Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing

Apport does not disable python crash handler before entering chroot

is_closing_session() allows users to consume RAM in the Apport process

is_closing_session() allows users to create arbitrary tcp dbus connections

is_closing_session() allows users to fill up apport.log

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

Apport can be tricked into connecting to arbitrary sockets as the root user

Subiquity Shows Guided Storage Passphrase in Plaintext with Read-all Permissions

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of the snap that would normally require administrator privileges to perform. This could possibly allow an unprivileged user to perform a denial of service or similar.