.5