Vulnerabilities > Apport Project > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2022-28655 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to create arbitrary tcp dbus connections
local
low complexity
apport-project canonical CWE-770
7.1
2024-06-04 CVE-2022-28657 Apport does not disable python crash handler before entering chroot
local
low complexity
apport-project canonical
7.8
2020-02-08 CVE-2019-11481 Link Following vulnerability in multiple products
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges.
local
low complexity
canonical apport-project CWE-59
7.8
2019-08-29 CVE-2019-7307 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apport Project Apport
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report.
local
high complexity
apport-project CWE-367
7.0
2018-05-31 CVE-2018-6552 Unspecified vulnerability in Apport Project Apport
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
local
low complexity
apport-project canonical
7.2
2018-02-02 CVE-2017-14180 Resource Exhaustion vulnerability in multiple products
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
local
low complexity
apport-project canonical CWE-400
7.2
2018-02-02 CVE-2017-14179 Resource Exhaustion vulnerability in multiple products
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
local
low complexity
apport-project canonical CWE-400
7.2
2018-02-02 CVE-2017-14177 Resource Exhaustion vulnerability in multiple products
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges.
local
low complexity
apport-project canonical CWE-400
7.2
2015-10-01 CVE-2015-1338 Link Following vulnerability in multiple products
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
local
low complexity
apport-project canonical CWE-59
7.2
2015-04-17 CVE-2015-1318 Permissions, Privileges, and Access Controls vulnerability in Apport Project Apport
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
local
low complexity
apport-project CWE-264
7.2