Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 52 results


CVE-2021-32549

Medium priority
Fixed

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.

1 affected packages

apport

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apport Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-32548

Medium priority
Fixed

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.

1 affected packages

apport

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apport Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-32547

Medium priority
Fixed

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.

1 affected packages

apport

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apport Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-25684

Medium priority
Fixed

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.

1 affected packages

apport

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apport Fixed Fixed Fixed
Show less packages

CVE-2021-25683

Medium priority
Fixed

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

1 affected packages

apport

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apport Fixed Fixed Fixed
Show less packages

CVE-2021-25682

Medium priority
Fixed

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.

1 affected packages

apport

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apport Fixed Fixed Fixed
Show less packages

CVE-2020-15702

Medium priority

Some fixes available 4 of 5

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID...

1 affected packages

apport

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apport Fixed Fixed Fixed
Show less packages

CVE-2020-11936

Medium priority

Some fixes available 4 of 5

gdbus setgid privilege escalation

1 affected packages

apport

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apport Fixed Fixed Fixed
Show less packages

CVE-2020-15701

Medium priority

Some fixes available 4 of 5

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled...

1 affected packages

apport

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apport Fixed Fixed Fixed
Show less packages

CVE-2020-8833

Medium priority
Fixed

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the...

1 affected packages

apport

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apport Fixed Fixed Fixed
Show less packages