CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28653
https://notcve.org/view.php?id=CVE-2022-28653
31 Jan 2025 — Users can consume unlimited disk space in /var/crash • https://www.cve.org/CVERecord?id=CVE-2022-28653 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1242 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-1242
17 May 2022 — Apport can be tricked into connecting to arbitrary sockets as the root user Se puede engañar a Apport para que se conecte a sockets arbitrarios como usuario root Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly us... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 1CVE-2021-3899 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2021-3899
17 May 2022 — There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. Existe una condición de ejecución en la detección de 'ejecutable reemplazado' que, con la configuración local correcta, permite a un atacante ejecutar código arbitrario como root. Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to e... • https://github.com/liumuqing/CVE-2021-3899_PoC • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11936 – Canonical Ubuntu apport Unnecessary Privileges Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-11936
05 Aug 2020 — gdbus setgid privilege escalation This vulnerability allows local attackers to disclose sensitive information on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the apport package. The issue results from the use of unnecessary privileges. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code... • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1885633 •