Apport Project Apport 2.20.10

CPE Details

Apport Project Apport 2.20.10
apport_project
apport
2.20.10
2019-09-04
13h06 +00:00
2021-04-26
10h46 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apport_project:apport:2.20.10:*:*:*:*:*:*:*

Informations

Vendor

apport_project

Product

apport

Version

2.20.10

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-28658 2024-06-04 22h03 +00:00 Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
5.5
Moyen
CVE-2022-28657 2024-06-04 22h02 +00:00 Apport does not disable python crash handler before entering chroot
7.8
Haute
CVE-2022-28656 2024-06-04 21h58 +00:00 is_closing_session() allows users to consume RAM in the Apport process
5.5
Moyen
CVE-2022-28655 2024-06-04 21h56 +00:00 is_closing_session() allows users to create arbitrary tcp dbus connections
7.1
Haute
CVE-2022-28654 2024-06-04 21h54 +00:00 is_closing_session() allows users to fill up apport.log
5.5
Moyen
CVE-2022-28652 2024-06-04 21h38 +00:00 ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
5.5
Moyen
CVE-2019-7307 2019-08-29 14h40 +00:00 Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
7
Haute