CPE Details
Apport Project Apport 2.20.6
2.20.6
2020-03-03
15h28 +00:00
15h28 +00:00
2020-03-03
15h28 +00:00
15h28 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:apport_project:apport:2.20.6:*:*:*:*:*:*:*
Informations
Vendor
apport_projectProduct
apportVersion
2.20.6Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | 5.5 |
Moyen |
||
| Apport does not disable python crash handler before entering chroot | 7.8 |
Haute |
||
| is_closing_session() allows users to consume RAM in the Apport process | 5.5 |
Moyen |
||
| is_closing_session() allows users to create arbitrary tcp dbus connections | 7.1 |
Haute |
||
| is_closing_session() allows users to fill up apport.log | 5.5 |
Moyen |
||
| ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | 5.5 |
Moyen |
||
| Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. | 7.8 |
Haute |
||
| Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. | 7.8 |
Haute |
||
| An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file. | 7.8 |
Haute |
2025©
tesweb SA
