Vulnerabilities > Apport Project > Apport > 2.20.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2022-28652 | XML Entity Expansion vulnerability in multiple products ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | 5.5 |
| 2024-06-04 | CVE-2022-28654 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to fill up apport.log | 5.5 |
| 2024-06-04 | CVE-2022-28655 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to create arbitrary tcp dbus connections | 7.1 |
| 2024-06-04 | CVE-2022-28656 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to consume RAM in the Apport process | 5.5 |
| 2024-06-04 | CVE-2022-28657 | Apport does not disable python crash handler before entering chroot | 7.8 |
| 2024-06-04 | CVE-2022-28658 | Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | 5.5 |
| 2019-08-29 | CVE-2019-7307 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apport Project Apport Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. | 7.0 |
| 2018-05-31 | CVE-2018-6552 | Unspecified vulnerability in Apport Project Apport Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. | 7.8 |