Shodan
Vulnerabilities
Vulnerable Software
Canonical:  Security Vulnerabilities
CVE-2021-32557
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
CVSS Score
5.2
EPSS Score
0.001
Published
2021-06-12
CVE-2021-32548
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
CVSS Score
7.3
EPSS Score
0.0
Published
2021-06-12
CVE-2021-32549
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
CVSS Score
7.3
EPSS Score
0.0
Published
2021-06-12
CVE-2021-32550
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
CVSS Score
7.3
EPSS Score
0.0
Published
2021-06-12
CVE-2021-32551
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.
CVSS Score
7.3
EPSS Score
0.0
Published
2021-06-12
CVE-2021-32547
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
CVSS Score
7.3
EPSS Score
0.0
Published
2021-06-12
CVE-2021-25682
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-06-11
CVE-2021-25683
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-06-11
CVE-2021-25684
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-06-11
CVE-2021-3489
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1).
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved