Vendor CVEs
Apport Project
All CVEs
32 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9949 | Hig | 0.55 | 7.8 | 0.18 | Dec 17, 2016 | An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. | ||
| CVE-2016-9950 | Hig | 0.54 | 7.8 | 0.07 | Dec 17, 2016 | An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker… | ||
| CVE-2017-14180 | Hig | 0.51 | 7.8 | 0.00 | Feb 2, 2018 | Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different… | ||
| CVE-2017-14179 | Hig | 0.51 | 7.8 | 0.00 | Feb 2, 2018 | Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from… | ||
| CVE-2017-14177 | Hig | 0.51 | 7.8 | 0.00 | Feb 2, 2018 | Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability… | ||
| CVE-2017-10708 | Hig | 0.51 | 7.8 | 0.02 | Jul 18, 2017 | An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted… | ||
| CVE-2016-9951 | Med | 0.46 | 6.5 | 0.07 | Dec 17, 2016 | An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The… | ||
| CVE-2015-1338 | 0.03 | — | 0.01 | Oct 1, 2015 | kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. | |||
| CVE-2015-1318 | 0.03 | — | 0.04 | Apr 17, 2015 | The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). | |||
| CVE-2025-5467 | 0.00 | — | 0.00 | Dec 10, 2025 | It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups. | |||
| CVE-2025-5054 | 0.00 | — | 0.00 | May 30, 2025 | Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a… | |||
| CVE-2022-28658 | 0.00 | — | 0.00 | Jun 4, 2024 | Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | |||
| CVE-2022-28657 | 0.00 | — | 0.00 | Jun 4, 2024 | Apport does not disable python crash handler before entering chroot | |||
| CVE-2022-28656 | 0.00 | — | 0.00 | Jun 4, 2024 | is_closing_session() allows users to consume RAM in the Apport process | |||
| CVE-2021-3710 | 0.00 | — | 0.00 | Oct 1, 2021 | An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26;… | |||
| CVE-2021-3709 | 0.00 | — | 0.00 | Oct 1, 2021 | Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2;… | |||
| CVE-2021-32550 | 0.00 | — | 0.00 | Jun 12, 2021 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users. | |||
| CVE-2021-32547 | 0.00 | — | 0.00 | Jun 12, 2021 | It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users. | |||
| CVE-2021-25684 | 0.00 | — | 0.01 | Jun 11, 2021 | It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. | |||
| CVE-2021-25683 | 0.00 | — | 0.00 | Jun 11, 2021 | It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. | |||
| CVE-2020-15702 | 0.00 | — | 0.00 | Aug 6, 2020 | TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to… | |||
| CVE-2020-15701 | 0.00 | — | 0.00 | Aug 6, 2020 | An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in… | |||
| CVE-2019-15790 | 0.00 | — | 0.00 | Apr 27, 2020 | Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read… | |||
| CVE-2020-8833 | 0.00 | — | 0.00 | Apr 22, 2020 | Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron… | |||
| CVE-2020-8831 | 0.00 | — | 0.01 | Apr 22, 2020 | Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using… | |||
| CVE-2019-11485 | 0.00 | — | 0.00 | Feb 8, 2020 | Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. | |||
| CVE-2019-11483 | 0.00 | — | 0.00 | Feb 8, 2020 | Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. | |||
| CVE-2019-11482 | 0.00 | — | 0.00 | Feb 8, 2020 | Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. | |||
| CVE-2019-11481 | 0.00 | — | 0.00 | Feb 8, 2020 | Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. | |||
| CVE-2019-7307 | 0.00 | — | 0.00 | Aug 29, 2019 | Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to… | |||
| CVE-2015-1341 | 0.00 | — | 0.00 | Apr 22, 2019 | Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. | |||
| CVE-2009-1295 | 0.00 | — | 0.00 | Apr 30, 2009 | Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors. |
- risk 0.55cvss 7.8epss 0.18
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
- risk 0.54cvss 7.8epss 0.07
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker…
- risk 0.51cvss 7.8epss 0.00
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different…
- risk 0.51cvss 7.8epss 0.00
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from…
- risk 0.51cvss 7.8epss 0.00
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability…
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted…
- risk 0.46cvss 6.5epss 0.07
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The…
- CVE-2015-1338Oct 1, 2015risk 0.03cvss —epss 0.01
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
- CVE-2015-1318Apr 17, 2015risk 0.03cvss —epss 0.04
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
- CVE-2025-5467Dec 10, 2025risk 0.00cvss —epss 0.00
It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect group ownership, possibly exposing crash information beyond expected or intended groups.
- CVE-2025-5054May 30, 2025risk 0.00cvss —epss 0.00
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a…
- CVE-2022-28658Jun 4, 2024risk 0.00cvss —epss 0.00
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
- CVE-2022-28657Jun 4, 2024risk 0.00cvss —epss 0.00
Apport does not disable python crash handler before entering chroot
- CVE-2022-28656Jun 4, 2024risk 0.00cvss —epss 0.00
is_closing_session() allows users to consume RAM in the Apport process
- CVE-2021-3710Oct 1, 2021risk 0.00cvss —epss 0.00
An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26;…
- CVE-2021-3709Oct 1, 2021risk 0.00cvss —epss 0.00
Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2;…
- CVE-2021-32550Jun 12, 2021risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
- CVE-2021-32547Jun 12, 2021risk 0.00cvss —epss 0.00
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
- CVE-2021-25684Jun 11, 2021risk 0.00cvss —epss 0.01
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
- CVE-2021-25683Jun 11, 2021risk 0.00cvss —epss 0.00
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
- CVE-2020-15702Aug 6, 2020risk 0.00cvss —epss 0.00
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to…
- CVE-2020-15701Aug 6, 2020risk 0.00cvss —epss 0.00
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in…
- CVE-2019-15790Apr 27, 2020risk 0.00cvss —epss 0.00
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read…
- CVE-2020-8833Apr 22, 2020risk 0.00cvss —epss 0.00
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron…
- CVE-2020-8831Apr 22, 2020risk 0.00cvss —epss 0.01
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using…
- CVE-2019-11485Feb 8, 2020risk 0.00cvss —epss 0.00
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
- CVE-2019-11483Feb 8, 2020risk 0.00cvss —epss 0.00
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.
- CVE-2019-11482Feb 8, 2020risk 0.00cvss —epss 0.00
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
- CVE-2019-11481Feb 8, 2020risk 0.00cvss —epss 0.00
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
- CVE-2019-7307Aug 29, 2019risk 0.00cvss —epss 0.00
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to…
- CVE-2015-1341Apr 22, 2019risk 0.00cvss —epss 0.00
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.
- CVE-2009-1295Apr 30, 2009risk 0.00cvss —epss 0.00
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.