Shodan
Vulnerabilities
Vulnerable Software
Apport Project:  >> Apport  >> 1.17  Security Vulnerabilities
CVE-2022-28656
is_closing_session() allows users to consume RAM in the Apport process
CVSS Score
5.5
EPSS Score
0.0
Published
2024-06-04
CVE-2022-28657
Apport does not disable python crash handler before entering chroot
CVSS Score
7.8
EPSS Score
0.0
Published
2024-06-04
CVE-2022-28658
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
CVSS Score
5.5
EPSS Score
0.001
Published
2024-06-04
CVE-2022-28652
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
CVSS Score
5.5
EPSS Score
0.0
Published
2024-06-04
CVE-2022-28654
is_closing_session() allows users to fill up apport.log
CVSS Score
5.5
EPSS Score
0.0
Published
2024-06-04
CVE-2022-28655
is_closing_session() allows users to create arbitrary tcp dbus connections
CVSS Score
7.1
EPSS Score
0.0
Published
2024-06-04
CVE-2017-14177
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-02-02
CVE-2017-14179
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-02-02
CVE-2017-10708
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.
CVSS Score
7.8
EPSS Score
0.008
Published
2017-07-18
CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
CVSS Score
7.8
EPSS Score
0.163
Published
2016-12-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved