Vulnerabilities > Canonical > Ubuntu Linux > 20.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-04 | CVE-2022-28652 | XML Entity Expansion vulnerability in multiple products ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | 5.5 |
| 2024-06-04 | CVE-2022-28654 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to fill up apport.log | 5.5 |
| 2024-06-04 | CVE-2022-28655 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to create arbitrary tcp dbus connections | 7.1 |
| 2024-06-04 | CVE-2022-28656 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to consume RAM in the Apport process | 5.5 |
| 2024-06-04 | CVE-2022-28657 | Apport does not disable python crash handler before entering chroot | 7.8 |
| 2024-06-04 | CVE-2022-28658 | Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | 5.5 |
| 2024-01-08 | CVE-2022-2585 | Use After Free vulnerability in multiple products It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | 7.8 |
| 2024-01-08 | CVE-2022-2586 | Use After Free vulnerability in multiple products It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | 7.8 |
| 2024-01-08 | CVE-2022-2588 | Double Free vulnerability in multiple products It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | 7.8 |
| 2024-01-08 | CVE-2022-2602 | Use After Free vulnerability in multiple products io_uring UAF, Unix SCM garbage collection | 7.0 |