Every CVE whose affected-product data names Apport Project Apport, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2017-14180 — CVSS 7.8 (high): Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files…
CVE-2018-6552 — CVSS 7.8 (high): Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an…
CVE-2016-9949 — CVSS 7.8 (high): An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python…
CVE-2016-9950 — CVSS 7.8 (high): An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage"…
CVE-2017-10708 — CVSS 7.8 (high): An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to…
CVE-2017-14177 — CVSS 7.8 (high): Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which…
CVE-2017-14179 — CVSS 7.8 (high): Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root…
CVE-2015-1318 — CVSS 7.2 (high): The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted…
CVE-2015-1338 — CVSS 7.2 (high): kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a…
CVE-2019-11483 — CVSS 7.0 (high): Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash…
CVE-2020-8831 — CVSS 6.5 (medium): Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory…
CVE-2016-9951 — CVSS 6.5 (medium): An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or…
CVE-2020-8833 — CVSS 5.6 (medium): Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege…
CVE-2022-28658 — CVSS 5.5 (medium): Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
CVE-2019-11482 — CVSS 4.2 (medium): Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be…
CVE-2019-11481 — CVSS 3.8 (low): Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a…
CVE-2019-11485 — CVSS 3.3 (low): Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
CVE-2019-15790 — CVSS 2.8 (low): Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the…