Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Information Disclosure
Imposto De Renda Da Pessoa Fisica 2021
NVD
CVSS 3.1
3.7
EPSS
0.7%
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Command Injection
Apport
NVD
CVSS 3.1
3.3
EPSS
0.3%