23 results (0.023 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. • https://github.com/diego-tella/CVE-2023-1326-PoC https://github.com/cve-2024/CVE-2023-1326-PoC https://github.com/Pol-Ruiz/CVE-2023-1326 https://github.com/N3rdyN3xus/CVE-2023-1326 https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb https://ubuntu.com/security/notices/USN-6018-1 • CWE-269: Improper Privilege Management •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

is_closing_session() allows users to consume RAM in the Apport process is_closing_session() permite a los usuarios consumir RAM en el proceso de Apport • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28656 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

Apport does not disable python crash handler before entering chroot Apport no desactiva el controlador de fallos de Python antes de ingresar a chroot • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28657 • CWE-400: Uncontrolled Resource Consumption •

CVSS: -EPSS: 0%CPEs: 1EXPL: 0

Apport can be tricked into connecting to arbitrary sockets as the root user Se puede engañar a Apport para que se conecte a sockets arbitrarios como usuario root • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-1242 •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. Existe una condición de ejecución en la detección de 'ejecutable reemplazado' que, con la configuración local correcta, permite a un atacante ejecutar código arbitrario como root. • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376 https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2021-3899 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •