Vulnerabilities > Apport Project > Apport > 2.20.9

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2022-28652 XML Entity Expansion vulnerability in multiple products
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
local
low complexity
apport-project canonical CWE-776
5.5
2024-06-04 CVE-2022-28654 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to fill up apport.log
local
low complexity
apport-project canonical CWE-770
5.5
2024-06-04 CVE-2022-28655 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to create arbitrary tcp dbus connections
local
low complexity
apport-project canonical CWE-770
7.1
2024-06-04 CVE-2022-28656 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to consume RAM in the Apport process
local
low complexity
apport-project canonical CWE-770
5.5
2024-06-04 CVE-2022-28657 Apport does not disable python crash handler before entering chroot
local
low complexity
apport-project canonical
7.8
2024-06-04 CVE-2022-28658 Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
local
low complexity
apport-project canonical
5.5
2019-08-29 CVE-2019-7307 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apport Project Apport
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report.
local
high complexity
apport-project CWE-367
7.0
2018-05-31 CVE-2018-6552 Unspecified vulnerability in Apport Project Apport
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
local
low complexity
apport-project
7.8