CVE-2018-18654
Crossroads 2.81 is affected by a local-attack vulnerability during build of xr: a world-writable subdirectory under /tmp can be exploited when xr is copied there, allowing an attacker to replace the directory contents with a Trojan horse xr. This is described across multiple sources (NVD/Red Hat/...