Vulnerabilities > Apport Project > Apport > 2.20.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2022-28652 | XML Entity Expansion vulnerability in multiple products ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | 5.5 |
| 2024-06-04 | CVE-2022-28654 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to fill up apport.log | 5.5 |
| 2024-06-04 | CVE-2022-28655 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to create arbitrary tcp dbus connections | 7.1 |
| 2024-06-04 | CVE-2022-28656 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to consume RAM in the Apport process | 5.5 |
| 2024-06-04 | CVE-2022-28657 | Apport does not disable python crash handler before entering chroot | 7.8 |
| 2024-06-04 | CVE-2022-28658 | Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | 5.5 |
| 2019-08-29 | CVE-2019-7307 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apport Project Apport Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. | 7.0 |
| 2018-05-31 | CVE-2018-6552 | Unspecified vulnerability in Apport Project Apport Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. | 7.8 |
| 2018-02-02 | CVE-2017-14180 | Resource Exhaustion vulnerability in multiple products Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. | 7.8 |
| 2018-02-02 | CVE-2017-14177 | Resource Exhaustion vulnerability in multiple products Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. | 7.8 |