Search CVE reports
1 – 10 of 52 results
CVE-2023-1326
Medium priorityA privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager,...
1 affected package
apport
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apport | — | Fixed | Fixed | Fixed | Not affected |
CVE-2022-28658
Medium prioritySome fixes available 10 of 11
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
1 affected package
apport
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apport | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2022-28657
Medium prioritySome fixes available 10 of 11
Apport does not disable python crash handler before entering chroot
1 affected package
apport
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apport | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2022-28656
Low prioritySome fixes available 10 of 11
is_closing_session() allows users to consume RAM in the Apport process
1 affected package
apport
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apport | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2022-28655
Medium prioritySome fixes available 10 of 11
is_closing_session() allows users to create arbitrary tcp dbus connections
1 affected package
apport
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apport | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2022-28654
Medium prioritySome fixes available 10 of 11
is_closing_session() allows users to fill up apport.log
1 affected package
apport
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apport | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2022-28653
Low priorityUsers can consume unlimited disk space in /var/crash
1 affected package
apport
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apport | Ignored | Ignored | Ignored | Ignored | Ignored |
CVE-2022-28652
Medium prioritySome fixes available 10 of 11
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
1 affected package
apport
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apport | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2022-1242
Medium prioritySome fixes available 10 of 11
Apport can be tricked into connecting to arbitrary sockets as the root user
1 affected package
apport
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apport | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2021-3899
Medium prioritySome fixes available 10 of 12
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
1 affected package
apport
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apport | Fixed | Fixed | Fixed | Fixed | Fixed |