All the vulnerabilites related to Canonical - apport
cve-2015-1341
Vulnerability from cvelistv5
Published
2019-04-22 15:35
Modified
2024-09-16 23:45
Severity ?
7.4 (High) - CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
References
https://launchpad.net/apport/trunk/2.19.2x_refsource_MISC
https://usn.ubuntu.com/2782-1/x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:40:18.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.net/apport/trunk/2.19.2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/2782-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apport",
          "vendor": "Ubuntu",
          "versions": [
            {
              "lessThan": "2.0.1-0ubuntu17.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "2.19.1-0ubuntu4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "2.17.2-0ubuntu1.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "2.19.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gabriel Campana"
        }
      ],
      "datePublic": "2015-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Parsing a Python module by executing the module.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-07T19:01:06",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.net/apport/trunk/2.19.2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://usn.ubuntu.com/2782-1/"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1507480"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apport privilege escalation through Python module imports",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2015-10-27T00:00:00.000Z",
          "ID": "CVE-2015-1341",
          "STATE": "PUBLIC",
          "TITLE": "Apport privilege escalation through Python module imports"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apport",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "2.0.1-0ubuntu17.13"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "2.19.1-0ubuntu4"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "2.17.2-0ubuntu1.7"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "2.14.1-0ubuntu3.18"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "2.19.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Ubuntu"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Gabriel Campana"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Parsing a Python module by executing the module."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.net/apport/trunk/2.19.2",
              "refsource": "MISC",
              "url": "https://launchpad.net/apport/trunk/2.19.2"
            },
            {
              "name": "https://usn.ubuntu.com/2782-1/",
              "refsource": "MISC",
              "url": "https://usn.ubuntu.com/2782-1/"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1507480"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2015-1341",
    "datePublished": "2019-04-22T15:35:59.329904Z",
    "dateReserved": "2015-01-22T00:00:00",
    "dateUpdated": "2024-09-16T23:45:46.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-15790
Vulnerability from cvelistv5
Published
2020-04-27 23:25
Modified
2024-09-16 20:43
Severity ?
2.8 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795
https://usn.ubuntu.com/4171-1/
https://usn.ubuntu.com/4171-2/
https://usn.ubuntu.com/4171-3/
https://usn.ubuntu.com/4171-4/
https://usn.ubuntu.com/4171-5/
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806
https://bugs.launchpad.net/apport/+bug/1854237
http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:56:22.465Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4171-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4171-2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4171-3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4171-4/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4171-5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/apport/+bug/1854237"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm3",
              "status": "affected",
              "version": "2.14.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.1-0ubuntu2.22",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.12",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "2.20.11-0ubuntu16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "2.20.11-0ubuntu8.6",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kevin Backhouse"
        }
      ],
      "datePublic": "2019-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T00:00:00",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
        },
        {
          "url": "https://usn.ubuntu.com/4171-1/"
        },
        {
          "url": "https://usn.ubuntu.com/4171-2/"
        },
        {
          "url": "https://usn.ubuntu.com/4171-3/"
        },
        {
          "url": "https://usn.ubuntu.com/4171-4/"
        },
        {
          "url": "https://usn.ubuntu.com/4171-5/"
        },
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
        },
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
        },
        {
          "url": "https://bugs.launchpad.net/apport/+bug/1854237"
        },
        {
          "url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/4171-1/",
        "defect": [
          "https://launchpad.net/bugs/1839795"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apport reads PID files with elevated privileges",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2019-15790",
    "datePublished": "2020-04-27T23:25:19.961303Z",
    "dateReserved": "2019-08-29T00:00:00",
    "dateUpdated": "2024-09-16T20:43:33.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-15701
Vulnerability from cvelistv5
Published
2020-08-06 22:50
Modified
2024-09-16 20:52
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.
References
https://usn.ubuntu.com/4449-1x_refsource_CONFIRM
https://launchpad.net/bugs/1877023x_refsource_CONFIRM
https://usn.ubuntu.com/4449-1/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4449-2/vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4449-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://launchpad.net/bugs/1877023"
          },
          {
            "name": "USN-4449-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4449-1/"
          },
          {
            "name": "USN-4449-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4449-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.24",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.16",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.6",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Seong-Joong Kim"
        }
      ],
      "datePublic": "2020-05-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755 Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-14T15:06:10",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://usn.ubuntu.com/4449-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://launchpad.net/bugs/1877023"
        },
        {
          "name": "USN-4449-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4449-1/"
        },
        {
          "name": "USN-4449-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4449-2/"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/4449-1",
        "defect": [
          "https://launchpad.net/bugs/1877023"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Unhandled exception in apport",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-05-13T07:29:00.000Z",
          "ID": "CVE-2020-15701",
          "STATE": "PUBLIC",
          "TITLE": "Unhandled exception in apport"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.24"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.16"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu27.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "Seong-Joong Kim"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-755 Improper Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://usn.ubuntu.com/4449-1",
              "refsource": "CONFIRM",
              "url": "https://usn.ubuntu.com/4449-1"
            },
            {
              "name": "https://launchpad.net/bugs/1877023",
              "refsource": "CONFIRM",
              "url": "https://launchpad.net/bugs/1877023"
            },
            {
              "name": "USN-4449-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4449-1/"
            },
            {
              "name": "USN-4449-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4449-2/"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "https://usn.ubuntu.com/4449-1",
          "defect": [
            "https://launchpad.net/bugs/1877023"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-15701",
    "datePublished": "2020-08-06T22:50:22.407551Z",
    "dateReserved": "2020-07-14T00:00:00",
    "dateUpdated": "2024-09-16T20:52:16.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32556
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-16 19:51
Severity ?
3.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:29.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:42",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport get_modified_conffiles() function command injection",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32556",
          "STATE": "PUBLIC",
          "TITLE": "apport get_modified_conffiles() function command injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32556",
    "datePublished": "2021-06-12T03:40:42.604686Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-16T19:51:18.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32557
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-16 17:53
Severity ?
5.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Summary
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:29.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:43",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport process_report() arbitrary file write",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32557",
          "STATE": "PUBLIC",
          "TITLE": "apport process_report() arbitrary file write"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32557",
    "datePublished": "2021-06-12T03:40:43.352244Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-16T17:53:05.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25683
Vulnerability from cvelistv5
Published
2021-06-11 02:20
Modified
2024-09-16 22:03
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:11:27.895Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.23",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.16",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.5",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Itai Greenhut"
        }
      ],
      "datePublic": "2021-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-11T02:20:19",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4720-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport improperly parses /proc/pid/stat",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-02-02T00:00:00.000Z",
          "ID": "CVE-2021-25683",
          "STATE": "PUBLIC",
          "TITLE": "apport improperly parses /proc/pid/stat"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.23"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Itai Greenhut"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4720-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-25683",
    "datePublished": "2021-06-11T02:20:19.881201Z",
    "dateReserved": "2021-01-21T00:00:00",
    "dateUpdated": "2024-09-16T22:03:30.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32554
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-16 23:20
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:41",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport read_file() function could follow maliciously constructed symbolic links",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32554",
          "STATE": "PUBLIC",
          "TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32554",
    "datePublished": "2021-06-12T03:40:41.158908Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-16T23:20:32.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-1326
Vulnerability from cvelistv5
Published
2023-04-13 22:35
Modified
2024-08-02 05:40
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
References
https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecbpatch
https://ubuntu.com/security/notices/USN-6018-1vendor-advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:40:59.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-6018-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/canonical/apport/tags",
          "packageName": "apport",
          "platforms": [
            "Linux"
          ],
          "product": "Apport",
          "repo": "https://github.com/canonical/apport/",
          "vendor": "Canonical Ltd.",
          "versions": [
            {
              "lessThanOrEqual": "2.26.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Chen Lu"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Lei Wang"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "YiQi Sun"
        }
      ],
      "datePublic": "2023-04-13T12:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T14:55:54.874Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://ubuntu.com/security/notices/USN-6018-1"
        }
      ],
      "title": "local privilege escalation in apport-cli"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2023-1326",
    "datePublished": "2023-04-13T22:35:19.704Z",
    "dateReserved": "2023-03-10T16:17:04.430Z",
    "dateUpdated": "2024-08-02T05:40:59.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32547
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-17 03:18
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:36",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport read_file() function could follow maliciously constructed symbolic links",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32547",
          "STATE": "PUBLIC",
          "TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32547",
    "datePublished": "2021-06-12T03:40:36.400946Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-17T03:18:22.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-15702
Vulnerability from cvelistv5
Published
2020-08-06 22:50
Modified
2024-09-16 17:28
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
References
https://usn.ubuntu.com/4449-1x_refsource_CONFIRM
https://usn.ubuntu.com/4449-1/vendor-advisory, x_refsource_UBUNTU
https://www.zerodayinitiative.com/advisories/ZDI-20-979/x_refsource_MISC
https://usn.ubuntu.com/4449-2/vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4449-1"
          },
          {
            "name": "USN-4449-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4449-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/"
          },
          {
            "name": "USN-4449-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4449-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.24",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.16",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.6",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ryota Shiga"
        }
      ],
      "datePublic": "2020-08-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-14T15:06:09",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://usn.ubuntu.com/4449-1"
        },
        {
          "name": "USN-4449-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4449-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/"
        },
        {
          "name": "USN-4449-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4449-2/"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/4449-1",
        "discovery": "EXTERNAL"
      },
      "title": "TOCTOU in apport",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-08-04T21:00:00.000Z",
          "ID": "CVE-2020-15702",
          "STATE": "PUBLIC",
          "TITLE": "TOCTOU in apport"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.24"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.16"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu27.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "Ryota Shiga"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://usn.ubuntu.com/4449-1",
              "refsource": "CONFIRM",
              "url": "https://usn.ubuntu.com/4449-1"
            },
            {
              "name": "USN-4449-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4449-1/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/"
            },
            {
              "name": "USN-4449-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4449-2/"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "https://usn.ubuntu.com/4449-1",
          "defect": [],
          "discovery": "EXTERNAL"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-15702",
    "datePublished": "2020-08-06T22:50:22.871739Z",
    "dateReserved": "2020-07-14T00:00:00",
    "dateUpdated": "2024-09-16T17:28:12.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8833
Vulnerability from cvelistv5
Published
2020-04-22 21:15
Modified
2024-09-16 20:53
Severity ?
5.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
References
https://usn.ubuntu.com/4315-1/x_refsource_CONFIRM
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933x_refsource_CONFIRM
https://usn.ubuntu.com/4315-2/vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:12:10.622Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4315-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
          },
          {
            "name": "USN-4315-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4315-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.23",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.14",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "2.20.11-0ubuntu22",
                  "status": "unaffected"
                }
              ],
              "lessThan": "2.20.11-0ubuntu8.8",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Maximilien Bourgeteau"
        }
      ],
      "datePublic": "2020-04-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-24T20:06:03",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://usn.ubuntu.com/4315-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
        },
        {
          "name": "USN-4315-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4315-2/"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/4315-1/",
        "defect": [
          "https://launchpad.net/bugs/1862933"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apport race condition in crash report permissions",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-04-02T00:43:00.000Z",
          "ID": "CVE-2020-8833",
          "STATE": "PUBLIC",
          "TITLE": "Apport race condition in crash report permissions"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apport",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.23"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.14"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu8.8"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu22"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "Maximilien Bourgeteau"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://usn.ubuntu.com/4315-1/",
              "refsource": "CONFIRM",
              "url": "https://usn.ubuntu.com/4315-1/"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
            },
            {
              "name": "USN-4315-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4315-2/"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "https://usn.ubuntu.com/4315-1/",
          "defect": [
            "https://launchpad.net/bugs/1862933"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-8833",
    "datePublished": "2020-04-22T21:15:18.859159Z",
    "dateReserved": "2020-02-10T00:00:00",
    "dateUpdated": "2024-09-16T20:53:27.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32551
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-16 20:21
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.582Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:39",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport read_file() function could follow maliciously constructed symbolic links",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32551",
          "STATE": "PUBLIC",
          "TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32551",
    "datePublished": "2021-06-12T03:40:39.210630Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-16T20:21:31.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25684
Vulnerability from cvelistv5
Published
2021-06-11 02:20
Modified
2024-09-16 19:15
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:11:27.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.23",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.16",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.5",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Itai Greenhut"
        }
      ],
      "datePublic": "2021-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-11T02:20:20",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4720-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport can be stalled by reading a FIFO",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-02-02T00:00:00.000Z",
          "ID": "CVE-2021-25684",
          "STATE": "PUBLIC",
          "TITLE": "apport can be stalled by reading a FIFO"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.23"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Itai Greenhut"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4720-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-25684",
    "datePublished": "2021-06-11T02:20:20.510948Z",
    "dateReserved": "2021-01-21T00:00:00",
    "dateUpdated": "2024-09-16T19:15:56.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11485
Vulnerability from cvelistv5
Published
2020-02-08 04:50
Modified
2024-09-16 16:57
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
References
https://usn.ubuntu.com/usn/usn-4171-1x_refsource_MISC
https://usn.ubuntu.com/usn/usn-4171-2x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-4171-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-4171-2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm2",
              "status": "affected",
              "version": "2.14.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.1-0ubuntu2.20",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.8",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu8.1",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sander Bos"
        }
      ],
      "datePublic": "2019-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sander Bos discovered Apport\u0027s lock file was in a world-writable directory which allowed all users to prevent crash handling."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-412",
              "description": "CWE-412 Unrestricted Externally Accessible Lock",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-30T17:32:33",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-4171-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-4171-2"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
        "defect": [
          "https://bugs.launchpad.net/apport/+bug/1839415"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport created lock file in wrong directory",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2019-10-29T00:00:00.000Z",
          "ID": "CVE-2019-11485",
          "STATE": "PUBLIC",
          "TITLE": "apport created lock file in wrong directory"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1",
                            "version_value": "2.14.1-0ubuntu3.29+esm2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.20"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sander Bos"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sander Bos discovered Apport\u0027s lock file was in a world-writable directory which allowed all users to prevent crash handling."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-412 Unrestricted Externally Accessible Lock"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://usn.ubuntu.com/usn/usn-4171-1",
              "refsource": "MISC",
              "url": "https://usn.ubuntu.com/usn/usn-4171-1"
            },
            {
              "name": "https://usn.ubuntu.com/usn/usn-4171-2",
              "refsource": "MISC",
              "url": "https://usn.ubuntu.com/usn/usn-4171-2"
            }
          ]
        },
        "source": {
          "advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
          "defect": [
            "https://bugs.launchpad.net/apport/+bug/1839415"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2019-11485",
    "datePublished": "2020-02-08T04:50:23.604794Z",
    "dateReserved": "2019-04-23T00:00:00",
    "dateUpdated": "2024-09-16T16:57:41.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32552
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-17 02:37
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.451Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:39",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport read_file() function could follow maliciously constructed symbolic links",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32552",
          "STATE": "PUBLIC",
          "TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32552",
    "datePublished": "2021-06-12T03:40:39.859698Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-17T02:37:33.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32548
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-16 18:29
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.948Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:37",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport read_file() function could follow maliciously constructed symbolic links",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32548",
          "STATE": "PUBLIC",
          "TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32548",
    "datePublished": "2021-06-12T03:40:37.135607Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-16T18:29:09.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11483
Vulnerability from cvelistv5
Published
2020-02-08 04:50
Modified
2024-09-16 18:17
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
Summary
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.
References
https://usn.ubuntu.com/usn/usn-4171-1x_refsource_MISC
https://usn.ubuntu.com/usn/usn-4171-2x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-4171-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-4171-2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm2",
              "status": "affected",
              "version": "2.14.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.1-0ubuntu2.20",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.8",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu8.1",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sander Bos"
        }
      ],
      "datePublic": "2019-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Read user data with administrator privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-08T04:50:22",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-4171-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-4171-2"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
        "defect": [
          "https://bugs.launchpad.net/apport/+bug/1839413"
        ],
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2019-10-29T00:00:00.000Z",
          "ID": "CVE-2019-11483",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1",
                            "version_value": "2.14.1-0ubuntu3.29+esm2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.20"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sander Bos"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Read user data with administrator privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://usn.ubuntu.com/usn/usn-4171-1",
              "refsource": "MISC",
              "url": "https://usn.ubuntu.com/usn/usn-4171-1"
            },
            {
              "name": "https://usn.ubuntu.com/usn/usn-4171-2",
              "refsource": "MISC",
              "url": "https://usn.ubuntu.com/usn/usn-4171-2"
            }
          ]
        },
        "source": {
          "advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
          "defect": [
            "https://bugs.launchpad.net/apport/+bug/1839413"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2019-11483",
    "datePublished": "2020-02-08T04:50:22.806201Z",
    "dateReserved": "2019-04-23T00:00:00",
    "dateUpdated": "2024-09-16T18:17:50.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32549
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-16 23:11
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:37",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport read_file() function could follow maliciously constructed symbolic links",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32549",
          "STATE": "PUBLIC",
          "TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32549",
    "datePublished": "2021-06-12T03:40:37.848951Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-16T23:11:32.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11481
Vulnerability from cvelistv5
Published
2020-02-08 04:50
Modified
2024-09-16 23:25
Severity ?
3.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
References
https://usn.ubuntu.com/usn/usn-4171-1
https://usn.ubuntu.com/usn/usn-4171-2
http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-4171-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-4171-2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm2",
              "status": "affected",
              "version": "2.14.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.1-0ubuntu2.20",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.8",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu8.1",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kevin Backhouse"
        }
      ],
      "datePublic": "2019-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Read user data with administrator privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T00:00:00",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "url": "https://usn.ubuntu.com/usn/usn-4171-1"
        },
        {
          "url": "https://usn.ubuntu.com/usn/usn-4171-2"
        },
        {
          "url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1830862"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apport reads arbitrary files if ~/.config/apport/settings is a symlink",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2019-11481",
    "datePublished": "2020-02-08T04:50:21.892355Z",
    "dateReserved": "2019-04-23T00:00:00",
    "dateUpdated": "2024-09-16T23:25:27.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-25682
Vulnerability from cvelistv5
Published
2021-06-11 02:20
Modified
2024-09-17 00:46
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:11:28.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.23",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.16",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.5",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Itai Greenhut"
        }
      ],
      "datePublic": "2021-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-11T02:20:19",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4720-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport improperly parses /proc/pid/status",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-02-02T00:00:00.000Z",
          "ID": "CVE-2021-25682",
          "STATE": "PUBLIC",
          "TITLE": "apport improperly parses /proc/pid/status"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.23"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.16"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Itai Greenhut"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4720-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-25682",
    "datePublished": "2021-06-11T02:20:19.233443Z",
    "dateReserved": "2021-01-21T00:00:00",
    "dateUpdated": "2024-09-17T00:46:19.717Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3709
Vulnerability from cvelistv5
Published
2021-10-01 02:35
Modified
2024-09-16 23:31
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709x_refsource_MISC
https://ubuntu.com/security/notices/USN-5077-1x_refsource_MISC
https://ubuntu.com/security/notices/USN-5077-2x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5077-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5077-2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm8",
              "status": "affected",
              "version": "2.14.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm2",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.26",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "2.20.11-0ubuntu65.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "2.20.11-0ubuntu27.20",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
        }
      ],
      "datePublic": "2021-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-538",
              "description": "CWE-538 File and Directory Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-01T02:35:21",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5077-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5077-2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-5077-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apport file permission bypass through emacs byte compilation errors",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-09-14T00:00:00.000Z",
          "ID": "CVE-2021-3709",
          "STATE": "PUBLIC",
          "TITLE": "Apport file permission bypass through emacs byte compilation errors"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1",
                            "version_value": "2.14.1-0ubuntu3.29+esm8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.26"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu27.20"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu65.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-538 File and Directory Information Exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709",
              "refsource": "MISC",
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
            },
            {
              "name": "https://ubuntu.com/security/notices/USN-5077-1",
              "refsource": "MISC",
              "url": "https://ubuntu.com/security/notices/USN-5077-1"
            },
            {
              "name": "https://ubuntu.com/security/notices/USN-5077-2",
              "refsource": "MISC",
              "url": "https://ubuntu.com/security/notices/USN-5077-2"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-5077-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-3709",
    "datePublished": "2021-10-01T02:35:21.228849Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-16T23:31:13.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32553
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-16 22:51
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:40",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport read_file() function could follow maliciously constructed symbolic links",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32553",
          "STATE": "PUBLIC",
          "TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32553",
    "datePublished": "2021-06-12T03:40:40.514625Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-16T22:51:04.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8831
Vulnerability from cvelistv5
Published
2020-04-22 21:15
Modified
2024-09-16 19:00
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Summary
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
References
https://launchpad.net/bugs/1862348x_refsource_CONFIRM
https://usn.ubuntu.com/4315-1/x_refsource_CONFIRM
https://usn.ubuntu.com/4315-2/vendor-advisory, x_refsource_UBUNTU
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:12:10.889Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://launchpad.net/bugs/1862348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4315-1/"
          },
          {
            "name": "USN-4315-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4315-2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.23",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.14",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "2.20.11-0ubuntu22",
                  "status": "unaffected"
                }
              ],
              "lessThan": "2.20.11-0ubuntu8.8",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Maximilien Bourgeteau"
        }
      ],
      "datePublic": "2020-04-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport\u0027s lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-379",
              "description": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-24T20:06:02",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://launchpad.net/bugs/1862348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://usn.ubuntu.com/4315-1/"
        },
        {
          "name": "USN-4315-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4315-2/"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/4315-1/",
        "defect": [
          "https://launchpad.net/bugs/1862348"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "World writable root owned lock file created in user controllable location",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2020-04-02T03:04:00.000Z",
          "ID": "CVE-2020-8831",
          "STATE": "PUBLIC",
          "TITLE": "World writable root owned lock file created in user controllable location"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apport",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.23"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.14"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu8.8"
                          },
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu22"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "Maximilien Bourgeteau"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport\u0027s lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.net/bugs/1862348",
              "refsource": "CONFIRM",
              "url": "https://launchpad.net/bugs/1862348"
            },
            {
              "name": "https://usn.ubuntu.com/4315-1/",
              "refsource": "CONFIRM",
              "url": "https://usn.ubuntu.com/4315-1/"
            },
            {
              "name": "USN-4315-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4315-2/"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "https://usn.ubuntu.com/4315-1/",
          "defect": [
            "https://launchpad.net/bugs/1862348"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2020-8831",
    "datePublished": "2020-04-22T21:15:18.418314Z",
    "dateReserved": "2020-02-10T00:00:00",
    "dateUpdated": "2024-09-16T19:00:55.009Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32555
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-16 20:47
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:41",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport read_file() function could follow maliciously constructed symbolic links",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32555",
          "STATE": "PUBLIC",
          "TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32555",
    "datePublished": "2021-06-12T03:40:41.851905Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-16T20:47:23.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32550
Vulnerability from cvelistv5
Published
2021-06-12 03:40
Modified
2024-09-16 23:22
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
References
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm1",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.24",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu27.18",
              "status": "affected",
              "version": "2.20.11-0ubuntu27",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu50.7",
              "status": "affected",
              "version": "2.20.11-0ubuntu50",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu65.1",
              "status": "affected",
              "version": "2.20.11-0ubuntu65",
              "versionType": "custom"
            },
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm7",
              "status": "affected",
              "version": "2.14.1-0ubuntu3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maik@secfault-security.com (@fktio)"
        }
      ],
      "datePublic": "2021-05-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-12T03:40:38",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "apport read_file() function could follow maliciously constructed symbolic links",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
          "ID": "CVE-2021-32550",
          "STATE": "PUBLIC",
          "TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.24"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu27",
                            "version_value": "2.20.11-0ubuntu27.18"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu50",
                            "version_value": "2.20.11-0ubuntu50.7"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11-0ubuntu65",
                            "version_value": "2.20.11-0ubuntu65.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1-0ubuntu3",
                            "version_value": "2.14.1-0ubuntu3.29+esm7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "maik@secfault-security.com (@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-4965-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-32550",
    "datePublished": "2021-06-12T03:40:38.559899Z",
    "dateReserved": "2021-05-10T00:00:00",
    "dateUpdated": "2024-09-16T23:22:01.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3710
Vulnerability from cvelistv5
Published
2021-10-01 02:35
Modified
2024-09-17 01:41
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
References
https://ubuntu.com/security/notices/USN-5077-1x_refsource_MISC
https://ubuntu.com/security/notices/USN-5077-2x_refsource_MISC
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5077-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/notices/USN-5077-2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm8",
              "status": "affected",
              "version": "2.14.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.1-0ubuntu2.30+esm2",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.26",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "2.20.11-0ubuntu65.3",
                  "status": "unaffected"
                }
              ],
              "lessThan": "2.20.11-0ubuntu27.20",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Stephen R\u00f6ttger (@_tsuro)"
        },
        {
          "lang": "en",
          "value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
        }
      ],
      "datePublic": "2021-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-01T02:35:22",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5077-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ubuntu.com/security/notices/USN-5077-2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
        }
      ],
      "source": {
        "advisory": "https://ubuntu.com/security/notices/USN-5077-1",
        "defect": [
          "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apport info disclosure via path traversal bug in read_file",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2021-09-14T00:00:00.000Z",
          "ID": "CVE-2021-3710",
          "STATE": "PUBLIC",
          "TITLE": "Apport info disclosure via path traversal bug in read_file"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1",
                            "version_value": "2.14.1-0ubuntu3.29+esm8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.30+esm2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.26"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu27.20"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu65.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Stephen R\u00f6ttger (@_tsuro)"
          },
          {
            "lang": "eng",
            "value": "Maik M\u00fcnch (maik@secfault-security.com)(@fktio)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-24 Path Traversal: \u0027../filedir\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ubuntu.com/security/notices/USN-5077-1",
              "refsource": "MISC",
              "url": "https://ubuntu.com/security/notices/USN-5077-1"
            },
            {
              "name": "https://ubuntu.com/security/notices/USN-5077-2",
              "refsource": "MISC",
              "url": "https://ubuntu.com/security/notices/USN-5077-2"
            },
            {
              "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710",
              "refsource": "MISC",
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
            }
          ]
        },
        "source": {
          "advisory": "https://ubuntu.com/security/notices/USN-5077-1",
          "defect": [
            "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2021-3710",
    "datePublished": "2021-10-01T02:35:22.911127Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-17T01:41:25.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11482
Vulnerability from cvelistv5
Published
2020-02-08 04:50
Modified
2024-09-17 00:00
Severity ?
4.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
Summary
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
References
https://usn.ubuntu.com/usn/usn-4171-1x_refsource_MISC
https://usn.ubuntu.com/usn/usn-4171-2x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:55:40.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-4171-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-4171-2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm2",
              "status": "affected",
              "version": "2.14.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.1-0ubuntu2.20",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.8",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.11-0ubuntu8.1",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sander Bos"
        }
      ],
      "datePublic": "2019-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Read user data with administrator privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-08T04:50:22",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-4171-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-4171-2"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
        "defect": [
          "https://bugs.launchpad.net/apport/+bug/1839413"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Race condition between reading current working directory and writing a core dump",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "DATE_PUBLIC": "2019-10-29T00:00:00.000Z",
          "ID": "CVE-2019-11482",
          "STATE": "PUBLIC",
          "TITLE": "Race condition between reading current working directory and writing a core dump"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "apport",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.14.1",
                            "version_value": "2.14.1-0ubuntu3.29+esm2"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.1",
                            "version_value": "2.20.1-0ubuntu2.20"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.9",
                            "version_value": "2.20.9-0ubuntu7.8"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "2.20.11",
                            "version_value": "2.20.11-0ubuntu8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Canonical"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Sander Bos"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Read user data with administrator privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://usn.ubuntu.com/usn/usn-4171-1",
              "refsource": "MISC",
              "url": "https://usn.ubuntu.com/usn/usn-4171-1"
            },
            {
              "name": "https://usn.ubuntu.com/usn/usn-4171-2",
              "refsource": "MISC",
              "url": "https://usn.ubuntu.com/usn/usn-4171-2"
            }
          ]
        },
        "source": {
          "advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
          "defect": [
            "https://bugs.launchpad.net/apport/+bug/1839413"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2019-11482",
    "datePublished": "2020-02-08T04:50:22.302773Z",
    "dateReserved": "2019-04-23T00:00:00",
    "dateUpdated": "2024-09-17T00:00:44.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2021-06-11 03:15
Modified
2024-11-21 05:55
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
References
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326Exploit, Third Party Advisory
Impacted products
Vendor Product Version
canonical apport *
canonical apport *
canonical apport *
canonical apport *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDEF7B7-318E-4C9B-AA8B-79157E87B4EF",
              "versionEndExcluding": "2.20.1-0ubuntu2.30",
              "versionStartIncluding": "2.20.1-0ubuntu1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC812359-24A5-4F7D-ABC6-15DB3062967A",
              "versionEndExcluding": "2.20.9-0ubuntu7.23",
              "versionStartIncluding": "2.20.9-0ubuntu1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "194F4E58-D4CB-4B34-8166-858CC0AF7B59",
              "versionEndExcluding": "2.20.11-0ubuntu27.16",
              "versionStartIncluding": "2.20.11-0ubuntu27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5778434C-41A2-4B08-BC76-9203B7FAB094",
              "versionEndExcluding": "2.20.11-0ubuntu50.5",
              "versionStartIncluding": "2.20.11-0ubuntu50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 que apport en data/apport no abr\u00eda correctamente un archivo de informes para evitar lecturas colgadas en un FIFO"
    }
  ],
  "id": "CVE-2021-25684",
  "lastModified": "2024-11-21T05:55:17.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-11T03:15:06.977",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-04-13 23:15
Modified
2024-11-21 07:38
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
References
security@ubuntu.comhttps://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecbPatch
security@ubuntu.comhttps://ubuntu.com/security/notices/USN-6018-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecbPatch
af854a3a-2127-422b-91ae-364da2661108https://ubuntu.com/security/notices/USN-6018-1Vendor Advisory
Impacted products
Vendor Product Version
canonical apport *
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
canonical ubuntu_linux 22.04
canonical ubuntu_linux 22.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C318FA9-3356-49C8-A8F8-06A20616D446",
              "versionEndIncluding": "2.26.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*",
              "matchCriteriaId": "47842532-D2B6-44CB-ADE2-4AC8630A4D8C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit."
    }
  ],
  "id": "CVE-2023-1326",
  "lastModified": "2024-11-21T07:38:55.740",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 6.0,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-13T23:15:07.180",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-6018-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-6018-1"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-08-06 23:15
Modified
2024-11-21 05:06
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.
References
security@ubuntu.comhttps://launchpad.net/bugs/1877023Exploit, Issue Tracking, Third Party Advisory
security@ubuntu.comhttps://usn.ubuntu.com/4449-1Vendor Advisory
security@ubuntu.comhttps://usn.ubuntu.com/4449-1/Vendor Advisory
security@ubuntu.comhttps://usn.ubuntu.com/4449-2/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/bugs/1877023Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4449-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4449-1/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4449-2/Vendor Advisory
Impacted products
Vendor Product Version
canonical apport 2.20.11-0ubuntu8
canonical apport 2.20.11-0ubuntu9
canonical apport 2.20.11-0ubuntu10
canonical apport 2.20.11-0ubuntu11
canonical apport 2.20.11-0ubuntu12
canonical apport 2.20.11-0ubuntu13
canonical apport 2.20.11-0ubuntu14
canonical apport 2.20.11-0ubuntu15
canonical apport 2.20.11-0ubuntu16
canonical apport 2.20.11-0ubuntu17
canonical apport 2.20.11-0ubuntu18
canonical apport 2.20.11-0ubuntu19
canonical apport 2.20.11-0ubuntu20
canonical apport 2.20.11-0ubuntu21
canonical apport 2.20.11-0ubuntu22
canonical apport 2.20.11-0ubuntu23
canonical apport 2.20.11-0ubuntu24
canonical apport 2.20.11-0ubuntu25
canonical apport 2.20.11-0ubuntu26
canonical apport 2.20.11-0ubuntu27
canonical apport 2.20.11-0ubuntu27.2
canonical apport 2.20.11-0ubuntu27.3
canonical apport 2.20.11-0ubuntu27.4
canonical apport 2.20.11-0ubuntu27.5
canonical ubuntu_linux 20.04
canonical apport 2.20.7-0ubuntu3
canonical apport 2.20.7-0ubuntu3.1
canonical apport 2.20.7-0ubuntu4
canonical apport 2.20.8-0ubuntu1
canonical apport 2.20.8-0ubuntu2
canonical apport 2.20.8-0ubuntu3
canonical apport 2.20.8-0ubuntu4
canonical apport 2.20.8-0ubuntu5
canonical apport 2.20.8-0ubuntu6
canonical apport 2.20.8-0ubuntu7
canonical apport 2.20.8-0ubuntu8
canonical apport 2.20.8-0ubuntu9
canonical apport 2.20.8-0ubuntu10
canonical apport 2.20.9-0ubuntu1
canonical apport 2.20.9-0ubuntu2
canonical apport 2.20.9-0ubuntu3
canonical apport 2.20.9-0ubuntu4
canonical apport 2.20.9-0ubuntu5
canonical apport 2.20.9-0ubuntu6
canonical apport 2.20.9-0ubuntu7
canonical apport 2.20.9-0ubuntu7.1
canonical apport 2.20.9-0ubuntu7.2
canonical apport 2.20.9-0ubuntu7.3
canonical apport 2.20.9-0ubuntu7.4
canonical apport 2.20.9-0ubuntu7.5
canonical apport 2.20.9-0ubuntu7.6
canonical apport 2.20.9-0ubuntu7.7
canonical apport 2.20.9-0ubuntu7.8
canonical apport 2.20.9-0ubuntu7.9
canonical apport 2.20.9-0ubuntu7.10
canonical apport 2.20.9-0ubuntu7.11
canonical apport 2.20.9-0ubuntu7.12
canonical apport 2.20.9-0ubuntu7.13
canonical apport 2.20.9-0ubuntu7.14
canonical apport 2.20.9-0ubuntu7.15
canonical ubuntu_linux 18.04
canonical apport 2.19.1-0ubuntu3
canonical apport 2.19.2-0ubuntu1
canonical apport 2.19.2-0ubuntu2
canonical apport 2.19.2-0ubuntu3
canonical apport 2.19.2-0ubuntu4
canonical apport 2.19.2-0ubuntu5
canonical apport 2.19.2-0ubuntu6
canonical apport 2.19.2-0ubuntu7
canonical apport 2.19.2-0ubuntu8
canonical apport 2.19.2-0ubuntu9
canonical apport 2.19.3-0ubuntu1
canonical apport 2.19.3-0ubuntu2
canonical apport 2.19.3-0ubuntu3
canonical apport 2.19.4-0ubuntu1
canonical apport 2.19.4-0ubuntu2
canonical apport 2.20-0ubuntu1
canonical apport 2.20-0ubuntu2
canonical apport 2.20-0ubuntu3
canonical apport 2.20.1-0ubuntu1
canonical apport 2.20.1-0ubuntu2
canonical apport 2.20.1-0ubuntu2.1
canonical apport 2.20.1-0ubuntu2.2
canonical apport 2.20.1-0ubuntu2.4
canonical apport 2.20.1-0ubuntu2.5
canonical apport 2.20.1-0ubuntu2.6
canonical apport 2.20.1-0ubuntu2.7
canonical apport 2.20.1-0ubuntu2.8
canonical apport 2.20.1-0ubuntu2.9
canonical apport 2.20.1-0ubuntu2.10
canonical apport 2.20.1-0ubuntu2.12
canonical apport 2.20.1-0ubuntu2.13
canonical apport 2.20.1-0ubuntu2.14
canonical apport 2.20.1-0ubuntu2.15
canonical apport 2.20.1-0ubuntu2.16
canonical apport 2.20.1-0ubuntu2.17
canonical apport 2.20.1-0ubuntu2.18
canonical apport 2.20.1-0ubuntu2.19
canonical apport 2.20.1-0ubuntu2.20
canonical apport 2.20.1-0ubuntu2.21
canonical apport 2.20.1-0ubuntu2.22
canonical apport 2.20.1-0ubuntu2.23
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0580D85-61E7-446D-BB01-EFFD20A53FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DEF97E-C23C-431E-A017-29895305E666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF1FFD4-8088-4073-AF78-C2A177C0DFAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC58CA6-54E2-4874-B327-838B19667FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu12:*:*:*:*:*:*:*",
              "matchCriteriaId": "00060D2D-78C2-46CD-903D-48337C4A1173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu13:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DD7604E-CEAC-4B54-A708-F98738381288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD91FE7-01B8-479F-8180-6E152F2996C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DCF9BD3-B46E-4D58-B53F-3DE081164FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F973F96-7AAD-44AB-90F0-D9F5DD7AFEE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E1A19B1-592C-48CF-B709-7CA573F40AF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu18:*:*:*:*:*:*:*",
              "matchCriteriaId": "287EA905-4DF5-4AF7-9C70-3A9CECA714C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu19:*:*:*:*:*:*:*",
              "matchCriteriaId": "479CEDFA-177B-413D-A9C1-2A16A9F9FB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu20:*:*:*:*:*:*:*",
              "matchCriteriaId": "7713D34D-046F-4627-80CA-B5CD63D41F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu21:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65605CF-2659-436E-9C96-E782F06992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu22:*:*:*:*:*:*:*",
              "matchCriteriaId": "F27734BE-C46A-4815-A801-1FF5493B324B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu23:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EEAE19B-2138-4AA5-BB3B-3150DF0818DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu24:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4BE412-F045-4754-9EF8-2F00E68542A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu25:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB26172A-D9F3-47A4-AA7D-7FD2E8499670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu26:*:*:*:*:*:*:*",
              "matchCriteriaId": "388DDA89-BA36-45FE-864F-5810C3DF4093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D17E8C3-56FE-4719-B214-BA369D5EB6D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE45751-8E63-428B-A04B-1E842FB5BEEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9381CFDA-0772-43D7-8F14-A6E0577F49EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFB83E8-166C-4960-8AF1-DE210F4DE6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95414EB-487D-4E80-AE6C-CDBF0153807E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.7-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE3B37D5-6479-48A8-8E04-789778896053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.7-0ubuntu3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4235DE-1EF0-490E-955E-BC61F0CB82EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.7-0ubuntu4:*:*:*:*:*:*:*",
              "matchCriteriaId": "34638795-2AE2-48BA-9800-2407E2617B43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88552AC8-4BD5-4652-BB36-BEF96EDE514F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F00DEC01-B39C-42DA-AC36-39A0A153CF44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "82D8C1AF-6C55-4FA5-8937-6797E7E441C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E147A0DA-3A64-4DC0-BB7A-83432FDA5F1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD68C5DD-AF3B-42BC-AB18-E03E43A27076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu6:*:*:*:*:*:*:*",
              "matchCriteriaId": "29EE4CB4-9CFE-4672-93F3-D135F98ADD56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu7:*:*:*:*:*:*:*",
              "matchCriteriaId": "812471E0-35B8-454B-B9FB-539302606C80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF92AC2E-8043-4126-9CC9-1EC1EE77C68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07FD0B9-AFF4-47BB-B2C9-B819D8526D12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A4392D-D859-4906-AFE2-EC56DCE8B85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6890AEDE-8628-4467-BD78-9E28BD00CFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E475D2-7643-4F90-9A39-3C4C9C5882A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C813DA-01A9-4963-992C-77F21B045C61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9432E171-BD9D-41E1-AAB3-2CA29FE2B07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu5:*:*:*:*:*:*:*",
              "matchCriteriaId": "234375CE-6C99-4973-BAC5-950016C789A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1658CA25-4EB5-40D9-A1F3-78640EE58D07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF9A6112-6920-4006-A353-30D942301D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F07BD0-2C19-4895-8B3C-F956ED7568BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59420BB6-11ED-43BA-95FA-E843B9F0BFD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C7998E-269B-40B1-9B73-99F22CB76A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "86CB2D37-78BD-486D-B27B-6E588563000D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B452791-E4F4-4165-B15B-205743EDE142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "29CA8420-057C-4BF1-A5A5-E65C979F80D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FF71FAA-2457-4B6D-8265-5E9E40FB5B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A901840D-D35C-4DBB-B736-16066BA61016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC8A84E-204D-46FE-9455-E6EE28CBA02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B170FF62-8FE1-4E32-9CAB-6C2791842D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3112FA6-E483-4A15-83A7-0DC086680D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7B0688-10F5-4FCC-B4C3-804BFC9F4572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9709BC6B-6432-47D3-AF3D-7D61230528E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFA65E9-C2C5-4068-8B19-2087F54C75E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D8AD82-1A8F-450D-B3F5-05D86245A20F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.1-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDAC7C9-022F-4900-BA2B-E226118390B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7AD2FFF-C115-4B55-8FBE-7C53CE7F3E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E439577C-3E3C-4233-9276-B26C242F2ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "18D07534-D124-4A3F-BFC2-347E7D25B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4419CE5F-6093-49F1-B400-3CADB1EA8017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4EFA888-6A84-48A7-A1F5-6EA1A602940E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B7DA437-17C5-4169-B296-CA924663B37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu7:*:*:*:*:*:*:*",
              "matchCriteriaId": "39555DE8-5AE0-46DC-9DB5-56808D2D54A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5666D2A8-C212-4616-A62B-60C6FABB6679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB25DCC8-6FC7-4138-90AC-FAFF65E6DA10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.3-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE54A967-E6CB-4975-93E2-B74D0F34816C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.3-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6381C1D-994D-49E9-886F-9AAAEC01F72C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.3-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7083F188-39C9-4A0F-B379-DBAA7C1F3E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.4-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55710F53-487F-40CD-941C-BC2BA837C2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.4-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "754BC407-2C75-443F-A0A5-2081EED7628A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7E607C3-7E63-42A4-BE0E-3DFE3B9DD700",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC25ED5C-B1A4-4104-A0C9-633FB58F6596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04C71AA4-574A-4C32-97C3-D7291EF18B2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F1A838-4379-4CC4-BEAD-EC9C793B4E56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA3903E-EA8B-4B78-B5CF-42C4AA6626C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFCDD843-C743-41E4-8743-62C6149B7BBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FA4F13-3CF6-412B-846F-AE7D57B5FAEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF1FE3C-DCF6-475F-BFFB-D445B960CA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2AEEADF-89B1-465A-ACCE-61B8F64BD8A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBB7136-7802-4DB5-84AF-C75CBFFA5A3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "404DDAC7-952E-43FF-8EEB-FA1FC1A503A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "63388BC6-4EE0-41E3-BC4F-A43B0C56494E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D54FC7A-CD2A-4904-A059-48A8E94954A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F73732-BEA3-45D3-ABEE-51B45C1511E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B53A64B3-7522-4B05-BA0C-BD0F429362B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5AF908-B66A-48AD-912D-CBD02A1878A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1672BA-3685-4B75-BB46-9BB181EC4959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BB5513-D96B-4AE1-911F-40E561341859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "542F64D1-EB92-41B3-A1E3-98061D1966B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EF284A8-86B0-47AB-B404-D4714D4E769A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "43355789-13F9-4D12-81DB-EFCEA9183F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC67992A-E0CB-43A8-A749-D91BB460D279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BB46F2-6B36-44A2-AE15-CDBC4AEBCD95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD912C7-D5B2-4AB5-9C27-979E8DE805CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE7A141A-8588-4743-AB78-502A9724C474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A282E85-A145-496B-A600-77012F24F82F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6."
    },
    {
      "lang": "es",
      "value": "Un atacante local puede explotar una excepci\u00f3n no manejada en la funci\u00f3n check_ignored() en el archivo apport/report.py para causar una denegaci\u00f3n de servicio. Si el atributo mtime es un valor de cadena en apport-ignore.xml, desencadenar\u00e1 una excepci\u00f3n no manejada, resultando en un bloqueo. Corregido en versiones 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6"
    }
  ],
  "id": "CVE-2020-15701",
  "lastModified": "2024-11-21T05:06:02.950",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-06T23:15:11.670",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://launchpad.net/bugs/1877023"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-1"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-1/"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://launchpad.net/bugs/1877023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-2/"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-01 03:15
Modified
2024-11-21 06:22
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
References
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832Exploit, Vendor Advisory
security@ubuntu.comhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710Third Party Advisory
security@ubuntu.comhttps://ubuntu.com/security/notices/USN-5077-1Vendor Advisory
security@ubuntu.comhttps://ubuntu.com/security/notices/USN-5077-2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://ubuntu.com/security/notices/USN-5077-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://ubuntu.com/security/notices/USN-5077-2Vendor Advisory
Impacted products
Vendor Product Version
canonical apport 2.14.1-0ubuntu1
canonical apport 2.14.1-0ubuntu2
canonical apport 2.14.1-0ubuntu3
canonical apport 2.14.1-0ubuntu3.1
canonical apport 2.14.1-0ubuntu3.2
canonical apport 2.14.1-0ubuntu3.3
canonical apport 2.14.1-0ubuntu3.4
canonical apport 2.14.1-0ubuntu3.5
canonical apport 2.14.1-0ubuntu3.6
canonical apport 2.14.1-0ubuntu3.7
canonical apport 2.14.1-0ubuntu3.8
canonical apport 2.14.1-0ubuntu3.9
canonical apport 2.14.1-0ubuntu3.10
canonical apport 2.14.1-0ubuntu3.11
canonical apport 2.14.1-0ubuntu3.12
canonical apport 2.14.1-0ubuntu3.13
canonical apport 2.14.1-0ubuntu3.14
canonical apport 2.14.1-0ubuntu3.15
canonical apport 2.14.1-0ubuntu3.16
canonical apport 2.14.1-0ubuntu3.17
canonical apport 2.14.1-0ubuntu3.18
canonical apport 2.14.1-0ubuntu3.19
canonical apport 2.14.1-0ubuntu3.20
canonical apport 2.14.1-0ubuntu3.21
canonical apport 2.14.1-0ubuntu3.23
canonical apport 2.14.1-0ubuntu3.24
canonical apport 2.14.1-0ubuntu3.25
canonical apport 2.14.1-0ubuntu3.27
canonical apport 2.14.1-0ubuntu3.28
canonical apport 2.14.1-0ubuntu3.29
canonical apport 2.14.1-0ubuntu3.29\+esm7
canonical ubuntu_linux 14.04
canonical apport 2.20.1-0ubuntu1
canonical apport 2.20.1-0ubuntu2
canonical apport 2.20.1-0ubuntu2.1
canonical apport 2.20.1-0ubuntu2.2
canonical apport 2.20.1-0ubuntu2.4
canonical apport 2.20.1-0ubuntu2.5
canonical apport 2.20.1-0ubuntu2.6
canonical apport 2.20.1-0ubuntu2.7
canonical apport 2.20.1-0ubuntu2.8
canonical apport 2.20.1-0ubuntu2.9
canonical apport 2.20.1-0ubuntu2.10
canonical apport 2.20.1-0ubuntu2.12
canonical apport 2.20.1-0ubuntu2.13
canonical apport 2.20.1-0ubuntu2.14
canonical apport 2.20.1-0ubuntu2.15
canonical apport 2.20.1-0ubuntu2.16
canonical apport 2.20.1-0ubuntu2.17
canonical apport 2.20.1-0ubuntu2.18
canonical apport 2.20.1-0ubuntu2.19
canonical apport 2.20.1-0ubuntu2.20
canonical apport 2.20.1-0ubuntu2.21
canonical apport 2.20.1-0ubuntu2.22
canonical apport 2.20.1-0ubuntu2.23
canonical apport 2.20.1-0ubuntu2.25
canonical apport 2.20.1-0ubuntu2.26
canonical apport 2.20.1-0ubuntu2.27
canonical apport 2.20.1-0ubuntu2.28
canonical apport 2.20.1-0ubuntu2.30
canonical apport 2.20.1-0ubuntu2.30\+esm1
canonical ubuntu_linux 16.04
canonical apport 2.20.9-0ubuntu1
canonical apport 2.20.9-0ubuntu2
canonical apport 2.20.9-0ubuntu3
canonical apport 2.20.9-0ubuntu4
canonical apport 2.20.9-0ubuntu5
canonical apport 2.20.9-0ubuntu6
canonical apport 2.20.9-0ubuntu7
canonical apport 2.20.9-0ubuntu7.1
canonical apport 2.20.9-0ubuntu7.2
canonical apport 2.20.9-0ubuntu7.3
canonical apport 2.20.9-0ubuntu7.4
canonical apport 2.20.9-0ubuntu7.5
canonical apport 2.20.9-0ubuntu7.6
canonical apport 2.20.9-0ubuntu7.7
canonical apport 2.20.9-0ubuntu7.8
canonical apport 2.20.9-0ubuntu7.9
canonical apport 2.20.9-0ubuntu7.10
canonical apport 2.20.9-0ubuntu7.11
canonical apport 2.20.9-0ubuntu7.12
canonical apport 2.20.9-0ubuntu7.13
canonical apport 2.20.9-0ubuntu7.14
canonical apport 2.20.9-0ubuntu7.15
canonical apport 2.20.9-0ubuntu7.16
canonical apport 2.20.9-0ubuntu7.17
canonical apport 2.20.9-0ubuntu7.18
canonical apport 2.20.9-0ubuntu7.19
canonical apport 2.20.9-0ubuntu7.20
canonical apport 2.20.9-0ubuntu7.21
canonical apport 2.20.9-0ubuntu7.23
canonical apport 2.20.9-0ubuntu7.24
canonical ubuntu_linux 18.04
canonical apport 2.20.11-0ubuntu8
canonical apport 2.20.11-0ubuntu9
canonical apport 2.20.11-0ubuntu10
canonical apport 2.20.11-0ubuntu11
canonical apport 2.20.11-0ubuntu12
canonical apport 2.20.11-0ubuntu13
canonical apport 2.20.11-0ubuntu14
canonical apport 2.20.11-0ubuntu15
canonical apport 2.20.11-0ubuntu16
canonical apport 2.20.11-0ubuntu17
canonical apport 2.20.11-0ubuntu18
canonical apport 2.20.11-0ubuntu19
canonical apport 2.20.11-0ubuntu20
canonical apport 2.20.11-0ubuntu21
canonical apport 2.20.11-0ubuntu22
canonical apport 2.20.11-0ubuntu23
canonical apport 2.20.11-0ubuntu24
canonical apport 2.20.11-0ubuntu25
canonical apport 2.20.11-0ubuntu26
canonical apport 2.20.11-0ubuntu27
canonical apport 2.20.11-0ubuntu27.2
canonical apport 2.20.11-0ubuntu27.3
canonical apport 2.20.11-0ubuntu27.4
canonical apport 2.20.11-0ubuntu27.5
canonical apport 2.20.11-0ubuntu27.6
canonical apport 2.20.11-0ubuntu27.7
canonical apport 2.20.11-0ubuntu27.8
canonical apport 2.20.11-0ubuntu27.9
canonical apport 2.20.11-0ubuntu27.10
canonical apport 2.20.11-0ubuntu27.11
canonical apport 2.20.11-0ubuntu27.12
canonical apport 2.20.11-0ubuntu27.13
canonical apport 2.20.11-0ubuntu27.14
canonical apport 2.20.11-0ubuntu27.16
canonical apport 2.20.11-0ubuntu27.17
canonical apport 2.20.11-0ubuntu27.18
canonical ubuntu_linux 20.04
canonical apport 2.20.11-0ubuntu28
canonical apport 2.20.11-0ubuntu29
canonical apport 2.20.11-0ubuntu30
canonical apport 2.20.11-0ubuntu31
canonical apport 2.20.11-0ubuntu32
canonical apport 2.20.11-0ubuntu33
canonical apport 2.20.11-0ubuntu34
canonical apport 2.20.11-0ubuntu35
canonical apport 2.20.11-0ubuntu36
canonical apport 2.20.11-0ubuntu37
canonical apport 2.20.11-0ubuntu38
canonical apport 2.20.11-0ubuntu39
canonical apport 2.20.11-0ubuntu40
canonical apport 2.20.11-0ubuntu41
canonical apport 2.20.11-0ubuntu42
canonical apport 2.20.11-0ubuntu43
canonical apport 2.20.11-0ubuntu44
canonical apport 2.20.11-0ubuntu45
canonical apport 2.20.11-0ubuntu46
canonical apport 2.20.11-0ubuntu47
canonical apport 2.20.11-0ubuntu48
canonical apport 2.20.11-0ubuntu49
canonical apport 2.20.11-0ubuntu50
canonical apport 2.20.11-0ubuntu50.1
canonical apport 2.20.11-0ubuntu50.2
canonical apport 2.20.11-0ubuntu50.3
canonical apport 2.20.11-0ubuntu50.5
canonical apport 2.20.11-0ubuntu50.7
canonical apport 2.20.11-0ubuntu51
canonical apport 2.20.11-0ubuntu52
canonical apport 2.20.11-0ubuntu53
canonical apport 2.20.11-0ubuntu54
canonical apport 2.20.11-0ubuntu55
canonical apport 2.20.11-0ubuntu56
canonical apport 2.20.11-0ubuntu57
canonical apport 2.20.11-0ubuntu58
canonical apport 2.20.11-0ubuntu59
canonical apport 2.20.11-0ubuntu60
canonical apport 2.20.11-0ubuntu61
canonical apport 2.20.11-0ubuntu62
canonical apport 2.20.11-0ubuntu63
canonical apport 2.20.11-0ubuntu64
canonical apport 2.20.11-0ubuntu65
canonical apport 2.20.11-0ubuntu65.1
canonical ubuntu_linux 21.04


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03FD56BA-11DC-4F20-A3F8-9BA77B11B591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C72FD00-1D85-4EEF-96FD-1744012AD89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "877A71D3-6248-474E-B1F4-1AADAF90915D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C1C87C8-3B1F-43C6-AF2D-5920A61459F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2706852-F7FE-4F71-A385-7EDD7D0643B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E85B5415-12D7-4F9B-92E9-DDBB640F5BFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A59FF0-40D8-4FC6-9C47-2A98489BB924",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "33199657-68E0-40F5-8C0A-CD17556E0435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "92D20F9E-D5F1-41C2-A1BB-879A9147D34F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF6AAD8-3C58-4638-BE7B-49185BD135D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EFF963-8C67-4748-9123-B90FEC1803C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B0A70E3-DD03-4F5B-B5F0-C3193FA117C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8567AB89-0370-47E9-8166-4DA88D9FFD21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E252EF-02D8-4DEB-8744-8056205DF14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB28F87-3A56-4084-8C83-01B2B98C3877",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B1E867-515A-429D-ACBB-2418A8AE246E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83F62AD-A3A6-4094-B430-719826E94F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FCDF4B3-5ED8-4DC6-B027-0491189A0DAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF47BAE4-B1F2-4275-AEA1-33730155210B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE06C77-B53E-4B3C-848C-052565913FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "66111D47-4A27-4FCA-904D-2F707C36DE80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F076238-A621-49B7-AF91-A433B5774827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9E25CE-262C-4EC7-ABB1-EF013783F946",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB17E39-A58D-4606-A355-E2BF31BD0989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12D3906-E0D5-4946-8129-A4E323BC4248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "7691E044-C5AE-49D4-9FF4-0C3E8B014A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "24E0C82A-0473-4D5F-9308-1E0B058520B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD816BA-67DC-4719-9D04-E7DE215BF028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67978C9-D2A7-48F8-BED4-ECF5D1D10702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F010F8F-A66D-4C84-A7E9-24066CBB3840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.29\\+esm7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FC85B02-281C-4DD8-9A2B-381C62677735",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EAD90B3-3525-471B-9307-252C8CEFFF05",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F1A838-4379-4CC4-BEAD-EC9C793B4E56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA3903E-EA8B-4B78-B5CF-42C4AA6626C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFCDD843-C743-41E4-8743-62C6149B7BBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FA4F13-3CF6-412B-846F-AE7D57B5FAEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF1FE3C-DCF6-475F-BFFB-D445B960CA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2AEEADF-89B1-465A-ACCE-61B8F64BD8A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBB7136-7802-4DB5-84AF-C75CBFFA5A3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "404DDAC7-952E-43FF-8EEB-FA1FC1A503A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "63388BC6-4EE0-41E3-BC4F-A43B0C56494E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D54FC7A-CD2A-4904-A059-48A8E94954A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F73732-BEA3-45D3-ABEE-51B45C1511E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B53A64B3-7522-4B05-BA0C-BD0F429362B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5AF908-B66A-48AD-912D-CBD02A1878A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1672BA-3685-4B75-BB46-9BB181EC4959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BB5513-D96B-4AE1-911F-40E561341859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "542F64D1-EB92-41B3-A1E3-98061D1966B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EF284A8-86B0-47AB-B404-D4714D4E769A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "43355789-13F9-4D12-81DB-EFCEA9183F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC67992A-E0CB-43A8-A749-D91BB460D279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BB46F2-6B36-44A2-AE15-CDBC4AEBCD95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD912C7-D5B2-4AB5-9C27-979E8DE805CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE7A141A-8588-4743-AB78-502A9724C474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A282E85-A145-496B-A600-77012F24F82F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "87254C87-93AD-4A04-A788-4E97BC44D31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3DEA776-C58E-48C6-99BD-78FFFD78B505",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E947E03-9B13-4C1D-8425-3E62698BD79C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A5F263-6F35-4312-A206-68338FE62215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "904FBA57-C14C-4B4E-8846-2CB841DAF6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.30\\+esm1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F6713C5-09EF-4538-BBD2-3932554A2076",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "712507AC-DAB8-4FFE-9426-08282919411F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6890AEDE-8628-4467-BD78-9E28BD00CFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E475D2-7643-4F90-9A39-3C4C9C5882A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C813DA-01A9-4963-992C-77F21B045C61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9432E171-BD9D-41E1-AAB3-2CA29FE2B07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu5:*:*:*:*:*:*:*",
              "matchCriteriaId": "234375CE-6C99-4973-BAC5-950016C789A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1658CA25-4EB5-40D9-A1F3-78640EE58D07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF9A6112-6920-4006-A353-30D942301D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F07BD0-2C19-4895-8B3C-F956ED7568BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59420BB6-11ED-43BA-95FA-E843B9F0BFD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C7998E-269B-40B1-9B73-99F22CB76A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "86CB2D37-78BD-486D-B27B-6E588563000D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B452791-E4F4-4165-B15B-205743EDE142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "29CA8420-057C-4BF1-A5A5-E65C979F80D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FF71FAA-2457-4B6D-8265-5E9E40FB5B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A901840D-D35C-4DBB-B736-16066BA61016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC8A84E-204D-46FE-9455-E6EE28CBA02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B170FF62-8FE1-4E32-9CAB-6C2791842D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3112FA6-E483-4A15-83A7-0DC086680D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7B0688-10F5-4FCC-B4C3-804BFC9F4572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9709BC6B-6432-47D3-AF3D-7D61230528E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFA65E9-C2C5-4068-8B19-2087F54C75E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D8AD82-1A8F-450D-B3F5-05D86245A20F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3CB25B-8BCC-47CF-8032-47E7CA5199AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAA7D420-6DAF-400A-8F73-C7FB79847DF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A44AB2-57B3-4DE0-8C6E-CD3E3AC4D3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "B496DE3B-67F6-43AE-BA9C-B0AA77CCE02B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F975FDB-758B-4423-A46B-FE77677FAF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "11667580-C7B7-4850-A11C-7714ECD8E487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "1697005D-4639-4175-8A2C-0761A86BE609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F6AEA8-C7E5-4D30-97EA-96EC6394510F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85E9B9B-ADDB-4D2F-A857-685BD30CE856",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0580D85-61E7-446D-BB01-EFFD20A53FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DEF97E-C23C-431E-A017-29895305E666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF1FFD4-8088-4073-AF78-C2A177C0DFAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC58CA6-54E2-4874-B327-838B19667FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu12:*:*:*:*:*:*:*",
              "matchCriteriaId": "00060D2D-78C2-46CD-903D-48337C4A1173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu13:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DD7604E-CEAC-4B54-A708-F98738381288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD91FE7-01B8-479F-8180-6E152F2996C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DCF9BD3-B46E-4D58-B53F-3DE081164FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F973F96-7AAD-44AB-90F0-D9F5DD7AFEE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E1A19B1-592C-48CF-B709-7CA573F40AF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu18:*:*:*:*:*:*:*",
              "matchCriteriaId": "287EA905-4DF5-4AF7-9C70-3A9CECA714C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu19:*:*:*:*:*:*:*",
              "matchCriteriaId": "479CEDFA-177B-413D-A9C1-2A16A9F9FB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu20:*:*:*:*:*:*:*",
              "matchCriteriaId": "7713D34D-046F-4627-80CA-B5CD63D41F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu21:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65605CF-2659-436E-9C96-E782F06992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu22:*:*:*:*:*:*:*",
              "matchCriteriaId": "F27734BE-C46A-4815-A801-1FF5493B324B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu23:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EEAE19B-2138-4AA5-BB3B-3150DF0818DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu24:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4BE412-F045-4754-9EF8-2F00E68542A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu25:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB26172A-D9F3-47A4-AA7D-7FD2E8499670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu26:*:*:*:*:*:*:*",
              "matchCriteriaId": "388DDA89-BA36-45FE-864F-5810C3DF4093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D17E8C3-56FE-4719-B214-BA369D5EB6D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE45751-8E63-428B-A04B-1E842FB5BEEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9381CFDA-0772-43D7-8F14-A6E0577F49EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFB83E8-166C-4960-8AF1-DE210F4DE6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95414EB-487D-4E80-AE6C-CDBF0153807E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE24C441-2D44-41C0-8D12-93CAE1D69684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4B7D71B-5267-4479-B271-71363998E998",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4194EAB4-673C-4E8A-ADFC-6D87F50C61CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3251DCF-6CE1-4149-A328-0F9708595E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "73483788-45E5-4E6E-ADF5-4AD0CDF03DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA91A8F7-DEE3-4A99-819D-4E188A7544E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF8610CF-E8B1-4172-BBCB-7A8713A2239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CF6BB38-C3A9-486B-97E1-263EDE2ECE70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE70759B-770A-44D9-9482-D6E53BA0037F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2398113-673A-4CF3-B0DE-46061E11EB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F7D759-5226-4882-ACF0-B1EAB79665B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "066128DE-149A-4753-ABBC-22D6278D5043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E442013-EBF8-44F2-AAAA-B23816F3230E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu28:*:*:*:*:*:*:*",
              "matchCriteriaId": "136B28C2-ACB8-4399-B3B1-FFD0904FCD44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu29:*:*:*:*:*:*:*",
              "matchCriteriaId": "10B1E587-D25A-4763-B4DC-3D69C118A2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu30:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CFD1CBD-77A9-45AF-A516-FF77191311E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu31:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4ADA30-8C36-4D54-ACDA-5AADAC73D19A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu32:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EC93EA4-CEDD-4632-ABCD-532EE5886C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu33:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D638E0-E2EF-4E4F-8864-5E74904B4566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu34:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B127BDF-5F67-40AA-A9E3-B9C7CAC2A49E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu35:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9B0DC30-62E9-4EC1-87D6-9386EC313E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu36:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E44CEC7-B7E1-46D5-A731-435650CC6CAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu37:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF475DE-6D99-4116-8BB6-9925F7AD9FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DEF396-1C23-4C40-B7BD-9E114238C9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu39:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3FEDE01-F111-41F8-8541-45395A59584E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu40:*:*:*:*:*:*:*",
              "matchCriteriaId": "82DCED7B-C959-4437-85AF-4F871BEB8FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu41:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8A1AEB-B478-4BA7-B27C-231C78F5D8BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu42:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE199F4D-531E-4B80-A51C-EAA98A200896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu43:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E737E4-19CE-47C9-A195-216671272B4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu44:*:*:*:*:*:*:*",
              "matchCriteriaId": "1030F055-1C07-45BC-B738-FC198AB5B38D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu45:*:*:*:*:*:*:*",
              "matchCriteriaId": "28AFB7C2-7231-442E-9AC3-148940E025C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu46:*:*:*:*:*:*:*",
              "matchCriteriaId": "978D1EB2-36A9-4FD6-8B7A-9CFD7DCBD86C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu47:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55E59A6-64FD-43B5-A36D-B0734D749282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu48:*:*:*:*:*:*:*",
              "matchCriteriaId": "51558079-C5CF-4435-90A2-F6E1A4942E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu49:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B390C78-605A-409B-9F69-07BE6ED78765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50:*:*:*:*:*:*:*",
              "matchCriteriaId": "0772DB94-C282-4670-821D-09178139F211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20A37F7A-147C-48B6-A015-C7AD45F53A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86CEEACF-FDD5-46F0-A317-5B1F024D5B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F2AD780-F6A7-46F7-8CB5-63F305ED4849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBB82C8F-C2D9-48E2-86A6-772A638C295C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F6BB3C-38DA-49A1-AB29-4DF42F5ADC71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8966949D-AB76-4235-893E-6A2971DAB751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu52:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C232C67-0817-4B2D-BE8D-7CEBEC07C54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu53:*:*:*:*:*:*:*",
              "matchCriteriaId": "03711A42-F636-44D0-82D9-BC6EEE4DEE36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu54:*:*:*:*:*:*:*",
              "matchCriteriaId": "256A6531-0D49-404D-9232-ECA08A4B191E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu55:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF681786-95BB-40CF-ADCF-DEA69A19DD2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu56:*:*:*:*:*:*:*",
              "matchCriteriaId": "4137BE33-F73C-43FD-8487-81B8581963E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu57:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C060ED-BDD7-49BE-975B-08AFF93C8B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu58:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56E2A38-2ACA-4686-8E85-DB5B91FAE7FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu59:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD03D1E1-017F-44BF-90F4-1810AB58019D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu60:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7170954-E621-4F48-A52C-EF88B392C8A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu61:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DFF27C-F5DF-48FF-A04B-EAEDD598CEA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu62:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B7E19A1-FCC0-418B-AE7D-43453BFD89E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu63:*:*:*:*:*:*:*",
              "matchCriteriaId": "947615BA-B4DC-44AC-AACF-4FE576AF1248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu64:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A88540-2266-4FB8-9862-252BE378E417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu65:*:*:*:*:*:*:*",
              "matchCriteriaId": "28614BE6-A80F-4A3F-809B-51C2CAB9287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu65.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "617048A9-50DE-408B-9654-677D6BFB66F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EF1C1CC-3FAE-4DE3-BC41-E5B14D5721F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
    },
    {
      "lang": "es",
      "value": "Se ha detectado una divulgaci\u00f3n de informaci\u00f3n por medio de un salto de ruta en la funci\u00f3n read_file() del archivo apport/hookutils.py. Este problema afecta a: las versiones de apport 2.14.1 anteriores a 2.14.1-0ubuntu3.29+esm8; versiones 2.20.1 anteriores a 2.20.1-0ubuntu2.30+esm2; versiones 2.20.9 anteriores a 2.20.9-0ubuntu7.26; versiones 2.20.11 anteriores a 2.20.11-0ubuntu27.20; versiones 2.20.11 anteriores a 2.20.11-0ubuntu65.3"
    }
  ],
  "id": "CVE-2021-3710",
  "lastModified": "2024-11-21T06:22:12.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.7,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-01T03:15:07.043",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-5077-1"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-5077-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-5077-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-5077-2"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-24"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-04-22 16:29
Modified
2024-11-21 02:25
Severity ?
7.4 (High) - CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
References
security@ubuntu.comhttps://launchpad.net/apport/trunk/2.19.2Third Party Advisory
security@ubuntu.comhttps://usn.ubuntu.com/2782-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/apport/trunk/2.19.2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/2782-1/Third Party Advisory
Impacted products
Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.04
canonical ubuntu_linux 15.10
canonical apport *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14580BCE-B0E5-4A13-BD84-06F7CE71103F",
              "versionEndExcluding": "2.19.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path."
    },
    {
      "lang": "es",
      "value": "Cualquier m\u00f3dulo Python en sys.path puede ser importado si la l\u00ednea de comando de proceso que activa el volcado de memoria es Python y el primer argumento es -m en Apport anterior a la versi\u00f3n 2.19.2 la funci\u00f3n _python_module_path."
    }
  ],
  "id": "CVE-2015-1341",
  "lastModified": "2024-11-21T02:25:12.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 6.0,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-22T16:29:00.960",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://launchpad.net/apport/trunk/2.19.2"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/2782-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://launchpad.net/apport/trunk/2.19.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/2782-1/"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-06-11 03:15
Modified
2024-11-21 05:55
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
References
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326Exploit, Third Party Advisory
Impacted products
Vendor Product Version
canonical apport *
canonical apport *
canonical apport *
canonical apport *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDEF7B7-318E-4C9B-AA8B-79157E87B4EF",
              "versionEndExcluding": "2.20.1-0ubuntu2.30",
              "versionStartIncluding": "2.20.1-0ubuntu1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC812359-24A5-4F7D-ABC6-15DB3062967A",
              "versionEndExcluding": "2.20.9-0ubuntu7.23",
              "versionStartIncluding": "2.20.9-0ubuntu1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "194F4E58-D4CB-4B34-8166-858CC0AF7B59",
              "versionEndExcluding": "2.20.11-0ubuntu27.16",
              "versionStartIncluding": "2.20.11-0ubuntu27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5778434C-41A2-4B08-BC76-9203B7FAB094",
              "versionEndExcluding": "2.20.11-0ubuntu50.5",
              "versionStartIncluding": "2.20.11-0ubuntu50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 que la funci\u00f3n get_starttime() en data/apport no analizaba correctamente el archivo /proc/pid/stat del kernel"
    }
  ],
  "id": "CVE-2021-25683",
  "lastModified": "2024-11-21T05:55:17.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-11T03:15:06.910",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-06-12 04:15
Modified
2024-11-21 06:07
Severity ?
3.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
References
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904Vendor Advisory
Impacted products
Vendor Product Version
canonical apport *
canonical apport *
canonical apport *
canonical apport *
canonical apport *
canonical apport *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15384D7F-D81C-46B4-8F98-70FD9F1201E0",
              "versionEndExcluding": "2.14.1-0ubuntu3.29\\+esm7",
              "versionStartIncluding": "2.14.1-0ubuntu3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64C72114-B15D-441E-A742-19A7D7A341CA",
              "versionEndExcluding": "2.20.1-0ubuntu2.30\\+esm1",
              "versionStartIncluding": "2.20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CEE83-29FB-4B02-A31D-E23079AFC2A6",
              "versionEndExcluding": "2.20.9-0ubuntu7.24",
              "versionStartIncluding": "2.20.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD90405-8C94-43F2-BBF8-FFB695B9181C",
              "versionEndExcluding": "2.20.11-0ubuntu27.18",
              "versionStartIncluding": "2.20.11-0ubuntu27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB003A8B-8290-4BBA-8C0D-64E208ABBEFE",
              "versionEndExcluding": "2.20.11-0ubuntu50.7",
              "versionStartIncluding": "2.20.11-0ubuntu50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F0F988-E8C8-451B-9710-1B8932C12996",
              "versionEndExcluding": "2.20.11-0ubuntu65.1",
              "versionStartIncluding": "2.20.11-0ubuntu65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que la funci\u00f3n get_modified_conffiles() en el archivo backends/packaging-apt-dpkg.py permit\u00eda inyectar nombres de paquetes modificados de forma que se confund\u00eda la llamada a dpkg(1)"
    }
  ],
  "id": "CVE-2021-32556",
  "lastModified": "2024-11-21T06:07:15.803",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 1.4,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-12T04:15:12.390",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-08-06 23:15
Modified
2024-11-21 05:06
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
References
security@ubuntu.comhttps://usn.ubuntu.com/4449-1Vendor Advisory
security@ubuntu.comhttps://usn.ubuntu.com/4449-1/Vendor Advisory
security@ubuntu.comhttps://usn.ubuntu.com/4449-2/Vendor Advisory
security@ubuntu.comhttps://www.zerodayinitiative.com/advisories/ZDI-20-979/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4449-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4449-1/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4449-2/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-20-979/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
canonical apport 2.20.11-0ubuntu8
canonical apport 2.20.11-0ubuntu9
canonical apport 2.20.11-0ubuntu10
canonical apport 2.20.11-0ubuntu11
canonical apport 2.20.11-0ubuntu12
canonical apport 2.20.11-0ubuntu13
canonical apport 2.20.11-0ubuntu14
canonical apport 2.20.11-0ubuntu15
canonical apport 2.20.11-0ubuntu16
canonical apport 2.20.11-0ubuntu17
canonical apport 2.20.11-0ubuntu18
canonical apport 2.20.11-0ubuntu19
canonical apport 2.20.11-0ubuntu20
canonical apport 2.20.11-0ubuntu21
canonical apport 2.20.11-0ubuntu22
canonical apport 2.20.11-0ubuntu23
canonical apport 2.20.11-0ubuntu24
canonical apport 2.20.11-0ubuntu25
canonical apport 2.20.11-0ubuntu26
canonical apport 2.20.11-0ubuntu27
canonical apport 2.20.11-0ubuntu27.2
canonical apport 2.20.11-0ubuntu27.3
canonical apport 2.20.11-0ubuntu27.4
canonical apport 2.20.11-0ubuntu27.5
canonical ubuntu_linux 20.04
canonical apport 2.20.7-0ubuntu3
canonical apport 2.20.7-0ubuntu3.1
canonical apport 2.20.7-0ubuntu4
canonical apport 2.20.8-0ubuntu1
canonical apport 2.20.8-0ubuntu2
canonical apport 2.20.8-0ubuntu3
canonical apport 2.20.8-0ubuntu4
canonical apport 2.20.8-0ubuntu5
canonical apport 2.20.8-0ubuntu6
canonical apport 2.20.8-0ubuntu7
canonical apport 2.20.8-0ubuntu8
canonical apport 2.20.8-0ubuntu9
canonical apport 2.20.8-0ubuntu10
canonical apport 2.20.9-0ubuntu1
canonical apport 2.20.9-0ubuntu2
canonical apport 2.20.9-0ubuntu3
canonical apport 2.20.9-0ubuntu4
canonical apport 2.20.9-0ubuntu5
canonical apport 2.20.9-0ubuntu6
canonical apport 2.20.9-0ubuntu7
canonical apport 2.20.9-0ubuntu7.1
canonical apport 2.20.9-0ubuntu7.2
canonical apport 2.20.9-0ubuntu7.3
canonical apport 2.20.9-0ubuntu7.4
canonical apport 2.20.9-0ubuntu7.5
canonical apport 2.20.9-0ubuntu7.6
canonical apport 2.20.9-0ubuntu7.7
canonical apport 2.20.9-0ubuntu7.8
canonical apport 2.20.9-0ubuntu7.9
canonical apport 2.20.9-0ubuntu7.10
canonical apport 2.20.9-0ubuntu7.11
canonical apport 2.20.9-0ubuntu7.12
canonical apport 2.20.9-0ubuntu7.13
canonical apport 2.20.9-0ubuntu7.14
canonical apport 2.20.9-0ubuntu7.15
canonical ubuntu_linux 18.04
canonical apport 2.19.1-0ubuntu3
canonical apport 2.19.2-0ubuntu1
canonical apport 2.19.2-0ubuntu2
canonical apport 2.19.2-0ubuntu3
canonical apport 2.19.2-0ubuntu4
canonical apport 2.19.2-0ubuntu5
canonical apport 2.19.2-0ubuntu6
canonical apport 2.19.2-0ubuntu7
canonical apport 2.19.2-0ubuntu8
canonical apport 2.19.2-0ubuntu9
canonical apport 2.19.3-0ubuntu1
canonical apport 2.19.3-0ubuntu2
canonical apport 2.19.3-0ubuntu3
canonical apport 2.19.4-0ubuntu1
canonical apport 2.19.4-0ubuntu2
canonical apport 2.20-0ubuntu1
canonical apport 2.20-0ubuntu2
canonical apport 2.20-0ubuntu3
canonical apport 2.20.1-0ubuntu1
canonical apport 2.20.1-0ubuntu2
canonical apport 2.20.1-0ubuntu2.1
canonical apport 2.20.1-0ubuntu2.2
canonical apport 2.20.1-0ubuntu2.4
canonical apport 2.20.1-0ubuntu2.5
canonical apport 2.20.1-0ubuntu2.6
canonical apport 2.20.1-0ubuntu2.7
canonical apport 2.20.1-0ubuntu2.8
canonical apport 2.20.1-0ubuntu2.9
canonical apport 2.20.1-0ubuntu2.10
canonical apport 2.20.1-0ubuntu2.12
canonical apport 2.20.1-0ubuntu2.13
canonical apport 2.20.1-0ubuntu2.14
canonical apport 2.20.1-0ubuntu2.15
canonical apport 2.20.1-0ubuntu2.16
canonical apport 2.20.1-0ubuntu2.17
canonical apport 2.20.1-0ubuntu2.18
canonical apport 2.20.1-0ubuntu2.19
canonical apport 2.20.1-0ubuntu2.20
canonical apport 2.20.1-0ubuntu2.21
canonical apport 2.20.1-0ubuntu2.22
canonical apport 2.20.1-0ubuntu2.23
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0580D85-61E7-446D-BB01-EFFD20A53FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DEF97E-C23C-431E-A017-29895305E666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF1FFD4-8088-4073-AF78-C2A177C0DFAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC58CA6-54E2-4874-B327-838B19667FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu12:*:*:*:*:*:*:*",
              "matchCriteriaId": "00060D2D-78C2-46CD-903D-48337C4A1173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu13:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DD7604E-CEAC-4B54-A708-F98738381288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD91FE7-01B8-479F-8180-6E152F2996C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DCF9BD3-B46E-4D58-B53F-3DE081164FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F973F96-7AAD-44AB-90F0-D9F5DD7AFEE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E1A19B1-592C-48CF-B709-7CA573F40AF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu18:*:*:*:*:*:*:*",
              "matchCriteriaId": "287EA905-4DF5-4AF7-9C70-3A9CECA714C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu19:*:*:*:*:*:*:*",
              "matchCriteriaId": "479CEDFA-177B-413D-A9C1-2A16A9F9FB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu20:*:*:*:*:*:*:*",
              "matchCriteriaId": "7713D34D-046F-4627-80CA-B5CD63D41F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu21:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65605CF-2659-436E-9C96-E782F06992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu22:*:*:*:*:*:*:*",
              "matchCriteriaId": "F27734BE-C46A-4815-A801-1FF5493B324B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu23:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EEAE19B-2138-4AA5-BB3B-3150DF0818DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu24:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4BE412-F045-4754-9EF8-2F00E68542A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu25:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB26172A-D9F3-47A4-AA7D-7FD2E8499670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu26:*:*:*:*:*:*:*",
              "matchCriteriaId": "388DDA89-BA36-45FE-864F-5810C3DF4093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D17E8C3-56FE-4719-B214-BA369D5EB6D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE45751-8E63-428B-A04B-1E842FB5BEEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9381CFDA-0772-43D7-8F14-A6E0577F49EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFB83E8-166C-4960-8AF1-DE210F4DE6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95414EB-487D-4E80-AE6C-CDBF0153807E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.7-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE3B37D5-6479-48A8-8E04-789778896053",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.7-0ubuntu3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4235DE-1EF0-490E-955E-BC61F0CB82EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.7-0ubuntu4:*:*:*:*:*:*:*",
              "matchCriteriaId": "34638795-2AE2-48BA-9800-2407E2617B43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88552AC8-4BD5-4652-BB36-BEF96EDE514F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F00DEC01-B39C-42DA-AC36-39A0A153CF44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "82D8C1AF-6C55-4FA5-8937-6797E7E441C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E147A0DA-3A64-4DC0-BB7A-83432FDA5F1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD68C5DD-AF3B-42BC-AB18-E03E43A27076",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu6:*:*:*:*:*:*:*",
              "matchCriteriaId": "29EE4CB4-9CFE-4672-93F3-D135F98ADD56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu7:*:*:*:*:*:*:*",
              "matchCriteriaId": "812471E0-35B8-454B-B9FB-539302606C80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF92AC2E-8043-4126-9CC9-1EC1EE77C68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07FD0B9-AFF4-47BB-B2C9-B819D8526D12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.8-0ubuntu10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A4392D-D859-4906-AFE2-EC56DCE8B85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6890AEDE-8628-4467-BD78-9E28BD00CFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E475D2-7643-4F90-9A39-3C4C9C5882A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C813DA-01A9-4963-992C-77F21B045C61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9432E171-BD9D-41E1-AAB3-2CA29FE2B07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu5:*:*:*:*:*:*:*",
              "matchCriteriaId": "234375CE-6C99-4973-BAC5-950016C789A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1658CA25-4EB5-40D9-A1F3-78640EE58D07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF9A6112-6920-4006-A353-30D942301D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F07BD0-2C19-4895-8B3C-F956ED7568BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59420BB6-11ED-43BA-95FA-E843B9F0BFD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C7998E-269B-40B1-9B73-99F22CB76A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "86CB2D37-78BD-486D-B27B-6E588563000D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B452791-E4F4-4165-B15B-205743EDE142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "29CA8420-057C-4BF1-A5A5-E65C979F80D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FF71FAA-2457-4B6D-8265-5E9E40FB5B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A901840D-D35C-4DBB-B736-16066BA61016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC8A84E-204D-46FE-9455-E6EE28CBA02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B170FF62-8FE1-4E32-9CAB-6C2791842D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3112FA6-E483-4A15-83A7-0DC086680D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7B0688-10F5-4FCC-B4C3-804BFC9F4572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9709BC6B-6432-47D3-AF3D-7D61230528E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFA65E9-C2C5-4068-8B19-2087F54C75E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D8AD82-1A8F-450D-B3F5-05D86245A20F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.1-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDAC7C9-022F-4900-BA2B-E226118390B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7AD2FFF-C115-4B55-8FBE-7C53CE7F3E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E439577C-3E3C-4233-9276-B26C242F2ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "18D07534-D124-4A3F-BFC2-347E7D25B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4419CE5F-6093-49F1-B400-3CADB1EA8017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4EFA888-6A84-48A7-A1F5-6EA1A602940E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B7DA437-17C5-4169-B296-CA924663B37F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu7:*:*:*:*:*:*:*",
              "matchCriteriaId": "39555DE8-5AE0-46DC-9DB5-56808D2D54A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5666D2A8-C212-4616-A62B-60C6FABB6679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.2-0ubuntu9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB25DCC8-6FC7-4138-90AC-FAFF65E6DA10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.3-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE54A967-E6CB-4975-93E2-B74D0F34816C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.3-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6381C1D-994D-49E9-886F-9AAAEC01F72C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.3-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7083F188-39C9-4A0F-B379-DBAA7C1F3E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.4-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55710F53-487F-40CD-941C-BC2BA837C2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.19.4-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "754BC407-2C75-443F-A0A5-2081EED7628A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7E607C3-7E63-42A4-BE0E-3DFE3B9DD700",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC25ED5C-B1A4-4104-A0C9-633FB58F6596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04C71AA4-574A-4C32-97C3-D7291EF18B2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F1A838-4379-4CC4-BEAD-EC9C793B4E56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA3903E-EA8B-4B78-B5CF-42C4AA6626C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFCDD843-C743-41E4-8743-62C6149B7BBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FA4F13-3CF6-412B-846F-AE7D57B5FAEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF1FE3C-DCF6-475F-BFFB-D445B960CA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2AEEADF-89B1-465A-ACCE-61B8F64BD8A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBB7136-7802-4DB5-84AF-C75CBFFA5A3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "404DDAC7-952E-43FF-8EEB-FA1FC1A503A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "63388BC6-4EE0-41E3-BC4F-A43B0C56494E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D54FC7A-CD2A-4904-A059-48A8E94954A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F73732-BEA3-45D3-ABEE-51B45C1511E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B53A64B3-7522-4B05-BA0C-BD0F429362B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5AF908-B66A-48AD-912D-CBD02A1878A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1672BA-3685-4B75-BB46-9BB181EC4959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BB5513-D96B-4AE1-911F-40E561341859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "542F64D1-EB92-41B3-A1E3-98061D1966B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EF284A8-86B0-47AB-B404-D4714D4E769A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "43355789-13F9-4D12-81DB-EFCEA9183F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC67992A-E0CB-43A8-A749-D91BB460D279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BB46F2-6B36-44A2-AE15-CDBC4AEBCD95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD912C7-D5B2-4AB5-9C27-979E8DE805CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE7A141A-8588-4743-AB78-502A9724C474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A282E85-A145-496B-A600-77012F24F82F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234."
    },
    {
      "lang": "es",
      "value": "La vulnerabilidad de Condici\u00f3n de Carrera TOCTOU en apport permite a un atacante local escalar privilegios y ejecutar c\u00f3digo arbitrario. Un atacante puede salir del proceso bloqueado y explotar el reciclaje PID para generar un proceso root con el mismo PID que el proceso bloqueado, que luego puede ser usado para escalar privilegios. Corregido en versi\u00f3n 2.20.1-0ubuntu2.24, versiones 2.20.9 anteriores a 2.20.9-0ubuntu7.16 y versiones 2.20.11 anteriores a 2.20.11-0ubuntu27.6. Fue ZDI-CAN-11234"
    }
  ],
  "id": "CVE-2020-15702",
  "lastModified": "2024-11-21T05:06:03.110",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-06T23:15:11.750",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-1"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-1/"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-2/"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4449-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-979/"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-06-12 04:15
Modified
2024-11-21 06:07
Severity ?
5.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
References
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904Exploit, Vendor Advisory
Impacted products
Vendor Product Version
canonical apport *
canonical apport *
canonical apport *
canonical apport *
canonical apport *
canonical apport *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15384D7F-D81C-46B4-8F98-70FD9F1201E0",
              "versionEndExcluding": "2.14.1-0ubuntu3.29\\+esm7",
              "versionStartIncluding": "2.14.1-0ubuntu3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64C72114-B15D-441E-A742-19A7D7A341CA",
              "versionEndExcluding": "2.20.1-0ubuntu2.30\\+esm1",
              "versionStartIncluding": "2.20.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6CEE83-29FB-4B02-A31D-E23079AFC2A6",
              "versionEndExcluding": "2.20.9-0ubuntu7.24",
              "versionStartIncluding": "2.20.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD90405-8C94-43F2-BBF8-FFB695B9181C",
              "versionEndExcluding": "2.20.11-0ubuntu27.18",
              "versionStartIncluding": "2.20.11-0ubuntu27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB003A8B-8290-4BBA-8C0D-64E208ABBEFE",
              "versionEndExcluding": "2.20.11-0ubuntu50.7",
              "versionStartIncluding": "2.20.11-0ubuntu50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F0F988-E8C8-451B-9710-1B8932C12996",
              "versionEndExcluding": "2.20.11-0ubuntu65.1",
              "versionStartIncluding": "2.20.11-0ubuntu65",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que la funci\u00f3n process_report() en la ruta data/whoopsie-upload-all permit\u00eda la escritura arbitraria de archivos por medio de enlaces simb\u00f3licos"
    }
  ],
  "id": "CVE-2021-32557",
  "lastModified": "2024-11-21T06:07:15.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 2.7,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-12T04:15:12.523",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        },
        {
          "lang": "en",
          "value": "CWE-61"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-01 03:15
Modified
2024-11-21 06:22
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;
References
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308Exploit, Vendor Advisory
security@ubuntu.comhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709Third Party Advisory
security@ubuntu.comhttps://ubuntu.com/security/notices/USN-5077-1Vendor Advisory
security@ubuntu.comhttps://ubuntu.com/security/notices/USN-5077-2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://ubuntu.com/security/notices/USN-5077-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://ubuntu.com/security/notices/USN-5077-2Vendor Advisory
Impacted products
Vendor Product Version
canonical apport 2.14.1-0ubuntu1
canonical apport 2.14.1-0ubuntu2
canonical apport 2.14.1-0ubuntu3
canonical apport 2.14.1-0ubuntu3.1
canonical apport 2.14.1-0ubuntu3.2
canonical apport 2.14.1-0ubuntu3.3
canonical apport 2.14.1-0ubuntu3.4
canonical apport 2.14.1-0ubuntu3.5
canonical apport 2.14.1-0ubuntu3.6
canonical apport 2.14.1-0ubuntu3.7
canonical apport 2.14.1-0ubuntu3.8
canonical apport 2.14.1-0ubuntu3.9
canonical apport 2.14.1-0ubuntu3.10
canonical apport 2.14.1-0ubuntu3.11
canonical apport 2.14.1-0ubuntu3.12
canonical apport 2.14.1-0ubuntu3.13
canonical apport 2.14.1-0ubuntu3.14
canonical apport 2.14.1-0ubuntu3.15
canonical apport 2.14.1-0ubuntu3.16
canonical apport 2.14.1-0ubuntu3.17
canonical apport 2.14.1-0ubuntu3.18
canonical apport 2.14.1-0ubuntu3.19
canonical apport 2.14.1-0ubuntu3.20
canonical apport 2.14.1-0ubuntu3.21
canonical apport 2.14.1-0ubuntu3.23
canonical apport 2.14.1-0ubuntu3.24
canonical apport 2.14.1-0ubuntu3.25
canonical apport 2.14.1-0ubuntu3.27
canonical apport 2.14.1-0ubuntu3.28
canonical apport 2.14.1-0ubuntu3.29
canonical apport 2.14.1-0ubuntu3.29\+esm7
canonical ubuntu_linux 14.04
canonical apport 2.20.1-0ubuntu1
canonical apport 2.20.1-0ubuntu2
canonical apport 2.20.1-0ubuntu2.1
canonical apport 2.20.1-0ubuntu2.2
canonical apport 2.20.1-0ubuntu2.4
canonical apport 2.20.1-0ubuntu2.5
canonical apport 2.20.1-0ubuntu2.6
canonical apport 2.20.1-0ubuntu2.7
canonical apport 2.20.1-0ubuntu2.8
canonical apport 2.20.1-0ubuntu2.9
canonical apport 2.20.1-0ubuntu2.10
canonical apport 2.20.1-0ubuntu2.12
canonical apport 2.20.1-0ubuntu2.13
canonical apport 2.20.1-0ubuntu2.14
canonical apport 2.20.1-0ubuntu2.15
canonical apport 2.20.1-0ubuntu2.16
canonical apport 2.20.1-0ubuntu2.17
canonical apport 2.20.1-0ubuntu2.18
canonical apport 2.20.1-0ubuntu2.19
canonical apport 2.20.1-0ubuntu2.20
canonical apport 2.20.1-0ubuntu2.21
canonical apport 2.20.1-0ubuntu2.22
canonical apport 2.20.1-0ubuntu2.23
canonical apport 2.20.1-0ubuntu2.25
canonical apport 2.20.1-0ubuntu2.26
canonical apport 2.20.1-0ubuntu2.27
canonical apport 2.20.1-0ubuntu2.28
canonical apport 2.20.1-0ubuntu2.30
canonical apport 2.20.1-0ubuntu2.30\+esm1
canonical ubuntu_linux 16.04
canonical apport 2.20.9-0ubuntu1
canonical apport 2.20.9-0ubuntu2
canonical apport 2.20.9-0ubuntu3
canonical apport 2.20.9-0ubuntu4
canonical apport 2.20.9-0ubuntu5
canonical apport 2.20.9-0ubuntu6
canonical apport 2.20.9-0ubuntu7
canonical apport 2.20.9-0ubuntu7.1
canonical apport 2.20.9-0ubuntu7.2
canonical apport 2.20.9-0ubuntu7.3
canonical apport 2.20.9-0ubuntu7.4
canonical apport 2.20.9-0ubuntu7.5
canonical apport 2.20.9-0ubuntu7.6
canonical apport 2.20.9-0ubuntu7.7
canonical apport 2.20.9-0ubuntu7.8
canonical apport 2.20.9-0ubuntu7.9
canonical apport 2.20.9-0ubuntu7.10
canonical apport 2.20.9-0ubuntu7.11
canonical apport 2.20.9-0ubuntu7.12
canonical apport 2.20.9-0ubuntu7.13
canonical apport 2.20.9-0ubuntu7.14
canonical apport 2.20.9-0ubuntu7.15
canonical apport 2.20.9-0ubuntu7.16
canonical apport 2.20.9-0ubuntu7.17
canonical apport 2.20.9-0ubuntu7.18
canonical apport 2.20.9-0ubuntu7.19
canonical apport 2.20.9-0ubuntu7.20
canonical apport 2.20.9-0ubuntu7.21
canonical apport 2.20.9-0ubuntu7.23
canonical apport 2.20.9-0ubuntu7.24
canonical ubuntu_linux 18.04
canonical apport 2.20.11-0ubuntu8
canonical apport 2.20.11-0ubuntu9
canonical apport 2.20.11-0ubuntu10
canonical apport 2.20.11-0ubuntu11
canonical apport 2.20.11-0ubuntu12
canonical apport 2.20.11-0ubuntu13
canonical apport 2.20.11-0ubuntu14
canonical apport 2.20.11-0ubuntu15
canonical apport 2.20.11-0ubuntu16
canonical apport 2.20.11-0ubuntu17
canonical apport 2.20.11-0ubuntu18
canonical apport 2.20.11-0ubuntu19
canonical apport 2.20.11-0ubuntu20
canonical apport 2.20.11-0ubuntu21
canonical apport 2.20.11-0ubuntu22
canonical apport 2.20.11-0ubuntu23
canonical apport 2.20.11-0ubuntu24
canonical apport 2.20.11-0ubuntu25
canonical apport 2.20.11-0ubuntu26
canonical apport 2.20.11-0ubuntu27
canonical apport 2.20.11-0ubuntu27.2
canonical apport 2.20.11-0ubuntu27.3
canonical apport 2.20.11-0ubuntu27.4
canonical apport 2.20.11-0ubuntu27.5
canonical apport 2.20.11-0ubuntu27.6
canonical apport 2.20.11-0ubuntu27.7
canonical apport 2.20.11-0ubuntu27.8
canonical apport 2.20.11-0ubuntu27.9
canonical apport 2.20.11-0ubuntu27.10
canonical apport 2.20.11-0ubuntu27.11
canonical apport 2.20.11-0ubuntu27.12
canonical apport 2.20.11-0ubuntu27.13
canonical apport 2.20.11-0ubuntu27.14
canonical apport 2.20.11-0ubuntu27.16
canonical apport 2.20.11-0ubuntu27.17
canonical apport 2.20.11-0ubuntu27.18
canonical ubuntu_linux 20.04
canonical apport 2.20.11-0ubuntu28
canonical apport 2.20.11-0ubuntu29
canonical apport 2.20.11-0ubuntu30
canonical apport 2.20.11-0ubuntu31
canonical apport 2.20.11-0ubuntu32
canonical apport 2.20.11-0ubuntu33
canonical apport 2.20.11-0ubuntu34
canonical apport 2.20.11-0ubuntu35
canonical apport 2.20.11-0ubuntu36
canonical apport 2.20.11-0ubuntu37
canonical apport 2.20.11-0ubuntu38
canonical apport 2.20.11-0ubuntu39
canonical apport 2.20.11-0ubuntu40
canonical apport 2.20.11-0ubuntu41
canonical apport 2.20.11-0ubuntu42
canonical apport 2.20.11-0ubuntu43
canonical apport 2.20.11-0ubuntu44
canonical apport 2.20.11-0ubuntu45
canonical apport 2.20.11-0ubuntu46
canonical apport 2.20.11-0ubuntu47
canonical apport 2.20.11-0ubuntu48
canonical apport 2.20.11-0ubuntu49
canonical apport 2.20.11-0ubuntu50
canonical apport 2.20.11-0ubuntu50.1
canonical apport 2.20.11-0ubuntu50.2
canonical apport 2.20.11-0ubuntu50.3
canonical apport 2.20.11-0ubuntu50.5
canonical apport 2.20.11-0ubuntu50.7
canonical apport 2.20.11-0ubuntu51
canonical apport 2.20.11-0ubuntu52
canonical apport 2.20.11-0ubuntu53
canonical apport 2.20.11-0ubuntu54
canonical apport 2.20.11-0ubuntu55
canonical apport 2.20.11-0ubuntu56
canonical apport 2.20.11-0ubuntu57
canonical apport 2.20.11-0ubuntu58
canonical apport 2.20.11-0ubuntu59
canonical apport 2.20.11-0ubuntu60
canonical apport 2.20.11-0ubuntu61
canonical apport 2.20.11-0ubuntu62
canonical apport 2.20.11-0ubuntu63
canonical apport 2.20.11-0ubuntu64
canonical apport 2.20.11-0ubuntu65
canonical apport 2.20.11-0ubuntu65.1
canonical ubuntu_linux 21.04


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03FD56BA-11DC-4F20-A3F8-9BA77B11B591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C72FD00-1D85-4EEF-96FD-1744012AD89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "877A71D3-6248-474E-B1F4-1AADAF90915D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C1C87C8-3B1F-43C6-AF2D-5920A61459F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2706852-F7FE-4F71-A385-7EDD7D0643B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E85B5415-12D7-4F9B-92E9-DDBB640F5BFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "51A59FF0-40D8-4FC6-9C47-2A98489BB924",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "33199657-68E0-40F5-8C0A-CD17556E0435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "92D20F9E-D5F1-41C2-A1BB-879A9147D34F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF6AAD8-3C58-4638-BE7B-49185BD135D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EFF963-8C67-4748-9123-B90FEC1803C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B0A70E3-DD03-4F5B-B5F0-C3193FA117C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8567AB89-0370-47E9-8166-4DA88D9FFD21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E252EF-02D8-4DEB-8744-8056205DF14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB28F87-3A56-4084-8C83-01B2B98C3877",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B1E867-515A-429D-ACBB-2418A8AE246E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A83F62AD-A3A6-4094-B430-719826E94F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FCDF4B3-5ED8-4DC6-B027-0491189A0DAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF47BAE4-B1F2-4275-AEA1-33730155210B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE06C77-B53E-4B3C-848C-052565913FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "66111D47-4A27-4FCA-904D-2F707C36DE80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F076238-A621-49B7-AF91-A433B5774827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF9E25CE-262C-4EC7-ABB1-EF013783F946",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB17E39-A58D-4606-A355-E2BF31BD0989",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12D3906-E0D5-4946-8129-A4E323BC4248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "7691E044-C5AE-49D4-9FF4-0C3E8B014A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "24E0C82A-0473-4D5F-9308-1E0B058520B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FD816BA-67DC-4719-9D04-E7DE215BF028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67978C9-D2A7-48F8-BED4-ECF5D1D10702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F010F8F-A66D-4C84-A7E9-24066CBB3840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.14.1-0ubuntu3.29\\+esm7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FC85B02-281C-4DD8-9A2B-381C62677735",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F1A838-4379-4CC4-BEAD-EC9C793B4E56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CA3903E-EA8B-4B78-B5CF-42C4AA6626C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFCDD843-C743-41E4-8743-62C6149B7BBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59FA4F13-3CF6-412B-846F-AE7D57B5FAEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF1FE3C-DCF6-475F-BFFB-D445B960CA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2AEEADF-89B1-465A-ACCE-61B8F64BD8A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EBB7136-7802-4DB5-84AF-C75CBFFA5A3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "404DDAC7-952E-43FF-8EEB-FA1FC1A503A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "63388BC6-4EE0-41E3-BC4F-A43B0C56494E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D54FC7A-CD2A-4904-A059-48A8E94954A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "88F73732-BEA3-45D3-ABEE-51B45C1511E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B53A64B3-7522-4B05-BA0C-BD0F429362B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5AF908-B66A-48AD-912D-CBD02A1878A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF1672BA-3685-4B75-BB46-9BB181EC4959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BB5513-D96B-4AE1-911F-40E561341859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "542F64D1-EB92-41B3-A1E3-98061D1966B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EF284A8-86B0-47AB-B404-D4714D4E769A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "43355789-13F9-4D12-81DB-EFCEA9183F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC67992A-E0CB-43A8-A749-D91BB460D279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BB46F2-6B36-44A2-AE15-CDBC4AEBCD95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD912C7-D5B2-4AB5-9C27-979E8DE805CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE7A141A-8588-4743-AB78-502A9724C474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A282E85-A145-496B-A600-77012F24F82F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "87254C87-93AD-4A04-A788-4E97BC44D31E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3DEA776-C58E-48C6-99BD-78FFFD78B505",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E947E03-9B13-4C1D-8425-3E62698BD79C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A5F263-6F35-4312-A206-68338FE62215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "904FBA57-C14C-4B4E-8846-2CB841DAF6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.1-0ubuntu2.30\\+esm1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F6713C5-09EF-4538-BBD2-3932554A2076",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "712507AC-DAB8-4FFE-9426-08282919411F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6890AEDE-8628-4467-BD78-9E28BD00CFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3E475D2-7643-4F90-9A39-3C4C9C5882A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu3:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C813DA-01A9-4963-992C-77F21B045C61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9432E171-BD9D-41E1-AAB3-2CA29FE2B07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu5:*:*:*:*:*:*:*",
              "matchCriteriaId": "234375CE-6C99-4973-BAC5-950016C789A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1658CA25-4EB5-40D9-A1F3-78640EE58D07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF9A6112-6920-4006-A353-30D942301D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F07BD0-2C19-4895-8B3C-F956ED7568BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59420BB6-11ED-43BA-95FA-E843B9F0BFD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C7998E-269B-40B1-9B73-99F22CB76A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "86CB2D37-78BD-486D-B27B-6E588563000D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B452791-E4F4-4165-B15B-205743EDE142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "29CA8420-057C-4BF1-A5A5-E65C979F80D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FF71FAA-2457-4B6D-8265-5E9E40FB5B46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A901840D-D35C-4DBB-B736-16066BA61016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC8A84E-204D-46FE-9455-E6EE28CBA02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B170FF62-8FE1-4E32-9CAB-6C2791842D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3112FA6-E483-4A15-83A7-0DC086680D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7B0688-10F5-4FCC-B4C3-804BFC9F4572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9709BC6B-6432-47D3-AF3D-7D61230528E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFA65E9-C2C5-4068-8B19-2087F54C75E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D8AD82-1A8F-450D-B3F5-05D86245A20F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3CB25B-8BCC-47CF-8032-47E7CA5199AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAA7D420-6DAF-400A-8F73-C7FB79847DF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A44AB2-57B3-4DE0-8C6E-CD3E3AC4D3D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "B496DE3B-67F6-43AE-BA9C-B0AA77CCE02B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F975FDB-758B-4423-A46B-FE77677FAF05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "11667580-C7B7-4850-A11C-7714ECD8E487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "1697005D-4639-4175-8A2C-0761A86BE609",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.9-0ubuntu7.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5F6AEA8-C7E5-4D30-97EA-96EC6394510F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85E9B9B-ADDB-4D2F-A857-685BD30CE856",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0580D85-61E7-446D-BB01-EFFD20A53FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DEF97E-C23C-431E-A017-29895305E666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CF1FFD4-8088-4073-AF78-C2A177C0DFAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC58CA6-54E2-4874-B327-838B19667FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu12:*:*:*:*:*:*:*",
              "matchCriteriaId": "00060D2D-78C2-46CD-903D-48337C4A1173",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu13:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DD7604E-CEAC-4B54-A708-F98738381288",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BD91FE7-01B8-479F-8180-6E152F2996C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu15:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DCF9BD3-B46E-4D58-B53F-3DE081164FDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F973F96-7AAD-44AB-90F0-D9F5DD7AFEE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E1A19B1-592C-48CF-B709-7CA573F40AF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu18:*:*:*:*:*:*:*",
              "matchCriteriaId": "287EA905-4DF5-4AF7-9C70-3A9CECA714C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu19:*:*:*:*:*:*:*",
              "matchCriteriaId": "479CEDFA-177B-413D-A9C1-2A16A9F9FB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu20:*:*:*:*:*:*:*",
              "matchCriteriaId": "7713D34D-046F-4627-80CA-B5CD63D41F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu21:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65605CF-2659-436E-9C96-E782F06992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu22:*:*:*:*:*:*:*",
              "matchCriteriaId": "F27734BE-C46A-4815-A801-1FF5493B324B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu23:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EEAE19B-2138-4AA5-BB3B-3150DF0818DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu24:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4BE412-F045-4754-9EF8-2F00E68542A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu25:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB26172A-D9F3-47A4-AA7D-7FD2E8499670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu26:*:*:*:*:*:*:*",
              "matchCriteriaId": "388DDA89-BA36-45FE-864F-5810C3DF4093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D17E8C3-56FE-4719-B214-BA369D5EB6D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE45751-8E63-428B-A04B-1E842FB5BEEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9381CFDA-0772-43D7-8F14-A6E0577F49EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEFB83E8-166C-4960-8AF1-DE210F4DE6DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95414EB-487D-4E80-AE6C-CDBF0153807E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE24C441-2D44-41C0-8D12-93CAE1D69684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4B7D71B-5267-4479-B271-71363998E998",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4194EAB4-673C-4E8A-ADFC-6D87F50C61CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3251DCF-6CE1-4149-A328-0F9708595E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "73483788-45E5-4E6E-ADF5-4AD0CDF03DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA91A8F7-DEE3-4A99-819D-4E188A7544E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF8610CF-E8B1-4172-BBCB-7A8713A2239C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CF6BB38-C3A9-486B-97E1-263EDE2ECE70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE70759B-770A-44D9-9482-D6E53BA0037F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2398113-673A-4CF3-B0DE-46061E11EB45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F7D759-5226-4882-ACF0-B1EAB79665B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu27.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "066128DE-149A-4753-ABBC-22D6278D5043",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E442013-EBF8-44F2-AAAA-B23816F3230E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu28:*:*:*:*:*:*:*",
              "matchCriteriaId": "136B28C2-ACB8-4399-B3B1-FFD0904FCD44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu29:*:*:*:*:*:*:*",
              "matchCriteriaId": "10B1E587-D25A-4763-B4DC-3D69C118A2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu30:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CFD1CBD-77A9-45AF-A516-FF77191311E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu31:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4ADA30-8C36-4D54-ACDA-5AADAC73D19A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu32:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EC93EA4-CEDD-4632-ABCD-532EE5886C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu33:*:*:*:*:*:*:*",
              "matchCriteriaId": "69D638E0-E2EF-4E4F-8864-5E74904B4566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu34:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B127BDF-5F67-40AA-A9E3-B9C7CAC2A49E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu35:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9B0DC30-62E9-4EC1-87D6-9386EC313E46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu36:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E44CEC7-B7E1-46D5-A731-435650CC6CAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu37:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF475DE-6D99-4116-8BB6-9925F7AD9FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu38:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DEF396-1C23-4C40-B7BD-9E114238C9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu39:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3FEDE01-F111-41F8-8541-45395A59584E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu40:*:*:*:*:*:*:*",
              "matchCriteriaId": "82DCED7B-C959-4437-85AF-4F871BEB8FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu41:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC8A1AEB-B478-4BA7-B27C-231C78F5D8BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu42:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE199F4D-531E-4B80-A51C-EAA98A200896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu43:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E737E4-19CE-47C9-A195-216671272B4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu44:*:*:*:*:*:*:*",
              "matchCriteriaId": "1030F055-1C07-45BC-B738-FC198AB5B38D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu45:*:*:*:*:*:*:*",
              "matchCriteriaId": "28AFB7C2-7231-442E-9AC3-148940E025C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu46:*:*:*:*:*:*:*",
              "matchCriteriaId": "978D1EB2-36A9-4FD6-8B7A-9CFD7DCBD86C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu47:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55E59A6-64FD-43B5-A36D-B0734D749282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu48:*:*:*:*:*:*:*",
              "matchCriteriaId": "51558079-C5CF-4435-90A2-F6E1A4942E7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu49:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B390C78-605A-409B-9F69-07BE6ED78765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50:*:*:*:*:*:*:*",
              "matchCriteriaId": "0772DB94-C282-4670-821D-09178139F211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20A37F7A-147C-48B6-A015-C7AD45F53A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86CEEACF-FDD5-46F0-A317-5B1F024D5B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F2AD780-F6A7-46F7-8CB5-63F305ED4849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBB82C8F-C2D9-48E2-86A6-772A638C295C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu50.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F6BB3C-38DA-49A1-AB29-4DF42F5ADC71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu51:*:*:*:*:*:*:*",
              "matchCriteriaId": "8966949D-AB76-4235-893E-6A2971DAB751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu52:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C232C67-0817-4B2D-BE8D-7CEBEC07C54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu53:*:*:*:*:*:*:*",
              "matchCriteriaId": "03711A42-F636-44D0-82D9-BC6EEE4DEE36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu54:*:*:*:*:*:*:*",
              "matchCriteriaId": "256A6531-0D49-404D-9232-ECA08A4B191E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu55:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF681786-95BB-40CF-ADCF-DEA69A19DD2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu56:*:*:*:*:*:*:*",
              "matchCriteriaId": "4137BE33-F73C-43FD-8487-81B8581963E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu57:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C060ED-BDD7-49BE-975B-08AFF93C8B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu58:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56E2A38-2ACA-4686-8E85-DB5B91FAE7FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu59:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD03D1E1-017F-44BF-90F4-1810AB58019D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu60:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7170954-E621-4F48-A52C-EF88B392C8A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu61:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5DFF27C-F5DF-48FF-A04B-EAEDD598CEA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu62:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B7E19A1-FCC0-418B-AE7D-43453BFD89E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu63:*:*:*:*:*:*:*",
              "matchCriteriaId": "947615BA-B4DC-44AC-AACF-4FE576AF1248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu64:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A88540-2266-4FB8-9862-252BE378E417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu65:*:*:*:*:*:*:*",
              "matchCriteriaId": "28614BE6-A80F-4A3F-809B-51C2CAB9287C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:2.20.11-0ubuntu65.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "617048A9-50DE-408B-9654-677D6BFB66F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EF1C1CC-3FAE-4DE3-BC41-E5B14D5721F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3;"
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n check_attachment_for_errors() en el archivo data/general-hooks/ubuntu.py podr\u00eda ser enga\u00f1ada para exponer datos privados por medio de un archivo de bloqueo construido. Este problema afecta a: las versiones de apport 2.14.1 anteriores a 2.14.1-0ubuntu3.29+esm8; versiones 2.20.1 anteriores a 2.20.1-0ubuntu2.30+esm2; versiones 2.20.9 anteriores a 2.20.9-0ubuntu7.26; versiones 2.20.11 anteriores a 2.20.11-0ubuntu27.20; versiones 2.20.11 anteriores a 2.20.11-0ubuntu65.3;"
    }
  ],
  "id": "CVE-2021-3709",
  "lastModified": "2024-11-21T06:22:12.517",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-01T03:15:06.983",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-5077-1"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-5077-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3709"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-5077-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://ubuntu.com/security/notices/USN-5077-2"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-538"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-06-11 03:15
Modified
2024-11-21 05:55
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
References
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326Exploit, Third Party Advisory
Impacted products
Vendor Product Version
canonical apport *
canonical apport *
canonical apport *
canonical apport *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDEF7B7-318E-4C9B-AA8B-79157E87B4EF",
              "versionEndExcluding": "2.20.1-0ubuntu2.30",
              "versionStartIncluding": "2.20.1-0ubuntu1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC812359-24A5-4F7D-ABC6-15DB3062967A",
              "versionEndExcluding": "2.20.9-0ubuntu7.23",
              "versionStartIncluding": "2.20.9-0ubuntu1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "194F4E58-D4CB-4B34-8166-858CC0AF7B59",
              "versionEndExcluding": "2.20.11-0ubuntu27.16",
              "versionStartIncluding": "2.20.11-0ubuntu27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5778434C-41A2-4B08-BC76-9203B7FAB094",
              "versionEndExcluding": "2.20.11-0ubuntu50.5",
              "versionStartIncluding": "2.20.11-0ubuntu50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 que la funci\u00f3n get_pid_info() en data/apport no analizaba correctamente el archivo /proc/pid/status del kernel"
    }
  ],
  "id": "CVE-2021-25682",
  "lastModified": "2024-11-21T05:55:17.560",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "security@ubuntu.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-11T03:15:06.833",
  "references": [
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security@ubuntu.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}