How severe is CVE-2019-15790?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2019-15790?

This is classified as CWE-250, which is a common weakness in software security.

CVE-2019-15790

LOW Year: 2019

CVSS v3 Score

3.3

Low

CVSS v2 Score

2.1

Low

Weakness Type

CWE-250

View all →

Vulnerability Description

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.

CVE-2024-23743

LOW

CVSS:3.3(Low)

Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with n...

CWE-2502024

CVE-2025-20185

LOW

CVSS:3.4(Low)

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance co...

CWE-2502025

CVE-2024-21003

LOW

CVSS:3.1(Low)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Ent...

CWE-2502024

CVE-2020-27826

MEDIUM

CVSS:4.2(Medium)

A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute...

CWE-2502020

CVE-2023-27312

MEDIUM

CVSS:4.3(Medium)

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the...

CWE-2502023

CVE-2024-11821

MEDIUM

CVSS:4.3(Medium)

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The iss...

CWE-2502024

CVE-2019-15790

Vulnerability Description

Related Vulnerabilities

CVE-2024-23743

CVE-2025-20185

CVE-2024-21003

CVE-2020-27826

CVE-2023-27312

CVE-2024-11821