Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Automatic_bug_reporting_tool
(Redhat)| Repositories | https://github.com/abrt/abrt |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-06-26 | CVE-2015-3315 | Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm. | Automatic_bug_reporting_tool | 7.8 | ||
| 2018-05-01 | CVE-2013-4209 | Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums. | Automatic_bug_reporting_tool | 3.3 | ||
| 2013-03-12 | CVE-2012-5659 | Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary Python modules by modifying the PYTHONPATH environment variable to reference a malicious Python module. | Automatic_bug_reporting_tool | N/A | ||
| 2012-07-03 | CVE-2012-1106 | The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information. | Automatic_bug_reporting_tool | N/A |