Search criteria
80 vulnerabilities found for Apport by Canonical
FKIE_CVE-2025-5054
Vulnerability from fkie_nvd - Published: 2025-05-30 18:15 - Updated: 2025-11-03 20:19
Severity ?
Summary
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.
When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://ubuntu.com/security/CVE-2025-5054 | Third Party Advisory | |
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-7545-1 | Third Party Advisory | |
| security@ubuntu.com | https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt | Exploit, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Jun/9 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | apport | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 22.04 | |
| canonical | ubuntu_linux | 24.04 | |
| canonical | ubuntu_linux | 24.10 | |
| canonical | ubuntu_linux | 25.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2661E14-5C57-45A4-98B9-3ACBECBD57B9",
"versionEndIncluding": "2.32.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:24.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "BF90B5A4-6E55-4369-B9D4-E7A061E797D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:24.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DE07EF30-B50E-4054-9918-50EFA416073B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:25.04:*:*:*:*:*:*:*",
"matchCriteriaId": "E1AE2209-6CBC-4189-89ED-DA0FF100D77D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.\n\n\n\n\nWhen handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1)."
},
{
"lang": "es",
"value": "La condici\u00f3n de ejecuci\u00f3n en Canonical Apport (hasta la versi\u00f3n 2.32.0 incluida) permite a un atacante local filtrar informaci\u00f3n confidencial mediante la reutilizaci\u00f3n de PID aprovechando los espacios de nombres. Al gestionar un fallo, la funci\u00f3n `_check_global_pid_and_forward`, que detecta si el proceso causante del fallo reside en un contenedor, se invocaba antes que `consistency_checks`, que intenta detectar si el proceso causante del fallo ha sido reemplazado. Por ello, si un proceso falla y se reemplaza r\u00e1pidamente por uno contenedorizado, se pod\u00eda ejecutar `apport` para reenviar el volcado de memoria al contenedor, lo que podr\u00eda filtrar informaci\u00f3n confidencial. `consistency_checks` ahora se invoca antes que `_check_global_pid_and_forward`. Adem\u00e1s, dado que la condici\u00f3n de ejecuci\u00f3n de reutilizaci\u00f3n de PID no se puede detectar de forma fiable solo desde el espacio de usuario, los fallos solo se reenv\u00edan a los contenedores si el n\u00facleo proporcion\u00f3 un pidfd o si el proceso causante del fallo no ten\u00eda privilegios (es decir, si el modo de volcado es 1)."
}
],
"id": "CVE-2025-5054",
"lastModified": "2025-11-03T20:19:15.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "security@ubuntu.com",
"type": "Secondary"
}
]
},
"published": "2025-05-30T18:15:32.670",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/CVE-2025-5054"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-7545-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Jun/9"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-11936
Vulnerability from fkie_nvd - Published: 2025-01-31 02:15 - Updated: 2025-08-26 17:49
Severity ?
Summary
gdbus setgid privilege escalation
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1885633 | Exploit, Issue Tracking | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2020-11936 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | apport | 2.20.1-0ubuntu1 | |
| canonical | apport | 2.20.1-0ubuntu2 | |
| canonical | apport | 2.20.1-0ubuntu2.1 | |
| canonical | apport | 2.20.1-0ubuntu2.2 | |
| canonical | apport | 2.20.1-0ubuntu2.4 | |
| canonical | apport | 2.20.1-0ubuntu2.5 | |
| canonical | apport | 2.20.1-0ubuntu2.6 | |
| canonical | apport | 2.20.1-0ubuntu2.7 | |
| canonical | apport | 2.20.1-0ubuntu2.8 | |
| canonical | apport | 2.20.1-0ubuntu2.9 | |
| canonical | apport | 2.20.1-0ubuntu2.10 | |
| canonical | apport | 2.20.1-0ubuntu2.12 | |
| canonical | apport | 2.20.1-0ubuntu2.13 | |
| canonical | apport | 2.20.1-0ubuntu2.14 | |
| canonical | apport | 2.20.1-0ubuntu2.15 | |
| canonical | apport | 2.20.1-0ubuntu2.16 | |
| canonical | apport | 2.20.1-0ubuntu2.17 | |
| canonical | apport | 2.20.1-0ubuntu2.18 | |
| canonical | apport | 2.20.1-0ubuntu2.19 | |
| canonical | apport | 2.20.1-0ubuntu2.20 | |
| canonical | apport | 2.20.1-0ubuntu2.21 | |
| canonical | apport | 2.20.1-0ubuntu2.22 | |
| canonical | apport | 2.20.1-0ubuntu2.23 | |
| canonical | apport | 2.20.9-0ubuntu1 | |
| canonical | apport | 2.20.9-0ubuntu2 | |
| canonical | apport | 2.20.9-0ubuntu3 | |
| canonical | apport | 2.20.9-0ubuntu4 | |
| canonical | apport | 2.20.9-0ubuntu5 | |
| canonical | apport | 2.20.9-0ubuntu6 | |
| canonical | apport | 2.20.9-0ubuntu7 | |
| canonical | apport | 2.20.9-0ubuntu7.1 | |
| canonical | apport | 2.20.9-0ubuntu7.2 | |
| canonical | apport | 2.20.9-0ubuntu7.3 | |
| canonical | apport | 2.20.9-0ubuntu7.4 | |
| canonical | apport | 2.20.9-0ubuntu7.5 | |
| canonical | apport | 2.20.9-0ubuntu7.6 | |
| canonical | apport | 2.20.9-0ubuntu7.7 | |
| canonical | apport | 2.20.9-0ubuntu7.8 | |
| canonical | apport | 2.20.9-0ubuntu7.9 | |
| canonical | apport | 2.20.9-0ubuntu7.10 | |
| canonical | apport | 2.20.9-0ubuntu7.11 | |
| canonical | apport | 2.20.9-0ubuntu7.12 | |
| canonical | apport | 2.20.9-0ubuntu7.13 | |
| canonical | apport | 2.20.9-0ubuntu7.14 | |
| canonical | apport | 2.20.9-0ubuntu7.15 | |
| canonical | apport | 2.20.11-0ubuntu8 | |
| canonical | apport | 2.20.11-0ubuntu9 | |
| canonical | apport | 2.20.11-0ubuntu10 | |
| canonical | apport | 2.20.11-0ubuntu11 | |
| canonical | apport | 2.20.11-0ubuntu12 | |
| canonical | apport | 2.20.11-0ubuntu13 | |
| canonical | apport | 2.20.11-0ubuntu14 | |
| canonical | apport | 2.20.11-0ubuntu15 | |
| canonical | apport | 2.20.11-0ubuntu16 | |
| canonical | apport | 2.20.11-0ubuntu17 | |
| canonical | apport | 2.20.11-0ubuntu18 | |
| canonical | apport | 2.20.11-0ubuntu19 | |
| canonical | apport | 2.20.11-0ubuntu20 | |
| canonical | apport | 2.20.11-0ubuntu21 | |
| canonical | apport | 2.20.11-0ubuntu22 | |
| canonical | apport | 2.20.11-0ubuntu23 | |
| canonical | apport | 2.20.11-0ubuntu24 | |
| canonical | apport | 2.20.11-0ubuntu25 | |
| canonical | apport | 2.20.11-0ubuntu26 | |
| canonical | apport | 2.20.11-0ubuntu27 | |
| canonical | apport | 2.20.11-0ubuntu27.2 | |
| canonical | apport | 2.20.11-0ubuntu27.3 | |
| canonical | apport | 2.20.11-0ubuntu27.4 | |
| canonical | apport | 2.20.11-0ubuntu27.5 | |
| canonical | apport | 2.20.11-0ubuntu27.7 | |
| canonical | apport | 2.20.11-0ubuntu27.8 | |
| canonical | apport | 2.20.11-0ubuntu27.9 | |
| canonical | apport | 2.20.11-0ubuntu27.10 | |
| canonical | apport | 2.20.11-0ubuntu27.11 | |
| canonical | apport | 2.20.11-0ubuntu27.12 | |
| canonical | apport | 2.20.11-0ubuntu27.13 | |
| canonical | apport | 2.20.11-0ubuntu27.14 | |
| canonical | apport | 2.20.11-0ubuntu27.16 | |
| canonical | apport | 2.20.11-0ubuntu27.17 | |
| canonical | apport | 2.20.11-0ubuntu27.18 | |
| canonical | apport | 2.20.11-0ubuntu27.19 | |
| canonical | apport | 2.20.11-0ubuntu27.20 | |
| canonical | apport | 2.20.11-0ubuntu28 | |
| canonical | apport | 2.20.11-0ubuntu29 | |
| canonical | apport | 2.20.11-0ubuntu30 | |
| canonical | apport | 2.20.11-0ubuntu31 | |
| canonical | apport | 2.20.11-0ubuntu32 | |
| canonical | apport | 2.20.11-0ubuntu33 | |
| canonical | apport | 2.20.11-0ubuntu34 | |
| canonical | apport | 2.20.11-0ubuntu35 | |
| canonical | apport | 2.20.11-0ubuntu36 | |
| canonical | apport | 2.20.11-0ubuntu37 | |
| canonical | apport | 2.20.11-0ubuntu38 | |
| canonical | apport | 2.20.11-0ubuntu39 | |
| canonical | apport | 2.20.11-0ubuntu40 | |
| canonical | apport | 2.20.11-0ubuntu41 | |
| canonical | apport | 2.20.11-0ubuntu42 | |
| canonical | apport | 2.20.11-0ubuntu43 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu1:*:*:*:*:*:*:*",
"matchCriteriaId": "46F1A838-4379-4CC4-BEAD-EC9C793B4E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA3903E-EA8B-4B78-B5CF-42C4AA6626C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCDD843-C743-41E4-8743-62C6149B7BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59FA4F13-3CF6-412B-846F-AE7D57B5FAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF1FE3C-DCF6-475F-BFFB-D445B960CA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AEEADF-89B1-465A-ACCE-61B8F64BD8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBB7136-7802-4DB5-84AF-C75CBFFA5A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "404DDAC7-952E-43FF-8EEB-FA1FC1A503A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "63388BC6-4EE0-41E3-BC4F-A43B0C56494E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7D54FC7A-CD2A-4904-A059-48A8E94954A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "88F73732-BEA3-45D3-ABEE-51B45C1511E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B53A64B3-7522-4B05-BA0C-BD0F429362B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5AF908-B66A-48AD-912D-CBD02A1878A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1672BA-3685-4B75-BB46-9BB181EC4959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "58BB5513-D96B-4AE1-911F-40E561341859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "542F64D1-EB92-41B3-A1E3-98061D1966B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF284A8-86B0-47AB-B404-D4714D4E769A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "43355789-13F9-4D12-81DB-EFCEA9183F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CC67992A-E0CB-43A8-A749-D91BB460D279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB46F2-6B36-44A2-AE15-CDBC4AEBCD95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD912C7-D5B2-4AB5-9C27-979E8DE805CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7A141A-8588-4743-AB78-502A9724C474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "0A282E85-A145-496B-A600-77012F24F82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu1:*:*:*:*:*:*:*",
"matchCriteriaId": "6890AEDE-8628-4467-BD78-9E28BD00CFD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E475D2-7643-4F90-9A39-3C4C9C5882A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu3:*:*:*:*:*:*:*",
"matchCriteriaId": "31C813DA-01A9-4963-992C-77F21B045C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu4:*:*:*:*:*:*:*",
"matchCriteriaId": "9432E171-BD9D-41E1-AAB3-2CA29FE2B07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu5:*:*:*:*:*:*:*",
"matchCriteriaId": "234375CE-6C99-4973-BAC5-950016C789A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu6:*:*:*:*:*:*:*",
"matchCriteriaId": "1658CA25-4EB5-40D9-A1F3-78640EE58D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9A6112-6920-4006-A353-30D942301D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81F07BD0-2C19-4895-8B3C-F956ED7568BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59420BB6-11ED-43BA-95FA-E843B9F0BFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C7998E-269B-40B1-9B73-99F22CB76A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86CB2D37-78BD-486D-B27B-6E588563000D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B452791-E4F4-4165-B15B-205743EDE142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29CA8420-057C-4BF1-A5A5-E65C979F80D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF71FAA-2457-4B6D-8265-5E9E40FB5B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A901840D-D35C-4DBB-B736-16066BA61016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC8A84E-204D-46FE-9455-E6EE28CBA02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B170FF62-8FE1-4E32-9CAB-6C2791842D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C3112FA6-E483-4A15-83A7-0DC086680D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B0688-10F5-4FCC-B4C3-804BFC9F4572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9709BC6B-6432-47D3-AF3D-7D61230528E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFA65E9-C2C5-4068-8B19-2087F54C75E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62D8AD82-1A8F-450D-B3F5-05D86245A20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0580D85-61E7-446D-BB01-EFFD20A53FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu9:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DEF97E-C23C-431E-A017-29895305E666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu10:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF1FFD4-8088-4073-AF78-C2A177C0DFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu11:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC58CA6-54E2-4874-B327-838B19667FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu12:*:*:*:*:*:*:*",
"matchCriteriaId": "00060D2D-78C2-46CD-903D-48337C4A1173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu13:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD7604E-CEAC-4B54-A708-F98738381288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu14:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD91FE7-01B8-479F-8180-6E152F2996C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu15:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCF9BD3-B46E-4D58-B53F-3DE081164FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu16:*:*:*:*:*:*:*",
"matchCriteriaId": "7F973F96-7AAD-44AB-90F0-D9F5DD7AFEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu17:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1A19B1-592C-48CF-B709-7CA573F40AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu18:*:*:*:*:*:*:*",
"matchCriteriaId": "287EA905-4DF5-4AF7-9C70-3A9CECA714C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu19:*:*:*:*:*:*:*",
"matchCriteriaId": "479CEDFA-177B-413D-A9C1-2A16A9F9FB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu20:*:*:*:*:*:*:*",
"matchCriteriaId": "7713D34D-046F-4627-80CA-B5CD63D41F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu21:*:*:*:*:*:*:*",
"matchCriteriaId": "A65605CF-2659-436E-9C96-E782F06992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu22:*:*:*:*:*:*:*",
"matchCriteriaId": "F27734BE-C46A-4815-A801-1FF5493B324B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu23:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEAE19B-2138-4AA5-BB3B-3150DF0818DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu24:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4BE412-F045-4754-9EF8-2F00E68542A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu25:*:*:*:*:*:*:*",
"matchCriteriaId": "FB26172A-D9F3-47A4-AA7D-7FD2E8499670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu26:*:*:*:*:*:*:*",
"matchCriteriaId": "388DDA89-BA36-45FE-864F-5810C3DF4093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27:*:*:*:*:*:*:*",
"matchCriteriaId": "3D17E8C3-56FE-4719-B214-BA369D5EB6D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE45751-8E63-428B-A04B-1E842FB5BEEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9381CFDA-0772-43D7-8F14-A6E0577F49EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFB83E8-166C-4960-8AF1-DE210F4DE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F95414EB-487D-4E80-AE6C-CDBF0153807E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B7D71B-5267-4479-B271-71363998E998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4194EAB4-673C-4E8A-ADFC-6D87F50C61CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3251DCF-6CE1-4149-A328-0F9708595E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.10:*:*:*:*:*:*:*",
"matchCriteriaId": "73483788-45E5-4E6E-ADF5-4AD0CDF03DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA91A8F7-DEE3-4A99-819D-4E188A7544E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8610CF-E8B1-4172-BBCB-7A8713A2239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF6BB38-C3A9-486B-97E1-263EDE2ECE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BE70759B-770A-44D9-9482-D6E53BA0037F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D2398113-673A-4CF3-B0DE-46061E11EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.17:*:*:*:*:*:*:*",
"matchCriteriaId": "40F7D759-5226-4882-ACF0-B1EAB79665B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.18:*:*:*:*:*:*:*",
"matchCriteriaId": "066128DE-149A-4753-ABBC-22D6278D5043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.19:*:*:*:*:*:*:*",
"matchCriteriaId": "59CB03E3-AB69-427A-A67E-F44C4B8BEC29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BF447FDA-8111-4C7D-B0F6-3869C086E447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu28:*:*:*:*:*:*:*",
"matchCriteriaId": "136B28C2-ACB8-4399-B3B1-FFD0904FCD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu29:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1E587-D25A-4763-B4DC-3D69C118A2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu30:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFD1CBD-77A9-45AF-A516-FF77191311E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu31:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4ADA30-8C36-4D54-ACDA-5AADAC73D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu32:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC93EA4-CEDD-4632-ABCD-532EE5886C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu33:*:*:*:*:*:*:*",
"matchCriteriaId": "69D638E0-E2EF-4E4F-8864-5E74904B4566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu34:*:*:*:*:*:*:*",
"matchCriteriaId": "0B127BDF-5F67-40AA-A9E3-B9C7CAC2A49E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu35:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B0DC30-62E9-4EC1-87D6-9386EC313E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu36:*:*:*:*:*:*:*",
"matchCriteriaId": "9E44CEC7-B7E1-46D5-A731-435650CC6CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu37:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF475DE-6D99-4116-8BB6-9925F7AD9FF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu38:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DEF396-1C23-4C40-B7BD-9E114238C9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu39:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FEDE01-F111-41F8-8541-45395A59584E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu40:*:*:*:*:*:*:*",
"matchCriteriaId": "82DCED7B-C959-4437-85AF-4F871BEB8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu41:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8A1AEB-B478-4BA7-B27C-231C78F5D8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu42:*:*:*:*:*:*:*",
"matchCriteriaId": "EE199F4D-531E-4B80-A51C-EAA98A200896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu43:*:*:*:*:*:*:*",
"matchCriteriaId": "22E737E4-19CE-47C9-A195-216671272B4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gdbus setgid privilege escalation"
},
{
"lang": "es",
"value": "escalada de privilegios setgid de gdbus"
}
],
"id": "CVE-2020-11936",
"lastModified": "2025-08-26T17:49:17.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
}
]
},
"published": "2025-01-31T02:15:28.290",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1885633"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11936"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-28653
Vulnerability from fkie_nvd - Published: 2025-01-31 01:15 - Updated: 2025-08-26 17:49
Severity ?
Summary
Users can consume unlimited disk space in /var/crash
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2022-28653 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "694303C9-A43B-485D-BF26-33CC797B8744",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Users can consume unlimited disk space in /var/crash"
},
{
"lang": "es",
"value": "Los usuarios pueden consumir espacio de disco ilimitado en /var/crash"
}
],
"id": "CVE-2022-28653",
"lastModified": "2025-08-26T17:49:27.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-31T01:15:08.727",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28653"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-1242
Vulnerability from fkie_nvd - Published: 2024-06-03 19:15 - Updated: 2025-08-22 15:48
Severity ?
Summary
Apport can be tricked into connecting to arbitrary sockets as the root user
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2022-1242 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cve.org/CVERecord?id=CVE-2022-1242 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | apport | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 21.10 | |
| canonical | ubuntu_linux | 22.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "694303C9-A43B-485D-BF26-33CC797B8744",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B85E9B9B-ADDB-4D2F-A857-685BD30CE856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*",
"matchCriteriaId": "8E442013-EBF8-44F2-AAAA-B23816F3230E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport can be tricked into connecting to arbitrary sockets as the root user"
},
{
"lang": "es",
"value": "Se puede enga\u00f1ar a Apport para que se conecte a sockets arbitrarios como usuario root"
}
],
"id": "CVE-2022-1242",
"lastModified": "2025-08-22T15:48:00.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-03T19:15:09.143",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1242"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-3899
Vulnerability from fkie_nvd - Published: 2024-06-03 19:15 - Updated: 2025-08-26 17:21
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376 | Issue Tracking, Patch | |
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5427-1 | Vendor Advisory | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2021-3899 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5427-1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cve.org/CVERecord?id=CVE-2021-3899 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | apport | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 21.10 | |
| canonical | ubuntu_linux | 22.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "694303C9-A43B-485D-BF26-33CC797B8744",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a race condition in the \u0027replaced executable\u0027 detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root."
},
{
"lang": "es",
"value": "Existe una condici\u00f3n de ejecuci\u00f3n en la detecci\u00f3n de \u0027ejecutable reemplazado\u0027 que, con la configuraci\u00f3n local correcta, permite a un atacante ejecutar c\u00f3digo arbitrario como root."
}
],
"id": "CVE-2021-3899",
"lastModified": "2025-08-26T17:21:04.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-03T19:15:08.940",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3899"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3899"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-1326
Vulnerability from fkie_nvd - Published: 2023-04-13 23:15 - Updated: 2024-11-21 07:38
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | apport | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 22.04 | |
| canonical | ubuntu_linux | 22.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C318FA9-3356-49C8-A8F8-06A20616D446",
"versionEndIncluding": "2.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*",
"matchCriteriaId": "47842532-D2B6-44CB-ADE2-4AC8630A4D8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit."
}
],
"id": "CVE-2023-1326",
"lastModified": "2024-11-21T07:38:55.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-13T23:15:07.180",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6018-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6018-1"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-3710
Vulnerability from fkie_nvd - Published: 2021-10-01 03:15 - Updated: 2024-11-21 06:22
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832 | Exploit, Vendor Advisory | |
| security@ubuntu.com | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710 | Third Party Advisory | |
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5077-1 | Vendor Advisory | |
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5077-2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5077-1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5077-2 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | apport | 2.14.1-0ubuntu1 | |
| canonical | apport | 2.14.1-0ubuntu2 | |
| canonical | apport | 2.14.1-0ubuntu3 | |
| canonical | apport | 2.14.1-0ubuntu3.1 | |
| canonical | apport | 2.14.1-0ubuntu3.2 | |
| canonical | apport | 2.14.1-0ubuntu3.3 | |
| canonical | apport | 2.14.1-0ubuntu3.4 | |
| canonical | apport | 2.14.1-0ubuntu3.5 | |
| canonical | apport | 2.14.1-0ubuntu3.6 | |
| canonical | apport | 2.14.1-0ubuntu3.7 | |
| canonical | apport | 2.14.1-0ubuntu3.8 | |
| canonical | apport | 2.14.1-0ubuntu3.9 | |
| canonical | apport | 2.14.1-0ubuntu3.10 | |
| canonical | apport | 2.14.1-0ubuntu3.11 | |
| canonical | apport | 2.14.1-0ubuntu3.12 | |
| canonical | apport | 2.14.1-0ubuntu3.13 | |
| canonical | apport | 2.14.1-0ubuntu3.14 | |
| canonical | apport | 2.14.1-0ubuntu3.15 | |
| canonical | apport | 2.14.1-0ubuntu3.16 | |
| canonical | apport | 2.14.1-0ubuntu3.17 | |
| canonical | apport | 2.14.1-0ubuntu3.18 | |
| canonical | apport | 2.14.1-0ubuntu3.19 | |
| canonical | apport | 2.14.1-0ubuntu3.20 | |
| canonical | apport | 2.14.1-0ubuntu3.21 | |
| canonical | apport | 2.14.1-0ubuntu3.23 | |
| canonical | apport | 2.14.1-0ubuntu3.24 | |
| canonical | apport | 2.14.1-0ubuntu3.25 | |
| canonical | apport | 2.14.1-0ubuntu3.27 | |
| canonical | apport | 2.14.1-0ubuntu3.28 | |
| canonical | apport | 2.14.1-0ubuntu3.29 | |
| canonical | apport | 2.14.1-0ubuntu3.29\+esm7 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | apport | 2.20.1-0ubuntu1 | |
| canonical | apport | 2.20.1-0ubuntu2 | |
| canonical | apport | 2.20.1-0ubuntu2.1 | |
| canonical | apport | 2.20.1-0ubuntu2.2 | |
| canonical | apport | 2.20.1-0ubuntu2.4 | |
| canonical | apport | 2.20.1-0ubuntu2.5 | |
| canonical | apport | 2.20.1-0ubuntu2.6 | |
| canonical | apport | 2.20.1-0ubuntu2.7 | |
| canonical | apport | 2.20.1-0ubuntu2.8 | |
| canonical | apport | 2.20.1-0ubuntu2.9 | |
| canonical | apport | 2.20.1-0ubuntu2.10 | |
| canonical | apport | 2.20.1-0ubuntu2.12 | |
| canonical | apport | 2.20.1-0ubuntu2.13 | |
| canonical | apport | 2.20.1-0ubuntu2.14 | |
| canonical | apport | 2.20.1-0ubuntu2.15 | |
| canonical | apport | 2.20.1-0ubuntu2.16 | |
| canonical | apport | 2.20.1-0ubuntu2.17 | |
| canonical | apport | 2.20.1-0ubuntu2.18 | |
| canonical | apport | 2.20.1-0ubuntu2.19 | |
| canonical | apport | 2.20.1-0ubuntu2.20 | |
| canonical | apport | 2.20.1-0ubuntu2.21 | |
| canonical | apport | 2.20.1-0ubuntu2.22 | |
| canonical | apport | 2.20.1-0ubuntu2.23 | |
| canonical | apport | 2.20.1-0ubuntu2.25 | |
| canonical | apport | 2.20.1-0ubuntu2.26 | |
| canonical | apport | 2.20.1-0ubuntu2.27 | |
| canonical | apport | 2.20.1-0ubuntu2.28 | |
| canonical | apport | 2.20.1-0ubuntu2.30 | |
| canonical | apport | 2.20.1-0ubuntu2.30\+esm1 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | apport | 2.20.9-0ubuntu1 | |
| canonical | apport | 2.20.9-0ubuntu2 | |
| canonical | apport | 2.20.9-0ubuntu3 | |
| canonical | apport | 2.20.9-0ubuntu4 | |
| canonical | apport | 2.20.9-0ubuntu5 | |
| canonical | apport | 2.20.9-0ubuntu6 | |
| canonical | apport | 2.20.9-0ubuntu7 | |
| canonical | apport | 2.20.9-0ubuntu7.1 | |
| canonical | apport | 2.20.9-0ubuntu7.2 | |
| canonical | apport | 2.20.9-0ubuntu7.3 | |
| canonical | apport | 2.20.9-0ubuntu7.4 | |
| canonical | apport | 2.20.9-0ubuntu7.5 | |
| canonical | apport | 2.20.9-0ubuntu7.6 | |
| canonical | apport | 2.20.9-0ubuntu7.7 | |
| canonical | apport | 2.20.9-0ubuntu7.8 | |
| canonical | apport | 2.20.9-0ubuntu7.9 | |
| canonical | apport | 2.20.9-0ubuntu7.10 | |
| canonical | apport | 2.20.9-0ubuntu7.11 | |
| canonical | apport | 2.20.9-0ubuntu7.12 | |
| canonical | apport | 2.20.9-0ubuntu7.13 | |
| canonical | apport | 2.20.9-0ubuntu7.14 | |
| canonical | apport | 2.20.9-0ubuntu7.15 | |
| canonical | apport | 2.20.9-0ubuntu7.16 | |
| canonical | apport | 2.20.9-0ubuntu7.17 | |
| canonical | apport | 2.20.9-0ubuntu7.18 | |
| canonical | apport | 2.20.9-0ubuntu7.19 | |
| canonical | apport | 2.20.9-0ubuntu7.20 | |
| canonical | apport | 2.20.9-0ubuntu7.21 | |
| canonical | apport | 2.20.9-0ubuntu7.23 | |
| canonical | apport | 2.20.9-0ubuntu7.24 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | apport | 2.20.11-0ubuntu8 | |
| canonical | apport | 2.20.11-0ubuntu9 | |
| canonical | apport | 2.20.11-0ubuntu10 | |
| canonical | apport | 2.20.11-0ubuntu11 | |
| canonical | apport | 2.20.11-0ubuntu12 | |
| canonical | apport | 2.20.11-0ubuntu13 | |
| canonical | apport | 2.20.11-0ubuntu14 | |
| canonical | apport | 2.20.11-0ubuntu15 | |
| canonical | apport | 2.20.11-0ubuntu16 | |
| canonical | apport | 2.20.11-0ubuntu17 | |
| canonical | apport | 2.20.11-0ubuntu18 | |
| canonical | apport | 2.20.11-0ubuntu19 | |
| canonical | apport | 2.20.11-0ubuntu20 | |
| canonical | apport | 2.20.11-0ubuntu21 | |
| canonical | apport | 2.20.11-0ubuntu22 | |
| canonical | apport | 2.20.11-0ubuntu23 | |
| canonical | apport | 2.20.11-0ubuntu24 | |
| canonical | apport | 2.20.11-0ubuntu25 | |
| canonical | apport | 2.20.11-0ubuntu26 | |
| canonical | apport | 2.20.11-0ubuntu27 | |
| canonical | apport | 2.20.11-0ubuntu27.2 | |
| canonical | apport | 2.20.11-0ubuntu27.3 | |
| canonical | apport | 2.20.11-0ubuntu27.4 | |
| canonical | apport | 2.20.11-0ubuntu27.5 | |
| canonical | apport | 2.20.11-0ubuntu27.6 | |
| canonical | apport | 2.20.11-0ubuntu27.7 | |
| canonical | apport | 2.20.11-0ubuntu27.8 | |
| canonical | apport | 2.20.11-0ubuntu27.9 | |
| canonical | apport | 2.20.11-0ubuntu27.10 | |
| canonical | apport | 2.20.11-0ubuntu27.11 | |
| canonical | apport | 2.20.11-0ubuntu27.12 | |
| canonical | apport | 2.20.11-0ubuntu27.13 | |
| canonical | apport | 2.20.11-0ubuntu27.14 | |
| canonical | apport | 2.20.11-0ubuntu27.16 | |
| canonical | apport | 2.20.11-0ubuntu27.17 | |
| canonical | apport | 2.20.11-0ubuntu27.18 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | apport | 2.20.11-0ubuntu28 | |
| canonical | apport | 2.20.11-0ubuntu29 | |
| canonical | apport | 2.20.11-0ubuntu30 | |
| canonical | apport | 2.20.11-0ubuntu31 | |
| canonical | apport | 2.20.11-0ubuntu32 | |
| canonical | apport | 2.20.11-0ubuntu33 | |
| canonical | apport | 2.20.11-0ubuntu34 | |
| canonical | apport | 2.20.11-0ubuntu35 | |
| canonical | apport | 2.20.11-0ubuntu36 | |
| canonical | apport | 2.20.11-0ubuntu37 | |
| canonical | apport | 2.20.11-0ubuntu38 | |
| canonical | apport | 2.20.11-0ubuntu39 | |
| canonical | apport | 2.20.11-0ubuntu40 | |
| canonical | apport | 2.20.11-0ubuntu41 | |
| canonical | apport | 2.20.11-0ubuntu42 | |
| canonical | apport | 2.20.11-0ubuntu43 | |
| canonical | apport | 2.20.11-0ubuntu44 | |
| canonical | apport | 2.20.11-0ubuntu45 | |
| canonical | apport | 2.20.11-0ubuntu46 | |
| canonical | apport | 2.20.11-0ubuntu47 | |
| canonical | apport | 2.20.11-0ubuntu48 | |
| canonical | apport | 2.20.11-0ubuntu49 | |
| canonical | apport | 2.20.11-0ubuntu50 | |
| canonical | apport | 2.20.11-0ubuntu50.1 | |
| canonical | apport | 2.20.11-0ubuntu50.2 | |
| canonical | apport | 2.20.11-0ubuntu50.3 | |
| canonical | apport | 2.20.11-0ubuntu50.5 | |
| canonical | apport | 2.20.11-0ubuntu50.7 | |
| canonical | apport | 2.20.11-0ubuntu51 | |
| canonical | apport | 2.20.11-0ubuntu52 | |
| canonical | apport | 2.20.11-0ubuntu53 | |
| canonical | apport | 2.20.11-0ubuntu54 | |
| canonical | apport | 2.20.11-0ubuntu55 | |
| canonical | apport | 2.20.11-0ubuntu56 | |
| canonical | apport | 2.20.11-0ubuntu57 | |
| canonical | apport | 2.20.11-0ubuntu58 | |
| canonical | apport | 2.20.11-0ubuntu59 | |
| canonical | apport | 2.20.11-0ubuntu60 | |
| canonical | apport | 2.20.11-0ubuntu61 | |
| canonical | apport | 2.20.11-0ubuntu62 | |
| canonical | apport | 2.20.11-0ubuntu63 | |
| canonical | apport | 2.20.11-0ubuntu64 | |
| canonical | apport | 2.20.11-0ubuntu65 | |
| canonical | apport | 2.20.11-0ubuntu65.1 | |
| canonical | ubuntu_linux | 21.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FD56BA-11DC-4F20-A3F8-9BA77B11B591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C72FD00-1D85-4EEF-96FD-1744012AD89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3:*:*:*:*:*:*:*",
"matchCriteriaId": "877A71D3-6248-474E-B1F4-1AADAF90915D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1C87C8-3B1F-43C6-AF2D-5920A61459F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2706852-F7FE-4F71-A385-7EDD7D0643B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E85B5415-12D7-4F9B-92E9-DDBB640F5BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51A59FF0-40D8-4FC6-9C47-2A98489BB924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33199657-68E0-40F5-8C0A-CD17556E0435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92D20F9E-D5F1-41C2-A1BB-879A9147D34F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF6AAD8-3C58-4638-BE7B-49185BD135D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EFF963-8C67-4748-9123-B90FEC1803C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0A70E3-DD03-4F5B-B5F0-C3193FA117C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8567AB89-0370-47E9-8166-4DA88D9FFD21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82E252EF-02D8-4DEB-8744-8056205DF14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB28F87-3A56-4084-8C83-01B2B98C3877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B1E867-515A-429D-ACBB-2418A8AE246E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F62AD-A3A6-4094-B430-719826E94F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCDF4B3-5ED8-4DC6-B027-0491189A0DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AF47BAE4-B1F2-4275-AEA1-33730155210B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE06C77-B53E-4B3C-848C-052565913FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "66111D47-4A27-4FCA-904D-2F707C36DE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0F076238-A621-49B7-AF91-A433B5774827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E25CE-262C-4EC7-ABB1-EF013783F946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB17E39-A58D-4606-A355-E2BF31BD0989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F12D3906-E0D5-4946-8129-A4E323BC4248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "7691E044-C5AE-49D4-9FF4-0C3E8B014A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "24E0C82A-0473-4D5F-9308-1E0B058520B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD816BA-67DC-4719-9D04-E7DE215BF028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E67978C9-D2A7-48F8-BED4-ECF5D1D10702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "6F010F8F-A66D-4C84-A7E9-24066CBB3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.29\\+esm7:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC85B02-281C-4DD8-9A2B-381C62677735",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAD90B3-3525-471B-9307-252C8CEFFF05",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu1:*:*:*:*:*:*:*",
"matchCriteriaId": "46F1A838-4379-4CC4-BEAD-EC9C793B4E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA3903E-EA8B-4B78-B5CF-42C4AA6626C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCDD843-C743-41E4-8743-62C6149B7BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59FA4F13-3CF6-412B-846F-AE7D57B5FAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF1FE3C-DCF6-475F-BFFB-D445B960CA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AEEADF-89B1-465A-ACCE-61B8F64BD8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBB7136-7802-4DB5-84AF-C75CBFFA5A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "404DDAC7-952E-43FF-8EEB-FA1FC1A503A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "63388BC6-4EE0-41E3-BC4F-A43B0C56494E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7D54FC7A-CD2A-4904-A059-48A8E94954A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "88F73732-BEA3-45D3-ABEE-51B45C1511E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B53A64B3-7522-4B05-BA0C-BD0F429362B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5AF908-B66A-48AD-912D-CBD02A1878A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1672BA-3685-4B75-BB46-9BB181EC4959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "58BB5513-D96B-4AE1-911F-40E561341859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "542F64D1-EB92-41B3-A1E3-98061D1966B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF284A8-86B0-47AB-B404-D4714D4E769A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "43355789-13F9-4D12-81DB-EFCEA9183F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CC67992A-E0CB-43A8-A749-D91BB460D279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB46F2-6B36-44A2-AE15-CDBC4AEBCD95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD912C7-D5B2-4AB5-9C27-979E8DE805CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7A141A-8588-4743-AB78-502A9724C474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "0A282E85-A145-496B-A600-77012F24F82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "87254C87-93AD-4A04-A788-4E97BC44D31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DEA776-C58E-48C6-99BD-78FFFD78B505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "8E947E03-9B13-4C1D-8425-3E62698BD79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "06A5F263-6F35-4312-A206-68338FE62215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "904FBA57-C14C-4B4E-8846-2CB841DAF6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.30\\+esm1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6713C5-09EF-4538-BBD2-3932554A2076",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*",
"matchCriteriaId": "712507AC-DAB8-4FFE-9426-08282919411F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu1:*:*:*:*:*:*:*",
"matchCriteriaId": "6890AEDE-8628-4467-BD78-9E28BD00CFD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E475D2-7643-4F90-9A39-3C4C9C5882A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu3:*:*:*:*:*:*:*",
"matchCriteriaId": "31C813DA-01A9-4963-992C-77F21B045C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu4:*:*:*:*:*:*:*",
"matchCriteriaId": "9432E171-BD9D-41E1-AAB3-2CA29FE2B07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu5:*:*:*:*:*:*:*",
"matchCriteriaId": "234375CE-6C99-4973-BAC5-950016C789A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu6:*:*:*:*:*:*:*",
"matchCriteriaId": "1658CA25-4EB5-40D9-A1F3-78640EE58D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9A6112-6920-4006-A353-30D942301D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81F07BD0-2C19-4895-8B3C-F956ED7568BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59420BB6-11ED-43BA-95FA-E843B9F0BFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C7998E-269B-40B1-9B73-99F22CB76A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86CB2D37-78BD-486D-B27B-6E588563000D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B452791-E4F4-4165-B15B-205743EDE142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29CA8420-057C-4BF1-A5A5-E65C979F80D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF71FAA-2457-4B6D-8265-5E9E40FB5B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A901840D-D35C-4DBB-B736-16066BA61016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC8A84E-204D-46FE-9455-E6EE28CBA02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B170FF62-8FE1-4E32-9CAB-6C2791842D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C3112FA6-E483-4A15-83A7-0DC086680D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B0688-10F5-4FCC-B4C3-804BFC9F4572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9709BC6B-6432-47D3-AF3D-7D61230528E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFA65E9-C2C5-4068-8B19-2087F54C75E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62D8AD82-1A8F-450D-B3F5-05D86245A20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3CB25B-8BCC-47CF-8032-47E7CA5199AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7D420-6DAF-400A-8F73-C7FB79847DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A44AB2-57B3-4DE0-8C6E-CD3E3AC4D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B496DE3B-67F6-43AE-BA9C-B0AA77CCE02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8F975FDB-758B-4423-A46B-FE77677FAF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "11667580-C7B7-4850-A11C-7714ECD8E487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1697005D-4639-4175-8A2C-0761A86BE609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F6AEA8-C7E5-4D30-97EA-96EC6394510F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B85E9B9B-ADDB-4D2F-A857-685BD30CE856",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0580D85-61E7-446D-BB01-EFFD20A53FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu9:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DEF97E-C23C-431E-A017-29895305E666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu10:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF1FFD4-8088-4073-AF78-C2A177C0DFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu11:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC58CA6-54E2-4874-B327-838B19667FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu12:*:*:*:*:*:*:*",
"matchCriteriaId": "00060D2D-78C2-46CD-903D-48337C4A1173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu13:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD7604E-CEAC-4B54-A708-F98738381288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu14:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD91FE7-01B8-479F-8180-6E152F2996C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu15:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCF9BD3-B46E-4D58-B53F-3DE081164FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu16:*:*:*:*:*:*:*",
"matchCriteriaId": "7F973F96-7AAD-44AB-90F0-D9F5DD7AFEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu17:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1A19B1-592C-48CF-B709-7CA573F40AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu18:*:*:*:*:*:*:*",
"matchCriteriaId": "287EA905-4DF5-4AF7-9C70-3A9CECA714C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu19:*:*:*:*:*:*:*",
"matchCriteriaId": "479CEDFA-177B-413D-A9C1-2A16A9F9FB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu20:*:*:*:*:*:*:*",
"matchCriteriaId": "7713D34D-046F-4627-80CA-B5CD63D41F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu21:*:*:*:*:*:*:*",
"matchCriteriaId": "A65605CF-2659-436E-9C96-E782F06992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu22:*:*:*:*:*:*:*",
"matchCriteriaId": "F27734BE-C46A-4815-A801-1FF5493B324B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu23:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEAE19B-2138-4AA5-BB3B-3150DF0818DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu24:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4BE412-F045-4754-9EF8-2F00E68542A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu25:*:*:*:*:*:*:*",
"matchCriteriaId": "FB26172A-D9F3-47A4-AA7D-7FD2E8499670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu26:*:*:*:*:*:*:*",
"matchCriteriaId": "388DDA89-BA36-45FE-864F-5810C3DF4093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27:*:*:*:*:*:*:*",
"matchCriteriaId": "3D17E8C3-56FE-4719-B214-BA369D5EB6D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE45751-8E63-428B-A04B-1E842FB5BEEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9381CFDA-0772-43D7-8F14-A6E0577F49EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFB83E8-166C-4960-8AF1-DE210F4DE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F95414EB-487D-4E80-AE6C-CDBF0153807E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BE24C441-2D44-41C0-8D12-93CAE1D69684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B7D71B-5267-4479-B271-71363998E998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4194EAB4-673C-4E8A-ADFC-6D87F50C61CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3251DCF-6CE1-4149-A328-0F9708595E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.10:*:*:*:*:*:*:*",
"matchCriteriaId": "73483788-45E5-4E6E-ADF5-4AD0CDF03DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA91A8F7-DEE3-4A99-819D-4E188A7544E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8610CF-E8B1-4172-BBCB-7A8713A2239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF6BB38-C3A9-486B-97E1-263EDE2ECE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BE70759B-770A-44D9-9482-D6E53BA0037F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D2398113-673A-4CF3-B0DE-46061E11EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.17:*:*:*:*:*:*:*",
"matchCriteriaId": "40F7D759-5226-4882-ACF0-B1EAB79665B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.18:*:*:*:*:*:*:*",
"matchCriteriaId": "066128DE-149A-4753-ABBC-22D6278D5043",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*",
"matchCriteriaId": "8E442013-EBF8-44F2-AAAA-B23816F3230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu28:*:*:*:*:*:*:*",
"matchCriteriaId": "136B28C2-ACB8-4399-B3B1-FFD0904FCD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu29:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1E587-D25A-4763-B4DC-3D69C118A2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu30:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFD1CBD-77A9-45AF-A516-FF77191311E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu31:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4ADA30-8C36-4D54-ACDA-5AADAC73D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu32:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC93EA4-CEDD-4632-ABCD-532EE5886C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu33:*:*:*:*:*:*:*",
"matchCriteriaId": "69D638E0-E2EF-4E4F-8864-5E74904B4566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu34:*:*:*:*:*:*:*",
"matchCriteriaId": "0B127BDF-5F67-40AA-A9E3-B9C7CAC2A49E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu35:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B0DC30-62E9-4EC1-87D6-9386EC313E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu36:*:*:*:*:*:*:*",
"matchCriteriaId": "9E44CEC7-B7E1-46D5-A731-435650CC6CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu37:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF475DE-6D99-4116-8BB6-9925F7AD9FF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu38:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DEF396-1C23-4C40-B7BD-9E114238C9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu39:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FEDE01-F111-41F8-8541-45395A59584E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu40:*:*:*:*:*:*:*",
"matchCriteriaId": "82DCED7B-C959-4437-85AF-4F871BEB8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu41:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8A1AEB-B478-4BA7-B27C-231C78F5D8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu42:*:*:*:*:*:*:*",
"matchCriteriaId": "EE199F4D-531E-4B80-A51C-EAA98A200896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu43:*:*:*:*:*:*:*",
"matchCriteriaId": "22E737E4-19CE-47C9-A195-216671272B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu44:*:*:*:*:*:*:*",
"matchCriteriaId": "1030F055-1C07-45BC-B738-FC198AB5B38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu45:*:*:*:*:*:*:*",
"matchCriteriaId": "28AFB7C2-7231-442E-9AC3-148940E025C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu46:*:*:*:*:*:*:*",
"matchCriteriaId": "978D1EB2-36A9-4FD6-8B7A-9CFD7DCBD86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu47:*:*:*:*:*:*:*",
"matchCriteriaId": "E55E59A6-64FD-43B5-A36D-B0734D749282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu48:*:*:*:*:*:*:*",
"matchCriteriaId": "51558079-C5CF-4435-90A2-F6E1A4942E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu49:*:*:*:*:*:*:*",
"matchCriteriaId": "8B390C78-605A-409B-9F69-07BE6ED78765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50:*:*:*:*:*:*:*",
"matchCriteriaId": "0772DB94-C282-4670-821D-09178139F211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20A37F7A-147C-48B6-A015-C7AD45F53A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86CEEACF-FDD5-46F0-A317-5B1F024D5B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2AD780-F6A7-46F7-8CB5-63F305ED4849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB82C8F-C2D9-48E2-86A6-772A638C295C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.7:*:*:*:*:*:*:*",
"matchCriteriaId": "54F6BB3C-38DA-49A1-AB29-4DF42F5ADC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu51:*:*:*:*:*:*:*",
"matchCriteriaId": "8966949D-AB76-4235-893E-6A2971DAB751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu52:*:*:*:*:*:*:*",
"matchCriteriaId": "3C232C67-0817-4B2D-BE8D-7CEBEC07C54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu53:*:*:*:*:*:*:*",
"matchCriteriaId": "03711A42-F636-44D0-82D9-BC6EEE4DEE36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu54:*:*:*:*:*:*:*",
"matchCriteriaId": "256A6531-0D49-404D-9232-ECA08A4B191E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu55:*:*:*:*:*:*:*",
"matchCriteriaId": "AF681786-95BB-40CF-ADCF-DEA69A19DD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu56:*:*:*:*:*:*:*",
"matchCriteriaId": "4137BE33-F73C-43FD-8487-81B8581963E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu57:*:*:*:*:*:*:*",
"matchCriteriaId": "75C060ED-BDD7-49BE-975B-08AFF93C8B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu58:*:*:*:*:*:*:*",
"matchCriteriaId": "F56E2A38-2ACA-4686-8E85-DB5B91FAE7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu59:*:*:*:*:*:*:*",
"matchCriteriaId": "BD03D1E1-017F-44BF-90F4-1810AB58019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu60:*:*:*:*:*:*:*",
"matchCriteriaId": "B7170954-E621-4F48-A52C-EF88B392C8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu61:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DFF27C-F5DF-48FF-A04B-EAEDD598CEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu62:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7E19A1-FCC0-418B-AE7D-43453BFD89E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu63:*:*:*:*:*:*:*",
"matchCriteriaId": "947615BA-B4DC-44AC-AACF-4FE576AF1248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu64:*:*:*:*:*:*:*",
"matchCriteriaId": "57A88540-2266-4FB8-9862-252BE378E417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu65:*:*:*:*:*:*:*",
"matchCriteriaId": "28614BE6-A80F-4A3F-809B-51C2CAB9287C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu65.1:*:*:*:*:*:*:*",
"matchCriteriaId": "617048A9-50DE-408B-9654-677D6BFB66F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF1C1CC-3FAE-4DE3-BC41-E5B14D5721F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
},
{
"lang": "es",
"value": "Se ha detectado una divulgaci\u00f3n de informaci\u00f3n por medio de un salto de ruta en la funci\u00f3n read_file() del archivo apport/hookutils.py. Este problema afecta a: las versiones de apport 2.14.1 anteriores a 2.14.1-0ubuntu3.29+esm8; versiones 2.20.1 anteriores a 2.20.1-0ubuntu2.30+esm2; versiones 2.20.9 anteriores a 2.20.9-0ubuntu7.26; versiones 2.20.11 anteriores a 2.20.11-0ubuntu27.20; versiones 2.20.11 anteriores a 2.20.11-0ubuntu65.3"
}
],
"id": "CVE-2021-3710",
"lastModified": "2024-11-21T06:22:12.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-01T03:15:07.043",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-24"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-3709
Vulnerability from fkie_nvd - Published: 2021-10-01 03:15 - Updated: 2024-11-21 06:22
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308 | Exploit, Vendor Advisory | |
| security@ubuntu.com | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709 | Third Party Advisory | |
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5077-1 | Vendor Advisory | |
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5077-2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5077-1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5077-2 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | apport | 2.14.1-0ubuntu1 | |
| canonical | apport | 2.14.1-0ubuntu2 | |
| canonical | apport | 2.14.1-0ubuntu3 | |
| canonical | apport | 2.14.1-0ubuntu3.1 | |
| canonical | apport | 2.14.1-0ubuntu3.2 | |
| canonical | apport | 2.14.1-0ubuntu3.3 | |
| canonical | apport | 2.14.1-0ubuntu3.4 | |
| canonical | apport | 2.14.1-0ubuntu3.5 | |
| canonical | apport | 2.14.1-0ubuntu3.6 | |
| canonical | apport | 2.14.1-0ubuntu3.7 | |
| canonical | apport | 2.14.1-0ubuntu3.8 | |
| canonical | apport | 2.14.1-0ubuntu3.9 | |
| canonical | apport | 2.14.1-0ubuntu3.10 | |
| canonical | apport | 2.14.1-0ubuntu3.11 | |
| canonical | apport | 2.14.1-0ubuntu3.12 | |
| canonical | apport | 2.14.1-0ubuntu3.13 | |
| canonical | apport | 2.14.1-0ubuntu3.14 | |
| canonical | apport | 2.14.1-0ubuntu3.15 | |
| canonical | apport | 2.14.1-0ubuntu3.16 | |
| canonical | apport | 2.14.1-0ubuntu3.17 | |
| canonical | apport | 2.14.1-0ubuntu3.18 | |
| canonical | apport | 2.14.1-0ubuntu3.19 | |
| canonical | apport | 2.14.1-0ubuntu3.20 | |
| canonical | apport | 2.14.1-0ubuntu3.21 | |
| canonical | apport | 2.14.1-0ubuntu3.23 | |
| canonical | apport | 2.14.1-0ubuntu3.24 | |
| canonical | apport | 2.14.1-0ubuntu3.25 | |
| canonical | apport | 2.14.1-0ubuntu3.27 | |
| canonical | apport | 2.14.1-0ubuntu3.28 | |
| canonical | apport | 2.14.1-0ubuntu3.29 | |
| canonical | apport | 2.14.1-0ubuntu3.29\+esm7 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | apport | 2.20.1-0ubuntu1 | |
| canonical | apport | 2.20.1-0ubuntu2 | |
| canonical | apport | 2.20.1-0ubuntu2.1 | |
| canonical | apport | 2.20.1-0ubuntu2.2 | |
| canonical | apport | 2.20.1-0ubuntu2.4 | |
| canonical | apport | 2.20.1-0ubuntu2.5 | |
| canonical | apport | 2.20.1-0ubuntu2.6 | |
| canonical | apport | 2.20.1-0ubuntu2.7 | |
| canonical | apport | 2.20.1-0ubuntu2.8 | |
| canonical | apport | 2.20.1-0ubuntu2.9 | |
| canonical | apport | 2.20.1-0ubuntu2.10 | |
| canonical | apport | 2.20.1-0ubuntu2.12 | |
| canonical | apport | 2.20.1-0ubuntu2.13 | |
| canonical | apport | 2.20.1-0ubuntu2.14 | |
| canonical | apport | 2.20.1-0ubuntu2.15 | |
| canonical | apport | 2.20.1-0ubuntu2.16 | |
| canonical | apport | 2.20.1-0ubuntu2.17 | |
| canonical | apport | 2.20.1-0ubuntu2.18 | |
| canonical | apport | 2.20.1-0ubuntu2.19 | |
| canonical | apport | 2.20.1-0ubuntu2.20 | |
| canonical | apport | 2.20.1-0ubuntu2.21 | |
| canonical | apport | 2.20.1-0ubuntu2.22 | |
| canonical | apport | 2.20.1-0ubuntu2.23 | |
| canonical | apport | 2.20.1-0ubuntu2.25 | |
| canonical | apport | 2.20.1-0ubuntu2.26 | |
| canonical | apport | 2.20.1-0ubuntu2.27 | |
| canonical | apport | 2.20.1-0ubuntu2.28 | |
| canonical | apport | 2.20.1-0ubuntu2.30 | |
| canonical | apport | 2.20.1-0ubuntu2.30\+esm1 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | apport | 2.20.9-0ubuntu1 | |
| canonical | apport | 2.20.9-0ubuntu2 | |
| canonical | apport | 2.20.9-0ubuntu3 | |
| canonical | apport | 2.20.9-0ubuntu4 | |
| canonical | apport | 2.20.9-0ubuntu5 | |
| canonical | apport | 2.20.9-0ubuntu6 | |
| canonical | apport | 2.20.9-0ubuntu7 | |
| canonical | apport | 2.20.9-0ubuntu7.1 | |
| canonical | apport | 2.20.9-0ubuntu7.2 | |
| canonical | apport | 2.20.9-0ubuntu7.3 | |
| canonical | apport | 2.20.9-0ubuntu7.4 | |
| canonical | apport | 2.20.9-0ubuntu7.5 | |
| canonical | apport | 2.20.9-0ubuntu7.6 | |
| canonical | apport | 2.20.9-0ubuntu7.7 | |
| canonical | apport | 2.20.9-0ubuntu7.8 | |
| canonical | apport | 2.20.9-0ubuntu7.9 | |
| canonical | apport | 2.20.9-0ubuntu7.10 | |
| canonical | apport | 2.20.9-0ubuntu7.11 | |
| canonical | apport | 2.20.9-0ubuntu7.12 | |
| canonical | apport | 2.20.9-0ubuntu7.13 | |
| canonical | apport | 2.20.9-0ubuntu7.14 | |
| canonical | apport | 2.20.9-0ubuntu7.15 | |
| canonical | apport | 2.20.9-0ubuntu7.16 | |
| canonical | apport | 2.20.9-0ubuntu7.17 | |
| canonical | apport | 2.20.9-0ubuntu7.18 | |
| canonical | apport | 2.20.9-0ubuntu7.19 | |
| canonical | apport | 2.20.9-0ubuntu7.20 | |
| canonical | apport | 2.20.9-0ubuntu7.21 | |
| canonical | apport | 2.20.9-0ubuntu7.23 | |
| canonical | apport | 2.20.9-0ubuntu7.24 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | apport | 2.20.11-0ubuntu8 | |
| canonical | apport | 2.20.11-0ubuntu9 | |
| canonical | apport | 2.20.11-0ubuntu10 | |
| canonical | apport | 2.20.11-0ubuntu11 | |
| canonical | apport | 2.20.11-0ubuntu12 | |
| canonical | apport | 2.20.11-0ubuntu13 | |
| canonical | apport | 2.20.11-0ubuntu14 | |
| canonical | apport | 2.20.11-0ubuntu15 | |
| canonical | apport | 2.20.11-0ubuntu16 | |
| canonical | apport | 2.20.11-0ubuntu17 | |
| canonical | apport | 2.20.11-0ubuntu18 | |
| canonical | apport | 2.20.11-0ubuntu19 | |
| canonical | apport | 2.20.11-0ubuntu20 | |
| canonical | apport | 2.20.11-0ubuntu21 | |
| canonical | apport | 2.20.11-0ubuntu22 | |
| canonical | apport | 2.20.11-0ubuntu23 | |
| canonical | apport | 2.20.11-0ubuntu24 | |
| canonical | apport | 2.20.11-0ubuntu25 | |
| canonical | apport | 2.20.11-0ubuntu26 | |
| canonical | apport | 2.20.11-0ubuntu27 | |
| canonical | apport | 2.20.11-0ubuntu27.2 | |
| canonical | apport | 2.20.11-0ubuntu27.3 | |
| canonical | apport | 2.20.11-0ubuntu27.4 | |
| canonical | apport | 2.20.11-0ubuntu27.5 | |
| canonical | apport | 2.20.11-0ubuntu27.6 | |
| canonical | apport | 2.20.11-0ubuntu27.7 | |
| canonical | apport | 2.20.11-0ubuntu27.8 | |
| canonical | apport | 2.20.11-0ubuntu27.9 | |
| canonical | apport | 2.20.11-0ubuntu27.10 | |
| canonical | apport | 2.20.11-0ubuntu27.11 | |
| canonical | apport | 2.20.11-0ubuntu27.12 | |
| canonical | apport | 2.20.11-0ubuntu27.13 | |
| canonical | apport | 2.20.11-0ubuntu27.14 | |
| canonical | apport | 2.20.11-0ubuntu27.16 | |
| canonical | apport | 2.20.11-0ubuntu27.17 | |
| canonical | apport | 2.20.11-0ubuntu27.18 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | apport | 2.20.11-0ubuntu28 | |
| canonical | apport | 2.20.11-0ubuntu29 | |
| canonical | apport | 2.20.11-0ubuntu30 | |
| canonical | apport | 2.20.11-0ubuntu31 | |
| canonical | apport | 2.20.11-0ubuntu32 | |
| canonical | apport | 2.20.11-0ubuntu33 | |
| canonical | apport | 2.20.11-0ubuntu34 | |
| canonical | apport | 2.20.11-0ubuntu35 | |
| canonical | apport | 2.20.11-0ubuntu36 | |
| canonical | apport | 2.20.11-0ubuntu37 | |
| canonical | apport | 2.20.11-0ubuntu38 | |
| canonical | apport | 2.20.11-0ubuntu39 | |
| canonical | apport | 2.20.11-0ubuntu40 | |
| canonical | apport | 2.20.11-0ubuntu41 | |
| canonical | apport | 2.20.11-0ubuntu42 | |
| canonical | apport | 2.20.11-0ubuntu43 | |
| canonical | apport | 2.20.11-0ubuntu44 | |
| canonical | apport | 2.20.11-0ubuntu45 | |
| canonical | apport | 2.20.11-0ubuntu46 | |
| canonical | apport | 2.20.11-0ubuntu47 | |
| canonical | apport | 2.20.11-0ubuntu48 | |
| canonical | apport | 2.20.11-0ubuntu49 | |
| canonical | apport | 2.20.11-0ubuntu50 | |
| canonical | apport | 2.20.11-0ubuntu50.1 | |
| canonical | apport | 2.20.11-0ubuntu50.2 | |
| canonical | apport | 2.20.11-0ubuntu50.3 | |
| canonical | apport | 2.20.11-0ubuntu50.5 | |
| canonical | apport | 2.20.11-0ubuntu50.7 | |
| canonical | apport | 2.20.11-0ubuntu51 | |
| canonical | apport | 2.20.11-0ubuntu52 | |
| canonical | apport | 2.20.11-0ubuntu53 | |
| canonical | apport | 2.20.11-0ubuntu54 | |
| canonical | apport | 2.20.11-0ubuntu55 | |
| canonical | apport | 2.20.11-0ubuntu56 | |
| canonical | apport | 2.20.11-0ubuntu57 | |
| canonical | apport | 2.20.11-0ubuntu58 | |
| canonical | apport | 2.20.11-0ubuntu59 | |
| canonical | apport | 2.20.11-0ubuntu60 | |
| canonical | apport | 2.20.11-0ubuntu61 | |
| canonical | apport | 2.20.11-0ubuntu62 | |
| canonical | apport | 2.20.11-0ubuntu63 | |
| canonical | apport | 2.20.11-0ubuntu64 | |
| canonical | apport | 2.20.11-0ubuntu65 | |
| canonical | apport | 2.20.11-0ubuntu65.1 | |
| canonical | ubuntu_linux | 21.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu1:*:*:*:*:*:*:*",
"matchCriteriaId": "03FD56BA-11DC-4F20-A3F8-9BA77B11B591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C72FD00-1D85-4EEF-96FD-1744012AD89F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3:*:*:*:*:*:*:*",
"matchCriteriaId": "877A71D3-6248-474E-B1F4-1AADAF90915D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C1C87C8-3B1F-43C6-AF2D-5920A61459F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2706852-F7FE-4F71-A385-7EDD7D0643B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E85B5415-12D7-4F9B-92E9-DDBB640F5BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "51A59FF0-40D8-4FC6-9C47-2A98489BB924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "33199657-68E0-40F5-8C0A-CD17556E0435",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92D20F9E-D5F1-41C2-A1BB-879A9147D34F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF6AAD8-3C58-4638-BE7B-49185BD135D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EFF963-8C67-4748-9123-B90FEC1803C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B0A70E3-DD03-4F5B-B5F0-C3193FA117C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8567AB89-0370-47E9-8166-4DA88D9FFD21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82E252EF-02D8-4DEB-8744-8056205DF14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB28F87-3A56-4084-8C83-01B2B98C3877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B1E867-515A-429D-ACBB-2418A8AE246E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F62AD-A3A6-4094-B430-719826E94F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCDF4B3-5ED8-4DC6-B027-0491189A0DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AF47BAE4-B1F2-4275-AEA1-33730155210B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE06C77-B53E-4B3C-848C-052565913FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "66111D47-4A27-4FCA-904D-2F707C36DE80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0F076238-A621-49B7-AF91-A433B5774827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9E25CE-262C-4EC7-ABB1-EF013783F946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.21:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB17E39-A58D-4606-A355-E2BF31BD0989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F12D3906-E0D5-4946-8129-A4E323BC4248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "7691E044-C5AE-49D4-9FF4-0C3E8B014A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "24E0C82A-0473-4D5F-9308-1E0B058520B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5FD816BA-67DC-4719-9D04-E7DE215BF028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.28:*:*:*:*:*:*:*",
"matchCriteriaId": "E67978C9-D2A7-48F8-BED4-ECF5D1D10702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.29:*:*:*:*:*:*:*",
"matchCriteriaId": "6F010F8F-A66D-4C84-A7E9-24066CBB3840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.29\\+esm7:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC85B02-281C-4DD8-9A2B-381C62677735",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu1:*:*:*:*:*:*:*",
"matchCriteriaId": "46F1A838-4379-4CC4-BEAD-EC9C793B4E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA3903E-EA8B-4B78-B5CF-42C4AA6626C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCDD843-C743-41E4-8743-62C6149B7BBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59FA4F13-3CF6-412B-846F-AE7D57B5FAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF1FE3C-DCF6-475F-BFFB-D445B960CA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AEEADF-89B1-465A-ACCE-61B8F64BD8A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBB7136-7802-4DB5-84AF-C75CBFFA5A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "404DDAC7-952E-43FF-8EEB-FA1FC1A503A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "63388BC6-4EE0-41E3-BC4F-A43B0C56494E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7D54FC7A-CD2A-4904-A059-48A8E94954A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "88F73732-BEA3-45D3-ABEE-51B45C1511E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B53A64B3-7522-4B05-BA0C-BD0F429362B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5AF908-B66A-48AD-912D-CBD02A1878A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1672BA-3685-4B75-BB46-9BB181EC4959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "58BB5513-D96B-4AE1-911F-40E561341859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "542F64D1-EB92-41B3-A1E3-98061D1966B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF284A8-86B0-47AB-B404-D4714D4E769A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "43355789-13F9-4D12-81DB-EFCEA9183F2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CC67992A-E0CB-43A8-A749-D91BB460D279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB46F2-6B36-44A2-AE15-CDBC4AEBCD95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD912C7-D5B2-4AB5-9C27-979E8DE805CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7A141A-8588-4743-AB78-502A9724C474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "0A282E85-A145-496B-A600-77012F24F82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "87254C87-93AD-4A04-A788-4E97BC44D31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DEA776-C58E-48C6-99BD-78FFFD78B505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "8E947E03-9B13-4C1D-8425-3E62698BD79C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "06A5F263-6F35-4312-A206-68338FE62215",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "904FBA57-C14C-4B4E-8846-2CB841DAF6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.30\\+esm1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F6713C5-09EF-4538-BBD2-3932554A2076",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*",
"matchCriteriaId": "712507AC-DAB8-4FFE-9426-08282919411F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu1:*:*:*:*:*:*:*",
"matchCriteriaId": "6890AEDE-8628-4467-BD78-9E28BD00CFD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E475D2-7643-4F90-9A39-3C4C9C5882A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu3:*:*:*:*:*:*:*",
"matchCriteriaId": "31C813DA-01A9-4963-992C-77F21B045C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu4:*:*:*:*:*:*:*",
"matchCriteriaId": "9432E171-BD9D-41E1-AAB3-2CA29FE2B07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu5:*:*:*:*:*:*:*",
"matchCriteriaId": "234375CE-6C99-4973-BAC5-950016C789A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu6:*:*:*:*:*:*:*",
"matchCriteriaId": "1658CA25-4EB5-40D9-A1F3-78640EE58D07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9A6112-6920-4006-A353-30D942301D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81F07BD0-2C19-4895-8B3C-F956ED7568BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59420BB6-11ED-43BA-95FA-E843B9F0BFD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C7998E-269B-40B1-9B73-99F22CB76A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "86CB2D37-78BD-486D-B27B-6E588563000D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B452791-E4F4-4165-B15B-205743EDE142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29CA8420-057C-4BF1-A5A5-E65C979F80D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF71FAA-2457-4B6D-8265-5E9E40FB5B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A901840D-D35C-4DBB-B736-16066BA61016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC8A84E-204D-46FE-9455-E6EE28CBA02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B170FF62-8FE1-4E32-9CAB-6C2791842D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C3112FA6-E483-4A15-83A7-0DC086680D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "1A7B0688-10F5-4FCC-B4C3-804BFC9F4572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9709BC6B-6432-47D3-AF3D-7D61230528E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFA65E9-C2C5-4068-8B19-2087F54C75E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "62D8AD82-1A8F-450D-B3F5-05D86245A20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AD3CB25B-8BCC-47CF-8032-47E7CA5199AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7D420-6DAF-400A-8F73-C7FB79847DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A44AB2-57B3-4DE0-8C6E-CD3E3AC4D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B496DE3B-67F6-43AE-BA9C-B0AA77CCE02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "8F975FDB-758B-4423-A46B-FE77677FAF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "11667580-C7B7-4850-A11C-7714ECD8E487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "1697005D-4639-4175-8A2C-0761A86BE609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F6AEA8-C7E5-4D30-97EA-96EC6394510F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B85E9B9B-ADDB-4D2F-A857-685BD30CE856",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0580D85-61E7-446D-BB01-EFFD20A53FC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu9:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DEF97E-C23C-431E-A017-29895305E666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu10:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF1FFD4-8088-4073-AF78-C2A177C0DFAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu11:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC58CA6-54E2-4874-B327-838B19667FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu12:*:*:*:*:*:*:*",
"matchCriteriaId": "00060D2D-78C2-46CD-903D-48337C4A1173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu13:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD7604E-CEAC-4B54-A708-F98738381288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu14:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD91FE7-01B8-479F-8180-6E152F2996C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu15:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCF9BD3-B46E-4D58-B53F-3DE081164FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu16:*:*:*:*:*:*:*",
"matchCriteriaId": "7F973F96-7AAD-44AB-90F0-D9F5DD7AFEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu17:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1A19B1-592C-48CF-B709-7CA573F40AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu18:*:*:*:*:*:*:*",
"matchCriteriaId": "287EA905-4DF5-4AF7-9C70-3A9CECA714C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu19:*:*:*:*:*:*:*",
"matchCriteriaId": "479CEDFA-177B-413D-A9C1-2A16A9F9FB50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu20:*:*:*:*:*:*:*",
"matchCriteriaId": "7713D34D-046F-4627-80CA-B5CD63D41F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu21:*:*:*:*:*:*:*",
"matchCriteriaId": "A65605CF-2659-436E-9C96-E782F06992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu22:*:*:*:*:*:*:*",
"matchCriteriaId": "F27734BE-C46A-4815-A801-1FF5493B324B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu23:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEAE19B-2138-4AA5-BB3B-3150DF0818DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu24:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4BE412-F045-4754-9EF8-2F00E68542A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu25:*:*:*:*:*:*:*",
"matchCriteriaId": "FB26172A-D9F3-47A4-AA7D-7FD2E8499670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu26:*:*:*:*:*:*:*",
"matchCriteriaId": "388DDA89-BA36-45FE-864F-5810C3DF4093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27:*:*:*:*:*:*:*",
"matchCriteriaId": "3D17E8C3-56FE-4719-B214-BA369D5EB6D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE45751-8E63-428B-A04B-1E842FB5BEEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9381CFDA-0772-43D7-8F14-A6E0577F49EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFB83E8-166C-4960-8AF1-DE210F4DE6DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F95414EB-487D-4E80-AE6C-CDBF0153807E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BE24C441-2D44-41C0-8D12-93CAE1D69684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B7D71B-5267-4479-B271-71363998E998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4194EAB4-673C-4E8A-ADFC-6D87F50C61CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B3251DCF-6CE1-4149-A328-0F9708595E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.10:*:*:*:*:*:*:*",
"matchCriteriaId": "73483788-45E5-4E6E-ADF5-4AD0CDF03DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AA91A8F7-DEE3-4A99-819D-4E188A7544E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.12:*:*:*:*:*:*:*",
"matchCriteriaId": "FF8610CF-E8B1-4172-BBCB-7A8713A2239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF6BB38-C3A9-486B-97E1-263EDE2ECE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BE70759B-770A-44D9-9482-D6E53BA0037F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D2398113-673A-4CF3-B0DE-46061E11EB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.17:*:*:*:*:*:*:*",
"matchCriteriaId": "40F7D759-5226-4882-ACF0-B1EAB79665B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.18:*:*:*:*:*:*:*",
"matchCriteriaId": "066128DE-149A-4753-ABBC-22D6278D5043",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*",
"matchCriteriaId": "8E442013-EBF8-44F2-AAAA-B23816F3230E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu28:*:*:*:*:*:*:*",
"matchCriteriaId": "136B28C2-ACB8-4399-B3B1-FFD0904FCD44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu29:*:*:*:*:*:*:*",
"matchCriteriaId": "10B1E587-D25A-4763-B4DC-3D69C118A2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu30:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFD1CBD-77A9-45AF-A516-FF77191311E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu31:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4ADA30-8C36-4D54-ACDA-5AADAC73D19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu32:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC93EA4-CEDD-4632-ABCD-532EE5886C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu33:*:*:*:*:*:*:*",
"matchCriteriaId": "69D638E0-E2EF-4E4F-8864-5E74904B4566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu34:*:*:*:*:*:*:*",
"matchCriteriaId": "0B127BDF-5F67-40AA-A9E3-B9C7CAC2A49E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu35:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B0DC30-62E9-4EC1-87D6-9386EC313E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu36:*:*:*:*:*:*:*",
"matchCriteriaId": "9E44CEC7-B7E1-46D5-A731-435650CC6CAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu37:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF475DE-6D99-4116-8BB6-9925F7AD9FF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu38:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DEF396-1C23-4C40-B7BD-9E114238C9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu39:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FEDE01-F111-41F8-8541-45395A59584E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu40:*:*:*:*:*:*:*",
"matchCriteriaId": "82DCED7B-C959-4437-85AF-4F871BEB8FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu41:*:*:*:*:*:*:*",
"matchCriteriaId": "EC8A1AEB-B478-4BA7-B27C-231C78F5D8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu42:*:*:*:*:*:*:*",
"matchCriteriaId": "EE199F4D-531E-4B80-A51C-EAA98A200896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu43:*:*:*:*:*:*:*",
"matchCriteriaId": "22E737E4-19CE-47C9-A195-216671272B4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu44:*:*:*:*:*:*:*",
"matchCriteriaId": "1030F055-1C07-45BC-B738-FC198AB5B38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu45:*:*:*:*:*:*:*",
"matchCriteriaId": "28AFB7C2-7231-442E-9AC3-148940E025C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu46:*:*:*:*:*:*:*",
"matchCriteriaId": "978D1EB2-36A9-4FD6-8B7A-9CFD7DCBD86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu47:*:*:*:*:*:*:*",
"matchCriteriaId": "E55E59A6-64FD-43B5-A36D-B0734D749282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu48:*:*:*:*:*:*:*",
"matchCriteriaId": "51558079-C5CF-4435-90A2-F6E1A4942E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu49:*:*:*:*:*:*:*",
"matchCriteriaId": "8B390C78-605A-409B-9F69-07BE6ED78765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50:*:*:*:*:*:*:*",
"matchCriteriaId": "0772DB94-C282-4670-821D-09178139F211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.1:*:*:*:*:*:*:*",
"matchCriteriaId": "20A37F7A-147C-48B6-A015-C7AD45F53A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86CEEACF-FDD5-46F0-A317-5B1F024D5B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2AD780-F6A7-46F7-8CB5-63F305ED4849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BBB82C8F-C2D9-48E2-86A6-772A638C295C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.7:*:*:*:*:*:*:*",
"matchCriteriaId": "54F6BB3C-38DA-49A1-AB29-4DF42F5ADC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu51:*:*:*:*:*:*:*",
"matchCriteriaId": "8966949D-AB76-4235-893E-6A2971DAB751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu52:*:*:*:*:*:*:*",
"matchCriteriaId": "3C232C67-0817-4B2D-BE8D-7CEBEC07C54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu53:*:*:*:*:*:*:*",
"matchCriteriaId": "03711A42-F636-44D0-82D9-BC6EEE4DEE36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu54:*:*:*:*:*:*:*",
"matchCriteriaId": "256A6531-0D49-404D-9232-ECA08A4B191E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu55:*:*:*:*:*:*:*",
"matchCriteriaId": "AF681786-95BB-40CF-ADCF-DEA69A19DD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu56:*:*:*:*:*:*:*",
"matchCriteriaId": "4137BE33-F73C-43FD-8487-81B8581963E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu57:*:*:*:*:*:*:*",
"matchCriteriaId": "75C060ED-BDD7-49BE-975B-08AFF93C8B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu58:*:*:*:*:*:*:*",
"matchCriteriaId": "F56E2A38-2ACA-4686-8E85-DB5B91FAE7FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu59:*:*:*:*:*:*:*",
"matchCriteriaId": "BD03D1E1-017F-44BF-90F4-1810AB58019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu60:*:*:*:*:*:*:*",
"matchCriteriaId": "B7170954-E621-4F48-A52C-EF88B392C8A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu61:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DFF27C-F5DF-48FF-A04B-EAEDD598CEA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu62:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7E19A1-FCC0-418B-AE7D-43453BFD89E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu63:*:*:*:*:*:*:*",
"matchCriteriaId": "947615BA-B4DC-44AC-AACF-4FE576AF1248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu64:*:*:*:*:*:*:*",
"matchCriteriaId": "57A88540-2266-4FB8-9862-252BE378E417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu65:*:*:*:*:*:*:*",
"matchCriteriaId": "28614BE6-A80F-4A3F-809B-51C2CAB9287C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu65.1:*:*:*:*:*:*:*",
"matchCriteriaId": "617048A9-50DE-408B-9654-677D6BFB66F1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF1C1CC-3FAE-4DE3-BC41-E5B14D5721F4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
},
{
"lang": "es",
"value": "La funci\u00f3n check_attachment_for_errors() en el archivo data/general-hooks/ubuntu.py podr\u00eda ser enga\u00f1ada para exponer datos privados por medio de un archivo de bloqueo construido. Este problema afecta a: las versiones de apport 2.14.1 anteriores a 2.14.1-0ubuntu3.29+esm8; versiones 2.20.1 anteriores a 2.20.1-0ubuntu2.30+esm2; versiones 2.20.9 anteriores a 2.20.9-0ubuntu7.26; versiones 2.20.11 anteriores a 2.20.11-0ubuntu27.20; versiones 2.20.11 anteriores a 2.20.11-0ubuntu65.3;"
}
],
"id": "CVE-2021-3709",
"lastModified": "2024-11-21T06:22:12.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-01T03:15:06.983",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-538"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32556
Vulnerability from fkie_nvd - Published: 2021-06-12 04:15 - Updated: 2024-11-21 06:07
Severity ?
3.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15384D7F-D81C-46B4-8F98-70FD9F1201E0",
"versionEndExcluding": "2.14.1-0ubuntu3.29\\+esm7",
"versionStartIncluding": "2.14.1-0ubuntu3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C72114-B15D-441E-A742-19A7D7A341CA",
"versionEndExcluding": "2.20.1-0ubuntu2.30\\+esm1",
"versionStartIncluding": "2.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6CEE83-29FB-4B02-A31D-E23079AFC2A6",
"versionEndExcluding": "2.20.9-0ubuntu7.24",
"versionStartIncluding": "2.20.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD90405-8C94-43F2-BBF8-FFB695B9181C",
"versionEndExcluding": "2.20.11-0ubuntu27.18",
"versionStartIncluding": "2.20.11-0ubuntu27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB003A8B-8290-4BBA-8C0D-64E208ABBEFE",
"versionEndExcluding": "2.20.11-0ubuntu50.7",
"versionStartIncluding": "2.20.11-0ubuntu50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F0F988-E8C8-451B-9710-1B8932C12996",
"versionEndExcluding": "2.20.11-0ubuntu65.1",
"versionStartIncluding": "2.20.11-0ubuntu65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call."
},
{
"lang": "es",
"value": "Se ha detectado que la funci\u00f3n get_modified_conffiles() en el archivo backends/packaging-apt-dpkg.py permit\u00eda inyectar nombres de paquetes modificados de forma que se confund\u00eda la llamada a dpkg(1)"
}
],
"id": "CVE-2021-32556",
"lastModified": "2024-11-21T06:07:15.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-12T04:15:12.390",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32557
Vulnerability from fkie_nvd - Published: 2021-06-12 04:15 - Updated: 2024-11-21 06:07
Severity ?
5.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
References
| URL | Tags | ||
|---|---|---|---|
| security@ubuntu.com | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 | Exploit, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15384D7F-D81C-46B4-8F98-70FD9F1201E0",
"versionEndExcluding": "2.14.1-0ubuntu3.29\\+esm7",
"versionStartIncluding": "2.14.1-0ubuntu3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C72114-B15D-441E-A742-19A7D7A341CA",
"versionEndExcluding": "2.20.1-0ubuntu2.30\\+esm1",
"versionStartIncluding": "2.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6CEE83-29FB-4B02-A31D-E23079AFC2A6",
"versionEndExcluding": "2.20.9-0ubuntu7.24",
"versionStartIncluding": "2.20.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD90405-8C94-43F2-BBF8-FFB695B9181C",
"versionEndExcluding": "2.20.11-0ubuntu27.18",
"versionStartIncluding": "2.20.11-0ubuntu27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB003A8B-8290-4BBA-8C0D-64E208ABBEFE",
"versionEndExcluding": "2.20.11-0ubuntu50.7",
"versionStartIncluding": "2.20.11-0ubuntu50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F0F988-E8C8-451B-9710-1B8932C12996",
"versionEndExcluding": "2.20.11-0ubuntu65.1",
"versionStartIncluding": "2.20.11-0ubuntu65",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks."
},
{
"lang": "es",
"value": "Se ha detectado que la funci\u00f3n process_report() en la ruta data/whoopsie-upload-all permit\u00eda la escritura arbitraria de archivos por medio de enlaces simb\u00f3licos"
}
],
"id": "CVE-2021-32557",
"lastModified": "2024-11-21T06:07:15.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 2.7,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-12T04:15:12.523",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
},
{
"lang": "en",
"value": "CWE-61"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-5054 (GCVE-0-2025-5054)
Vulnerability from cvelistv5 – Published: 2025-05-30 17:37 – Updated: 2025-11-03 20:05
VLAI?
Summary
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.
When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).
Severity ?
4.7 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical | Apport |
Affected:
2.20.1 , < 2.20.1-0ubuntu2.30+esm5
(dpkg)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.29+esm1 (dpkg) Affected: 2.20.11 , < 2.20.11-0ubuntu27.28 (dpkg) Affected: 2.20.11 , < 2.20.11-0ubuntu82.7 (dpkg) Affected: 2.28.1 , < 2.28.1-0ubuntu3.6 (dpkg) Affected: 2.30.0 , < 2.30.0-0ubuntu4.3 (dpkg) Affected: 2.32.0 , < 2.32.0-0ubuntu5.1 (dpkg) Affected: 2.32.0 , < 2.33.0-0ubuntu1 (dpkg) Affected: 2.20 , ≤ 2.32.0 (semver) |
Credits
Qualys Threat Research Unit (TRU)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5054",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T17:59:23.055492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T17:59:52.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:43.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Jun/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/apport",
"defaultStatus": "unaffected",
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://git.launchpad.net/apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.30+esm5",
"status": "affected",
"version": "2.20.1",
"versionType": "dpkg"
},
{
"lessThan": "2.20.9-0ubuntu7.29+esm1",
"status": "affected",
"version": "2.20.9",
"versionType": "dpkg"
},
{
"lessThan": "2.20.11-0ubuntu27.28",
"status": "affected",
"version": "2.20.11",
"versionType": "dpkg"
},
{
"lessThan": "2.20.11-0ubuntu82.7",
"status": "affected",
"version": "2.20.11",
"versionType": "dpkg"
},
{
"lessThan": "2.28.1-0ubuntu3.6",
"status": "affected",
"version": "2.28.1",
"versionType": "dpkg"
},
{
"lessThan": "2.30.0-0ubuntu4.3",
"status": "affected",
"version": "2.30.0",
"versionType": "dpkg"
},
{
"lessThan": "2.32.0-0ubuntu5.1",
"status": "affected",
"version": "2.32.0",
"versionType": "dpkg"
},
{
"lessThan": "2.33.0-0ubuntu1",
"status": "affected",
"version": "2.32.0",
"versionType": "dpkg"
},
{
"lessThanOrEqual": "2.32.0",
"status": "affected",
"version": "2.20",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Qualys Threat Research Unit (TRU)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eRace condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eWhen handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).\u003c/div\u003e"
}
],
"value": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.\n\n\n\n\nWhen handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1)."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T16:23:28.514Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-7545-1"
},
{
"tags": [
"vdb-entry"
],
"url": "https://ubuntu.com/security/CVE-2025-5054"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Race Condition in Canonical Apport"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2025-5054",
"datePublished": "2025-05-30T17:37:01.006Z",
"dateReserved": "2025-05-21T14:00:55.371Z",
"dateUpdated": "2025-11-03T20:05:43.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-11936 (GCVE-0-2020-11936)
Vulnerability from cvelistv5 – Published: 2025-01-31 01:18 – Updated: 2025-02-07 16:08
VLAI?
Summary
gdbus setgid privilege escalation
Severity ?
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.20.11-0ubuntu27.6
(semver)
|
Credits
Ryota Shiga
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:58:53.328091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:08:28.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.20.11-0ubuntu27.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ryota Shiga"
}
],
"descriptions": [
{
"lang": "en",
"value": "gdbus setgid privilege escalation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T01:34:55.184Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1885633"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11936"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-11936",
"datePublished": "2025-01-31T01:18:21.509Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2025-02-07T16:08:28.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28653 (GCVE-0-2022-28653)
Vulnerability from cvelistv5 – Published: 2025-01-31 00:50 – Updated: 2025-02-07 15:56
VLAI?
Summary
Users can consume unlimited disk space in /var/crash
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:56:07.428006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:56:12.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Users can consume unlimited disk space in /var/crash"
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T00:50:49.677Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28653"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28653",
"datePublished": "2025-01-31T00:50:49.677Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2025-02-07T15:56:12.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1242 (GCVE-0-2022-1242)
Vulnerability from cvelistv5 – Published: 2024-06-03 18:48 – Updated: 2025-03-27 19:31
VLAI?
Summary
Apport can be tricked into connecting to arbitrary sockets as the root user
Severity ?
7.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T20:28:52.542056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:31:12.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport can be tricked into connecting to arbitrary sockets as the root user"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:48:02.281Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1242"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-1242",
"datePublished": "2024-06-03T18:48:02.281Z",
"dateReserved": "2022-04-05T14:45:10.551Z",
"dateUpdated": "2025-03-27T19:31:12.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3899 (GCVE-0-2021-3899)
Vulnerability from cvelistv5 – Published: 2024-06-03 18:40 – Updated: 2024-08-19 14:10
VLAI?
Summary
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
Severity ?
7.8 (High)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Muqing Liu from Singurlar Security Lab
neoni
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3899"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apport:apport:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apport",
"vendor": "apport",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T14:09:25.391252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T14:10:41.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muqing Liu from Singurlar Security Lab"
},
{
"lang": "en",
"type": "finder",
"value": "neoni"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a race condition in the \u0027replaced executable\u0027 detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root."
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:40:32.847Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3899"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3899",
"datePublished": "2024-06-03T18:40:32.847Z",
"dateReserved": "2021-10-23T01:51:35.297Z",
"dateUpdated": "2024-08-19T14:10:41.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1326 (GCVE-0-2023-1326)
Vulnerability from cvelistv5 – Published: 2023-04-13 22:35 – Updated: 2025-02-07 15:54
VLAI?
Summary
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
Severity ?
7.7 (High)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , ≤ 2.26.0
(semver)
|
Credits
Chen Lu
Lei Wang
YiQi Sun
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-6018-1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:54:40.471465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:54:48.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/canonical/apport/tags",
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport/",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "2.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chen Lu"
},
{
"lang": "en",
"type": "finder",
"value": "Lei Wang"
},
{
"lang": "en",
"type": "finder",
"value": "YiQi Sun"
}
],
"datePublic": "2023-04-13T12:33:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T14:55:54.874Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6018-1"
}
],
"title": "local privilege escalation in apport-cli"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-1326",
"datePublished": "2023-04-13T22:35:19.704Z",
"dateReserved": "2023-03-10T16:17:04.430Z",
"dateUpdated": "2025-02-07T15:54:48.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3710 (GCVE-0-2021-3710)
Vulnerability from cvelistv5 – Published: 2021-10-01 02:35 – Updated: 2024-09-17 01:41
VLAI?
Summary
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
Severity ?
6.5 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
Stephen Röttger (@_tsuro)
Maik Münch (maik@secfault-security.com)(@fktio)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm8",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.30+esm2",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.26",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu65.3",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu27.20",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Stephen R\u00f6ttger (@_tsuro)"
},
{
"lang": "en",
"value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
}
],
"datePublic": "2021-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-01T02:35:22",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-5077-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
],
"discovery": "EXTERNAL"
},
"title": "Apport info disclosure via path traversal bug in read_file",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-09-14T00:00:00.000Z",
"ID": "CVE-2021-3710",
"STATE": "PUBLIC",
"TITLE": "Apport info disclosure via path traversal bug in read_file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.26"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu27.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu65.3"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Stephen R\u00f6ttger (@_tsuro)"
},
{
"lang": "eng",
"value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ubuntu.com/security/notices/USN-5077-1",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"name": "https://ubuntu.com/security/notices/USN-5077-2",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-5077-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3710",
"datePublished": "2021-10-01T02:35:22.911127Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T01:41:25.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3709 (GCVE-0-2021-3709)
Vulnerability from cvelistv5 – Published: 2021-10-01 02:35 – Updated: 2024-09-16 23:31
VLAI?
Summary
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
Severity ?
6.5 (Medium)
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
Maik Münch (maik@secfault-security.com)(@fktio)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm8",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.30+esm2",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.26",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu65.3",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu27.20",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
}
],
"datePublic": "2021-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-01T02:35:21",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-5077-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
],
"discovery": "EXTERNAL"
},
"title": "Apport file permission bypass through emacs byte compilation errors",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-09-14T00:00:00.000Z",
"ID": "CVE-2021-3709",
"STATE": "PUBLIC",
"TITLE": "Apport file permission bypass through emacs byte compilation errors"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.26"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu27.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu65.3"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538 File and Directory Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
},
{
"name": "https://ubuntu.com/security/notices/USN-5077-1",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"name": "https://ubuntu.com/security/notices/USN-5077-2",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-5077-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3709",
"datePublished": "2021-10-01T02:35:21.228849Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T23:31:13.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32557 (GCVE-0-2021-32557)
Vulnerability from cvelistv5 – Published: 2021-06-12 03:40 – Updated: 2024-09-16 17:53
VLAI?
Summary
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
Severity ?
5.2 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical | apport |
Affected:
2.20.1 , < 2.20.1-0ubuntu2.30+esm1
(custom)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.24 (custom) Affected: 2.20.11-0ubuntu27 , < 2.20.11-0ubuntu27.18 (custom) Affected: 2.20.11-0ubuntu50 , < 2.20.11-0ubuntu50.7 (custom) Affected: 2.20.11-0ubuntu65 , < 2.20.11-0ubuntu65.1 (custom) Affected: 2.14.1-0ubuntu3 , < 2.14.1-0ubuntu3.29+esm7 (custom) |
Credits
maik@secfault-security.com (@fktio)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:29.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.30+esm1",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.24",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu27.18",
"status": "affected",
"version": "2.20.11-0ubuntu27",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu50.7",
"status": "affected",
"version": "2.20.11-0ubuntu50",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu65.1",
"status": "affected",
"version": "2.20.11-0ubuntu65",
"versionType": "custom"
},
{
"lessThan": "2.14.1-0ubuntu3.29+esm7",
"status": "affected",
"version": "2.14.1-0ubuntu3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "maik@secfault-security.com (@fktio)"
}
],
"datePublic": "2021-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-12T03:40:43",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
},
"title": "apport process_report() arbitrary file write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
"ID": "CVE-2021-32557",
"STATE": "PUBLIC",
"TITLE": "apport process_report() arbitrary file write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm1"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.24"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu27",
"version_value": "2.20.11-0ubuntu27.18"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu50",
"version_value": "2.20.11-0ubuntu50.7"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu65",
"version_value": "2.20.11-0ubuntu65.1"
},
{
"version_affected": "\u003c",
"version_name": "2.14.1-0ubuntu3",
"version_value": "2.14.1-0ubuntu3.29+esm7"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "maik@secfault-security.com (@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-32557",
"datePublished": "2021-06-12T03:40:43.352244Z",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-09-16T17:53:05.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32556 (GCVE-0-2021-32556)
Vulnerability from cvelistv5 – Published: 2021-06-12 03:40 – Updated: 2024-09-16 19:51
VLAI?
Summary
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
Severity ?
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical | apport |
Affected:
2.20.1 , < 2.20.1-0ubuntu2.30+esm1
(custom)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.24 (custom) Affected: 2.20.11-0ubuntu27 , < 2.20.11-0ubuntu27.18 (custom) Affected: 2.20.11-0ubuntu50 , < 2.20.11-0ubuntu50.7 (custom) Affected: 2.20.11-0ubuntu65 , < 2.20.11-0ubuntu65.1 (custom) Affected: 2.14.1-0ubuntu3 , < 2.14.1-0ubuntu3.29+esm7 (custom) |
Credits
maik@secfault-security.com (@fktio)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:29.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.30+esm1",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.24",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu27.18",
"status": "affected",
"version": "2.20.11-0ubuntu27",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu50.7",
"status": "affected",
"version": "2.20.11-0ubuntu50",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu65.1",
"status": "affected",
"version": "2.20.11-0ubuntu65",
"versionType": "custom"
},
{
"lessThan": "2.14.1-0ubuntu3.29+esm7",
"status": "affected",
"version": "2.14.1-0ubuntu3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "maik@secfault-security.com (@fktio)"
}
],
"datePublic": "2021-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-12T03:40:42",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
},
"title": "apport get_modified_conffiles() function command injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
"ID": "CVE-2021-32556",
"STATE": "PUBLIC",
"TITLE": "apport get_modified_conffiles() function command injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm1"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.24"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu27",
"version_value": "2.20.11-0ubuntu27.18"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu50",
"version_value": "2.20.11-0ubuntu50.7"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu65",
"version_value": "2.20.11-0ubuntu65.1"
},
{
"version_affected": "\u003c",
"version_name": "2.14.1-0ubuntu3",
"version_value": "2.14.1-0ubuntu3.29+esm7"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "maik@secfault-security.com (@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-32556",
"datePublished": "2021-06-12T03:40:42.604686Z",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-09-16T19:51:18.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5054 (GCVE-0-2025-5054)
Vulnerability from nvd – Published: 2025-05-30 17:37 – Updated: 2025-11-03 20:05
VLAI?
Summary
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.
When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).
Severity ?
4.7 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical | Apport |
Affected:
2.20.1 , < 2.20.1-0ubuntu2.30+esm5
(dpkg)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.29+esm1 (dpkg) Affected: 2.20.11 , < 2.20.11-0ubuntu27.28 (dpkg) Affected: 2.20.11 , < 2.20.11-0ubuntu82.7 (dpkg) Affected: 2.28.1 , < 2.28.1-0ubuntu3.6 (dpkg) Affected: 2.30.0 , < 2.30.0-0ubuntu4.3 (dpkg) Affected: 2.32.0 , < 2.32.0-0ubuntu5.1 (dpkg) Affected: 2.32.0 , < 2.33.0-0ubuntu1 (dpkg) Affected: 2.20 , ≤ 2.32.0 (semver) |
Credits
Qualys Threat Research Unit (TRU)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5054",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T17:59:23.055492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T17:59:52.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:43.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Jun/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://launchpad.net/apport",
"defaultStatus": "unaffected",
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://git.launchpad.net/apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.30+esm5",
"status": "affected",
"version": "2.20.1",
"versionType": "dpkg"
},
{
"lessThan": "2.20.9-0ubuntu7.29+esm1",
"status": "affected",
"version": "2.20.9",
"versionType": "dpkg"
},
{
"lessThan": "2.20.11-0ubuntu27.28",
"status": "affected",
"version": "2.20.11",
"versionType": "dpkg"
},
{
"lessThan": "2.20.11-0ubuntu82.7",
"status": "affected",
"version": "2.20.11",
"versionType": "dpkg"
},
{
"lessThan": "2.28.1-0ubuntu3.6",
"status": "affected",
"version": "2.28.1",
"versionType": "dpkg"
},
{
"lessThan": "2.30.0-0ubuntu4.3",
"status": "affected",
"version": "2.30.0",
"versionType": "dpkg"
},
{
"lessThan": "2.32.0-0ubuntu5.1",
"status": "affected",
"version": "2.32.0",
"versionType": "dpkg"
},
{
"lessThan": "2.33.0-0ubuntu1",
"status": "affected",
"version": "2.32.0",
"versionType": "dpkg"
},
{
"lessThanOrEqual": "2.32.0",
"status": "affected",
"version": "2.20",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Qualys Threat Research Unit (TRU)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eRace condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eWhen handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).\u003c/div\u003e"
}
],
"value": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces.\n\n\n\n\nWhen handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1)."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T16:23:28.514Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-7545-1"
},
{
"tags": [
"vdb-entry"
],
"url": "https://ubuntu.com/security/CVE-2025-5054"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Race Condition in Canonical Apport"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2025-5054",
"datePublished": "2025-05-30T17:37:01.006Z",
"dateReserved": "2025-05-21T14:00:55.371Z",
"dateUpdated": "2025-11-03T20:05:43.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-11936 (GCVE-0-2020-11936)
Vulnerability from nvd – Published: 2025-01-31 01:18 – Updated: 2025-02-07 16:08
VLAI?
Summary
gdbus setgid privilege escalation
Severity ?
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.20.11-0ubuntu27.6
(semver)
|
Credits
Ryota Shiga
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11936",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:58:53.328091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T16:08:28.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.20.11-0ubuntu27.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ryota Shiga"
}
],
"descriptions": [
{
"lang": "en",
"value": "gdbus setgid privilege escalation"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T01:34:55.184Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1885633"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11936"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-11936",
"datePublished": "2025-01-31T01:18:21.509Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2025-02-07T16:08:28.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28653 (GCVE-0-2022-28653)
Vulnerability from nvd – Published: 2025-01-31 00:50 – Updated: 2025-02-07 15:56
VLAI?
Summary
Users can consume unlimited disk space in /var/crash
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28653",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:56:07.428006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:56:12.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Users can consume unlimited disk space in /var/crash"
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T00:50:49.677Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28653"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28653",
"datePublished": "2025-01-31T00:50:49.677Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2025-02-07T15:56:12.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1242 (GCVE-0-2022-1242)
Vulnerability from nvd – Published: 2024-06-03 18:48 – Updated: 2025-03-27 19:31
VLAI?
Summary
Apport can be tricked into connecting to arbitrary sockets as the root user
Severity ?
7.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T20:28:52.542056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:31:12.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport can be tricked into connecting to arbitrary sockets as the root user"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:48:02.281Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1242"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-1242",
"datePublished": "2024-06-03T18:48:02.281Z",
"dateReserved": "2022-04-05T14:45:10.551Z",
"dateUpdated": "2025-03-27T19:31:12.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3899 (GCVE-0-2021-3899)
Vulnerability from nvd – Published: 2024-06-03 18:40 – Updated: 2024-08-19 14:10
VLAI?
Summary
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
Severity ?
7.8 (High)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Muqing Liu from Singurlar Security Lab
neoni
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3899"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apport:apport:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apport",
"vendor": "apport",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T14:09:25.391252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T14:10:41.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muqing Liu from Singurlar Security Lab"
},
{
"lang": "en",
"type": "finder",
"value": "neoni"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a race condition in the \u0027replaced executable\u0027 detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root."
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T18:40:32.847Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3899"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3899",
"datePublished": "2024-06-03T18:40:32.847Z",
"dateReserved": "2021-10-23T01:51:35.297Z",
"dateUpdated": "2024-08-19T14:10:41.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1326 (GCVE-0-2023-1326)
Vulnerability from nvd – Published: 2023-04-13 22:35 – Updated: 2025-02-07 15:54
VLAI?
Summary
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
Severity ?
7.7 (High)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , ≤ 2.26.0
(semver)
|
Credits
Chen Lu
Lei Wang
YiQi Sun
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-6018-1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:54:40.471465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T15:54:48.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/canonical/apport/tags",
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport/",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThanOrEqual": "2.26.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chen Lu"
},
{
"lang": "en",
"type": "finder",
"value": "Lei Wang"
},
{
"lang": "en",
"type": "finder",
"value": "YiQi Sun"
}
],
"datePublic": "2023-04-13T12:33:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T14:55:54.874Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6018-1"
}
],
"title": "local privilege escalation in apport-cli"
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-1326",
"datePublished": "2023-04-13T22:35:19.704Z",
"dateReserved": "2023-03-10T16:17:04.430Z",
"dateUpdated": "2025-02-07T15:54:48.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3710 (GCVE-0-2021-3710)
Vulnerability from nvd – Published: 2021-10-01 02:35 – Updated: 2024-09-17 01:41
VLAI?
Summary
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
Severity ?
6.5 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
Stephen Röttger (@_tsuro)
Maik Münch (maik@secfault-security.com)(@fktio)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm8",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.30+esm2",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.26",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu65.3",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu27.20",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Stephen R\u00f6ttger (@_tsuro)"
},
{
"lang": "en",
"value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
}
],
"datePublic": "2021-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-01T02:35:22",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-5077-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
],
"discovery": "EXTERNAL"
},
"title": "Apport info disclosure via path traversal bug in read_file",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-09-14T00:00:00.000Z",
"ID": "CVE-2021-3710",
"STATE": "PUBLIC",
"TITLE": "Apport info disclosure via path traversal bug in read_file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.26"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu27.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu65.3"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Stephen R\u00f6ttger (@_tsuro)"
},
{
"lang": "eng",
"value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ubuntu.com/security/notices/USN-5077-1",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"name": "https://ubuntu.com/security/notices/USN-5077-2",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-5077-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3710",
"datePublished": "2021-10-01T02:35:22.911127Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-17T01:41:25.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3709 (GCVE-0-2021-3709)
Vulnerability from nvd – Published: 2021-10-01 02:35 – Updated: 2024-09-16 23:31
VLAI?
Summary
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
Severity ?
6.5 (Medium)
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
Maik Münch (maik@secfault-security.com)(@fktio)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:08.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm8",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.30+esm2",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.26",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu65.3",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu27.20",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
}
],
"datePublic": "2021-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-01T02:35:21",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-5077-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
],
"discovery": "EXTERNAL"
},
"title": "Apport file permission bypass through emacs byte compilation errors",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-09-14T00:00:00.000Z",
"ID": "CVE-2021-3709",
"STATE": "PUBLIC",
"TITLE": "Apport file permission bypass through emacs byte compilation errors"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.26"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu27.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu65.3"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-538 File and Directory Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
},
{
"name": "https://ubuntu.com/security/notices/USN-5077-1",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5077-1"
},
{
"name": "https://ubuntu.com/security/notices/USN-5077-2",
"refsource": "MISC",
"url": "https://ubuntu.com/security/notices/USN-5077-2"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-5077-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3709",
"datePublished": "2021-10-01T02:35:21.228849Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-09-16T23:31:13.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32557 (GCVE-0-2021-32557)
Vulnerability from nvd – Published: 2021-06-12 03:40 – Updated: 2024-09-16 17:53
VLAI?
Summary
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
Severity ?
5.2 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical | apport |
Affected:
2.20.1 , < 2.20.1-0ubuntu2.30+esm1
(custom)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.24 (custom) Affected: 2.20.11-0ubuntu27 , < 2.20.11-0ubuntu27.18 (custom) Affected: 2.20.11-0ubuntu50 , < 2.20.11-0ubuntu50.7 (custom) Affected: 2.20.11-0ubuntu65 , < 2.20.11-0ubuntu65.1 (custom) Affected: 2.14.1-0ubuntu3 , < 2.14.1-0ubuntu3.29+esm7 (custom) |
Credits
maik@secfault-security.com (@fktio)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:29.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.30+esm1",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.24",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu27.18",
"status": "affected",
"version": "2.20.11-0ubuntu27",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu50.7",
"status": "affected",
"version": "2.20.11-0ubuntu50",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu65.1",
"status": "affected",
"version": "2.20.11-0ubuntu65",
"versionType": "custom"
},
{
"lessThan": "2.14.1-0ubuntu3.29+esm7",
"status": "affected",
"version": "2.14.1-0ubuntu3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "maik@secfault-security.com (@fktio)"
}
],
"datePublic": "2021-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-12T03:40:43",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
},
"title": "apport process_report() arbitrary file write",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
"ID": "CVE-2021-32557",
"STATE": "PUBLIC",
"TITLE": "apport process_report() arbitrary file write"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm1"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.24"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu27",
"version_value": "2.20.11-0ubuntu27.18"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu50",
"version_value": "2.20.11-0ubuntu50.7"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu65",
"version_value": "2.20.11-0ubuntu65.1"
},
{
"version_affected": "\u003c",
"version_name": "2.14.1-0ubuntu3",
"version_value": "2.14.1-0ubuntu3.29+esm7"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "maik@secfault-security.com (@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-32557",
"datePublished": "2021-06-12T03:40:43.352244Z",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-09-16T17:53:05.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32556 (GCVE-0-2021-32556)
Vulnerability from nvd – Published: 2021-06-12 03:40 – Updated: 2024-09-16 19:51
VLAI?
Summary
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
Severity ?
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical | apport |
Affected:
2.20.1 , < 2.20.1-0ubuntu2.30+esm1
(custom)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.24 (custom) Affected: 2.20.11-0ubuntu27 , < 2.20.11-0ubuntu27.18 (custom) Affected: 2.20.11-0ubuntu50 , < 2.20.11-0ubuntu50.7 (custom) Affected: 2.20.11-0ubuntu65 , < 2.20.11-0ubuntu65.1 (custom) Affected: 2.14.1-0ubuntu3 , < 2.14.1-0ubuntu3.29+esm7 (custom) |
Credits
maik@secfault-security.com (@fktio)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:29.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.30+esm1",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.24",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu27.18",
"status": "affected",
"version": "2.20.11-0ubuntu27",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu50.7",
"status": "affected",
"version": "2.20.11-0ubuntu50",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu65.1",
"status": "affected",
"version": "2.20.11-0ubuntu65",
"versionType": "custom"
},
{
"lessThan": "2.14.1-0ubuntu3.29+esm7",
"status": "affected",
"version": "2.14.1-0ubuntu3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "maik@secfault-security.com (@fktio)"
}
],
"datePublic": "2021-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-12T03:40:42",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
},
"title": "apport get_modified_conffiles() function command injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
"ID": "CVE-2021-32556",
"STATE": "PUBLIC",
"TITLE": "apport get_modified_conffiles() function command injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm1"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.24"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu27",
"version_value": "2.20.11-0ubuntu27.18"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu50",
"version_value": "2.20.11-0ubuntu50.7"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu65",
"version_value": "2.20.11-0ubuntu65.1"
},
{
"version_affected": "\u003c",
"version_name": "2.14.1-0ubuntu3",
"version_value": "2.14.1-0ubuntu3.29+esm7"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "maik@secfault-security.com (@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-32556",
"datePublished": "2021-06-12T03:40:42.604686Z",
"dateReserved": "2021-05-10T00:00:00",
"dateUpdated": "2024-09-16T19:51:18.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}