Vulnerabilities > Canonical > Ubuntu Linux > 21.10

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2022-28652 XML Entity Expansion vulnerability in multiple products
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
local
low complexity
apport-project canonical CWE-776
5.5
2024-06-04 CVE-2022-28654 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to fill up apport.log
local
low complexity
apport-project canonical CWE-770
5.5
2024-06-04 CVE-2022-28655 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to create arbitrary tcp dbus connections
local
low complexity
apport-project canonical CWE-770
7.1
2024-06-04 CVE-2022-28656 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
is_closing_session() allows users to consume RAM in the Apport process
local
low complexity
apport-project canonical CWE-770
5.5
2024-06-04 CVE-2022-28657 Apport does not disable python crash handler before entering chroot
local
low complexity
apport-project canonical
7.8
2024-06-04 CVE-2022-28658 Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
local
low complexity
apport-project canonical
5.5
2023-12-12 CVE-2023-5536 Incorrect Default Permissions vulnerability in Canonical Ubuntu Linux
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password.
local
high complexity
canonical CWE-276
6.4
2023-04-19 CVE-2022-2084 Information Exposure Through Log Files vulnerability in Canonical Cloud-Init and Ubuntu Linux
Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported.
local
low complexity
canonical CWE-532
5.5
2022-08-23 CVE-2021-3975 A use-after-free flaw was found in libvirt.
network
low complexity
redhat canonical fedoraproject debian netapp
6.5
2022-08-23 CVE-2021-3905 Memory Leak vulnerability in multiple products
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing.
7.5