Justin Rye

**Name of the Vulnerable Software and Affected Versions** Polygen versions prior to 1.0.6 **Description** The issue allows local users to cause a denial of service due to disk consumption and possibly perform other unauthorized activities. This is because Polygen generates precompiled grammar objects with world-writable permissions. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** crip version 3.5 **Description** The issue affects the helper scripts for crip, which do not properly use temporary files. This could allow local users to have an unknown impact. Additionally, there are multiple vulnerabilities in the crip package that can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker. **Recommendations** For crip version 3.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.