apport-cli

CVEs (30)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2025-5467	Apport Project Apport	—	0.00	Dec 10, 2025	It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
CVE-2025-5054	Apport Project Apport	—	0.00	May 30, 2025	Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a…
CVE-2023-1326	Canonical apport-cli	—	0.05	Apr 13, 2023	A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local…
CVE-2021-3710	Apport Project Apport	—	0.00	Oct 1, 2021	An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26;…
CVE-2021-3709	Apport Project Apport	—	0.00	Oct 1, 2021	Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2;…
CVE-2021-32557	Canonical apport-cli	—	0.00	Jun 12, 2021	It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
CVE-2021-32556	Canonical apport-cli	—	0.00	Jun 12, 2021	It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
CVE-2021-32555	Canonical apport-cli	—	0.00	Jun 12, 2021	It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.
CVE-2021-32554	Canonical apport-cli	—	0.00	Jun 12, 2021	It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.
CVE-2021-32553	Canonical apport-cli	—	0.00	Jun 12, 2021	It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
CVE-2021-32552	Pypi Apport	—	0.00	Jun 12, 2021	It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32551	Canonical apport-cli	—	0.00	Jun 12, 2021	It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.
CVE-2021-32550	Apport Project Apport	—	0.00	Jun 12, 2021	It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
CVE-2021-32549	Canonical apport-cli	—	0.00	Jun 12, 2021	It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
CVE-2021-32548	Canonical apport-cli	—	0.00	Jun 12, 2021	It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
CVE-2021-32547	Apport Project Apport	—	0.00	Jun 12, 2021	It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
CVE-2021-25684	Apport Project Apport	—	0.00	Jun 11, 2021	It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
CVE-2021-25683	Apport Project Apport	—	0.00	Jun 11, 2021	It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
CVE-2021-25682	Canonical apport-cli	—	0.00	Jun 11, 2021	It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
CVE-2020-15702	Apport Project Apport	—	0.00	Aug 6, 2020	TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to…

CVE-2025-5467Dec 10, 2025
Apport Project
Apport
risk 0.00cvss —epss 0.00
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
CVE-2025-5054May 30, 2025
Apport Project
Apport
risk 0.00cvss —epss 0.00
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a…
CVE-2023-1326Apr 13, 2023
Canonical
apport-cli
risk 0.00cvss —epss 0.05
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local…
CVE-2021-3710Oct 1, 2021
Apport Project
Apport
risk 0.00cvss —epss 0.00
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26;…
CVE-2021-3709Oct 1, 2021
Apport Project
Apport
risk 0.00cvss —epss 0.00
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2;…
CVE-2021-32557Jun 12, 2021
Canonical
apport-cli
risk 0.00cvss —epss 0.00
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
CVE-2021-32556Jun 12, 2021
Canonical
apport-cli
risk 0.00cvss —epss 0.00
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
CVE-2021-32555Jun 12, 2021
Canonical
apport-cli
risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.
CVE-2021-32554Jun 12, 2021
Canonical
apport-cli
risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.
CVE-2021-32553Jun 12, 2021
Canonical
apport-cli
risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
CVE-2021-32552Jun 12, 2021
Pypi
Apport
risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32551Jun 12, 2021
Canonical
apport-cli
risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.
CVE-2021-32550Jun 12, 2021
Apport Project
Apport
risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
CVE-2021-32549Jun 12, 2021
Canonical
apport-cli
risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
CVE-2021-32548Jun 12, 2021
Canonical
apport-cli
risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
CVE-2021-32547Jun 12, 2021
Apport Project
Apport
risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
CVE-2021-25684Jun 11, 2021
Apport Project
Apport
risk 0.00cvss —epss 0.00
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
CVE-2021-25683Jun 11, 2021
Apport Project
Apport
risk 0.00cvss —epss 0.00
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
CVE-2021-25682Jun 11, 2021
Canonical
apport-cli
risk 0.00cvss —epss 0.00
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
CVE-2020-15702Aug 6, 2020
Apport Project
Apport
risk 0.00cvss —epss 0.00
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to…

Page 1 of 2