apport project

Top products

The 15 most recently published vulnerabilities affecting apport project.

• CVE-2022-28658Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing5.5Jun 4, 2024
• CVE-2022-28657Apport does not disable python crash handler before entering chroot7.8Jun 4, 2024
• CVE-2022-28656is_closing_session() allows users to consume RAM in the Apport process5.5Jun 4, 2024
• CVE-2022-28655is_closing_session() allows users to create arbitrary tcp dbus connections7.1Jun 4, 2024
• CVE-2022-28654is_closing_session() allows users to fill up apport.log5.5Jun 4, 2024
• CVE-2022-28652~/.config/apport/settings parsing is vulnerable to "billion laughs" attack5.5Jun 4, 2024
• CVE-2019-15790Apport reads PID files with elevated privileges2.8Apr 27, 2020
• CVE-2020-8833Apport race condition in crash report permissions5.6Apr 22, 2020
• CVE-2020-8831World writable root owned lock file created in user controllable location6.5Apr 22, 2020
• CVE-2019-11485apport created lock file in wrong directory3.3Feb 8, 2020
• CVE-2019-11483Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an un...7.0Feb 8, 2020
• CVE-2019-11482Race condition between reading current working directory and writing a core dump4.2Feb 8, 2020
• CVE-2019-11481Apport reads arbitrary files if ~/.config/apport/settings is a symlink3.8Feb 8, 2020
• CVE-2019-7307Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml7.0Aug 29, 2019
• CVE-2018-6552Apport treats the container PID as the global PID when /proc/<global_pid>/ is missing7.8May 31, 2018