It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file.0.23 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.0.23 and prior 2.0.x versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.