Vulnerabilities > Apport Project > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2022-28652 | XML Entity Expansion vulnerability in multiple products ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | 5.5 |
| 2024-06-04 | CVE-2022-28654 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to fill up apport.log | 5.5 |
| 2024-06-04 | CVE-2022-28656 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to consume RAM in the Apport process | 5.5 |
| 2024-06-04 | CVE-2022-28658 | Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | 5.5 |
| 2020-04-22 | CVE-2020-8833 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. | 4.7 |
| 2020-04-22 | CVE-2020-8831 | Link Following vulnerability in multiple products Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. | 5.5 |
| 2017-07-18 | CVE-2017-10708 | Path Traversal vulnerability in Apport Project Apport An issue was discovered in Apport through 2.20.x. | 6.8 |
| 2016-12-17 | CVE-2016-9951 | Improper Access Control vulnerability in Apport Project Apport An issue was discovered in Apport before 2.20.4. | 4.3 |