Apport Project Apport 2.20.7

CPE Details

Apport Project Apport 2.20.7
apport_project
apport
2.20.7
2019-06-05
12h36 +00:00
2019-06-05
12h36 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apport_project:apport:2.20.7:*:*:*:*:*:*:*

Informations

Vendor

apport_project

Product

apport

Version

2.20.7

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-28658 2024-06-04 22h03 +00:00 Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
5.5
Moyen
CVE-2022-28657 2024-06-04 22h02 +00:00 Apport does not disable python crash handler before entering chroot
7.8
Haute
CVE-2022-28656 2024-06-04 21h58 +00:00 is_closing_session() allows users to consume RAM in the Apport process
5.5
Moyen
CVE-2022-28655 2024-06-04 21h56 +00:00 is_closing_session() allows users to create arbitrary tcp dbus connections
7.1
Haute
CVE-2022-28654 2024-06-04 21h54 +00:00 is_closing_session() allows users to fill up apport.log
5.5
Moyen
CVE-2022-28652 2024-06-04 21h38 +00:00 ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
5.5
Moyen
CVE-2018-6552 2018-05-31 22h00 +00:00 Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc// does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc// does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.
7.8
Haute
CVE-2017-14177 2018-02-02 14h00 +00:00 Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
7.8
Haute
CVE-2017-14180 2018-02-02 14h00 +00:00 Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
7.8
Haute