Vulnerabilities > Canonical > Ubuntu Linux > 22.04
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-6387 | Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). | 8.1 |
| 2024-06-04 | CVE-2022-28652 | XML Entity Expansion vulnerability in multiple products ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack | 5.5 |
| 2024-06-04 | CVE-2022-28654 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to fill up apport.log | 5.5 |
| 2024-06-04 | CVE-2022-28655 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to create arbitrary tcp dbus connections | 7.1 |
| 2024-06-04 | CVE-2022-28656 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products is_closing_session() allows users to consume RAM in the Apport process | 5.5 |
| 2024-06-04 | CVE-2022-28657 | Apport does not disable python crash handler before entering chroot | 7.8 |
| 2024-06-04 | CVE-2022-28658 | Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing | 5.5 |
| 2024-01-08 | CVE-2023-1032 | Double Free vulnerability in multiple products The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. | 5.5 |
| 2024-01-08 | CVE-2022-2585 | Use After Free vulnerability in multiple products It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | 7.8 |
| 2024-01-08 | CVE-2022-2586 | Use After Free vulnerability in multiple products It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | 7.8 |