Skip to main content

Apport

23 CVEs product

Monthly

CVE-2025-5054 MEDIUM POC Monitor

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Canonical Apport Ubuntu Linux
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2020-11936 LOW POC Monitor

gdbus setgid privilege escalation. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Apport
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2022-28653 HIGH PATCH This Week

Users can consume unlimited disk space in /var/crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apport Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-1326 HIGH PATCH This Week

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Apport Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-3710 MEDIUM POC This Month

An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Apport
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-3709 MEDIUM POC This Month

Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Apport
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-32557 HIGH POC This Week

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-32556 LOW Monitor

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Apport
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2021-25684 HIGH POC This Week

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-25683 HIGH POC This Week

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25682 HIGH POC This Week

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15702 HIGH This Week

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Apport Ubuntu Linux
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2020-15701 MEDIUM POC This Month

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apport Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8833 MEDIUM POC This Month

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Apport
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-8831 MEDIUM POC This Month

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Apport
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2019-7307 HIGH POC This Week

Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Denial Of Service Apport
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2018-6552 HIGH This Week

Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apport
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-10708 HIGH This Week

An issue was discovered in Apport through 2.20.x. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Apport
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2016-9951 MEDIUM POC PATCH This Month

An issue was discovered in Apport before 2.20.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Apport
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
7.9%
CVE-2016-9950 HIGH POC PATCH This Week

An issue was discovered in Apport before 2.20.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Apport Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
0.7%
CVE-2016-9949 HIGH POC PATCH This Week

An issue was discovered in Apport before 2.20.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Code Injection Apport Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
9.8%
CVE-2015-1338 HIGH POC PATCH This Week

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Apport Ubuntu Linux
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.4%
CVE-2015-1318 HIGH POC PATCH THREAT Act Now

The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Privilege Escalation Apport
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
19.1%
EPSS 0% CVSS 4.7
MEDIUM POC Monitor

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Canonical +2
NVD
EPSS 0% CVSS 3.1
LOW POC Monitor

gdbus setgid privilege escalation. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Apport
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Users can consume unlimited disk space in /var/crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Apport Suse
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Apport Ubuntu Linux
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Apport
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Apport
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
EPSS 0% CVSS 3.3
LOW Monitor

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Apport
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apport
NVD
EPSS 0% CVSS 7.0
HIGH This Week

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Apport Ubuntu Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apport Ubuntu Linux
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Apport
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Apport
NVD
EPSS 0% CVSS 7.0
HIGH POC This Week

Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Denial Of Service Apport
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apport
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in Apport through 2.20.x. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Apport
NVD
EPSS 8% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in Apport before 2.20.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Apport
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in Apport before 2.20.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Apport +1
NVD GitHub Exploit-DB
EPSS 10% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in Apport before 2.20.4. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Code Injection +2
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Apport Ubuntu Linux
NVD Exploit-DB
EPSS 19% CVSS 7.2
HIGH POC PATCH THREAT Act Now

The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Privilege Escalation Apport
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy