Vulnerabilities > Apport Project

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2022-28652 XML Entity Expansion vulnerability in multiple products
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
local
low complexity
apport-project canonical CWE-776
5.5
2024-06-04 CVE-2022-28654 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to fill up apport.log
local
low complexity
apport-project canonical CWE-770
5.5
2024-06-04 CVE-2022-28655 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to create arbitrary tcp dbus connections
local
low complexity
apport-project canonical CWE-770
7.1
2024-06-04 CVE-2022-28656 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to consume RAM in the Apport process
local
low complexity
apport-project canonical CWE-770
5.5
2024-06-04 CVE-2022-28657 Apport does not disable python crash handler before entering chroot
local
low complexity
apport-project canonical
7.8
2024-06-04 CVE-2022-28658 Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
local
low complexity
apport-project canonical
5.5
2020-04-28 CVE-2019-15790 Improper Privilege Management vulnerability in multiple products
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges.
local
low complexity
apport-project canonical CWE-269
3.3
2020-04-22 CVE-2020-8833 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity.
local
high complexity
canonical apport-project CWE-367
4.7
2020-04-22 CVE-2020-8831 Link Following vulnerability in multiple products
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory.
local
low complexity
canonical apport-project CWE-59
5.5
2020-02-08 CVE-2019-11485 Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
local
low complexity
apport-project canonical
3.3