Every CVE whose affected-product data names Canonical Apport, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2021-25682 — CVSS 8.8 (high): It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
CVE-2021-25684 — CVSS 8.8 (high): It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
CVE-2021-25683 — CVSS 8.8 (high): It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
CVE-2021-3899 — CVSS 7.8 (high): There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute…
CVE-2023-1326 — CVSS 7.7 (high): A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially…
CVE-2015-1341 — CVSS 7.4 (high): Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument…
CVE-2020-15702 — CVSS 7.0 (high): TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may…
CVE-2021-3709 — CVSS 6.5 (medium): Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed…
CVE-2021-3710 — CVSS 6.5 (medium): An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1…
CVE-2020-15701 — CVSS 5.5 (medium): An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the…
CVE-2021-32557 — CVSS 5.2 (medium): It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
CVE-2025-5054 — CVSS 4.7 (medium): Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by…
CVE-2021-32556 — CVSS 3.8 (low): It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in…
CVE-2025-5467 — CVSS 3.3 (low): It was discovered that process_crash() in data/apport in Canonical's Apport crash reporting tool may create crash files with incorrect…