CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4209
https://notcve.org/view.php?id=CVE-2013-4209
01 May 2018 — Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. Automatic Bug Reporting Tool (ABRT) en versiones anteriores a la 2.1.6 permite que usuarios locales obtengan información sensible sobre archivos arbitrarios mediante vectores relacionados con sha1sums. • https://bugzilla.redhat.com/show_bug.cgi?id=991604 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 11%CPEs: 5EXPL: 8CVE-2015-5287 – ABRT - sosreport Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5287
23 Nov 2015 — The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump. El programa de ayuda abrt-hook-ccpp en Automatic Bug Reporting Tool (ABRT) en versiones anteriores a 2.7.1 permite a usuarios locales con ciertos permisos obtener privilegios a través de un ataque de enlace simbólico en ... • https://packetstorm.news/files/id/154592 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 4CVE-2015-5273 – abrt (Centos 7.1 / Fedora 22) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5273
23 Nov 2015 — The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp. El programa de ayuda abrt-action-install-debuginfo-to-abrt-cache en Automatic Bug Reporting Tool (ABRT) en versiones anteriores a 2.7.1 permite a usuarios locales escribir archivos arbitrarios a través de un ataque de un enlace simbólico en unpacked.... • https://packetstorm.news/files/id/134581 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 7.8EPSS: 4%CPEs: 7EXPL: 3CVE-2015-3315 – Abrt (Fedora 21) - Race Condition
https://notcve.org/view.php?id=CVE-2015-3315
10 Jun 2015 — Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm. Automatic Bug Reporting Tool (ABRT) permite a usuarios locales leer, cambiar la propiedad o realizar otras acciones no especificada en archivos arbitrarios mediante symlink attack en (1)... • https://packetstorm.news/files/id/146411 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1869 – abrt: default event scripts follow symbolic links
https://notcve.org/view.php?id=CVE-2015-1869
10 Jun 2015 — The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file. Los scripts de manejo de eventos predeterminados en Automatic Bug Reporting Tool (ABRT), permiten a usuarios locales alcanzar privilegios como es demostrado por un ataque de enlace simbólico en un archivo de var_log_messages. It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links corre... • http://www.openwall.com/lists/oss-security/2015/04/17/5 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1870 – abrt: default abrt event scripts lead to information disclosure
https://notcve.org/view.php?id=CVE-2015-1870
10 Jun 2015 — The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors. Los scripts de eventos en Automatic Bug Reporting Tool (ABRT) usan permisos de lectura en una copia del archivo sosreport en directorios problemáticos, los cuales permiten a los usuarios locales obtener información sensible de /var/log/messages mediante vectores sin ... • http://rhn.redhat.com/errata/RHSA-2015-1083.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3142 – abrt: abrt-hook-ccpp writes core dumps to existing files owned by others
https://notcve.org/view.php?id=CVE-2015-3142
10 Jun 2015 — The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application. El invocador de volcado del procesador del kernel en Automatic Bug Reporting Tool (ABRT) no comprueba correctamente la propiedad de los archivos antes de escribir el volcado del kernel, lo cual permite a los usuar... • http://rhn.redhat.com/errata/RHSA-2015-1083.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2015-3147 – abrt: does not validate contents of uploaded problem reports
https://notcve.org/view.php?id=CVE-2015-3147
10 Jun 2015 — daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. El archivo daemon/abrt-handle-upload.in en Automatic Bug Reporting Tool (ABRT), cuando mueve reportes de problemas desde /var/spool/abrt-upload, permite a usuarios locales escribir en archivos arbitrarios o posiblemente tener otro ... • http://rhn.redhat.com/errata/RHSA-2015-1083.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-283: Unverified Ownership •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3150 – abrt: abrt-dbus does not guard against crafted problem directory path arguments
https://notcve.org/view.php?id=CVE-2015-3150
10 Jun 2015 — abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. abrt-dbus en Automatic Bug Reporting Tool (ABRT), permite a usuarios locales eliminar o cambiar la propiedad de archivos arbitrarios por medio del argumento del directorio problema en el método (1) ChownProblemDir, (2) DeleteElement o (3) DeleteProblem. It was discovered that the... • https://bugzilla.redhat.com/show_bug.cgi?id=1214457 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3151 – abrt: directory traversals in several D-Bus methods implemented by abrt-dbus
https://notcve.org/view.php?id=CVE-2015-3151
10 Jun 2015 — Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method. Una vulnerabilidad de salto de directorio en abrt-dbus en Automatic Bug Reporting Tool (ABRT), permite a usuarios locales leer, escribir o cambiar la propiedad de archivos arbitrarios por medio de vectores no especificados en el método (1) NewP... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •