GCVE - cpe:2.3:a:canonical_ltd.:apport:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:canonical_ltd.:apport:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Canonical Ltd. (`21cecf50-6351-52a5-ba2e-69c633014465`)
Product	Apport (`aac75318-f01d-5ec8-8ca7-9e8f9f839096`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-1326`	vulnerable	2026-06-03 14:48:54.287534	local privilege escalation in apport-cli HIGH (7.7) A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. Published: 2023-04-13T22:35:19.704Z Updated: 2025-02-07T15:54:48.365Z Open on db.gcve.eu Reference links https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb https://ubuntu.com/security/notices/USN-6018-1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28658`	vulnerable	2026-06-03 14:46:55.161764	Details available Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing Published: 2024-06-04T22:03:53.633Z Updated: 2024-10-27T14:58:19.533Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28658	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28657`	vulnerable	2026-06-03 14:46:55.161320	Details available Apport does not disable python crash handler before entering chroot Published: 2024-06-04T22:02:26.017Z Updated: 2024-08-03T05:56:16.428Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28657	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28656`	vulnerable	2026-06-03 14:46:55.160850	Details available is_closing_session() allows users to consume RAM in the Apport process Published: 2024-06-04T21:58:44.839Z Updated: 2025-03-19T17:42:19.680Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28656	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28655`	vulnerable	2026-06-03 14:46:55.160399	Details available is_closing_session() allows users to create arbitrary tcp dbus connections Published: 2024-06-04T21:56:50.616Z Updated: 2024-10-27T17:49:04.264Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28655	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28654`	vulnerable	2026-06-03 14:46:55.158591	Details available is_closing_session() allows users to fill up apport.log Published: 2024-06-04T21:54:37.199Z Updated: 2024-10-27T17:48:06.702Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28654	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28653`	vulnerable	2026-06-03 14:46:55.157291	Details available Users can consume unlimited disk space in /var/crash Published: 2025-01-31T00:50:49.677Z Updated: 2025-02-07T15:56:12.162Z Open on db.gcve.eu Reference links https://www.cve.org/CVERecord?id=CVE-2022-28653	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-28652`	vulnerable	2026-06-03 14:46:55.152897	Details available ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack Published: 2024-06-04T21:38:44.324Z Updated: 2025-03-13T18:21:18.146Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28652	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-1242`	vulnerable	2026-06-03 14:45:58.314269	Details available Apport can be tricked into connecting to arbitrary sockets as the root user Published: 2024-06-03T18:48:02.281Z Updated: 2025-03-27T19:31:12.082Z Open on db.gcve.eu Reference links https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-1242	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-3899`	vulnerable	2026-06-03 14:45:13.419998	Details available There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. Published: 2024-06-03T18:40:32.847Z Updated: 2024-08-19T14:10:41.358Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376 https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2021-3899	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-11936`	vulnerable	2026-06-03 14:41:32.395112	Details available LOW (3.1) gdbus setgid privilege escalation Published: 2025-01-31T01:18:21.509Z Updated: 2025-02-07T16:08:28.466Z Open on db.gcve.eu Reference links https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1885633 https://www.cve.org/CVERecord?id=CVE-2020-11936	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.