image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
The component /rootfs in RageFile of Stepmania v5.1b2 and below allows attackers access to the entire file system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.