It was discovered that Cockpit, a web console for Linux servers, was
susceptible to arbitrary command execution if an administrative user
was tricked into opening an sosreport file with a malformed filename.

https://security-tracker.debian.org/tracker/DSA-5655-1

Read More