CVE-2016-9950
- EPSS 2.36%
- Veröffentlicht 17.12.2016 03:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-...
CVE-2016-9949
- EPSS 9.74%
- Veröffentlicht 17.12.2016 03:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
CVE-2015-1338
- EPSS 0.38%
- Veröffentlicht 01.10.2015 20:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
CVE-2015-1318
- EPSS 26.7%
- Veröffentlicht 17.04.2015 17:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).