Stack too small - there's no proof the 8k allocated is too small, is it really exploitable?
Non async functions - pretty common problem but difficult to actually exploit. Every developer who has worked with signal handlers has probably made this mistake at some point because the issues it causes are extremely difficult to reproduce (some incredibly unlucky timing is required)
Arp leaking addresses - Not really a Mullvad issue and only exploitable on the local network
Deanonymization attacks - these work against all VPNs and you can always anonymize traffic more but it has a cost to do this.
Sideloading - Yeah this is probably the worst one but is not exploitable on it's own.
Non async functions - pretty common problem but difficult to actually exploit. Every developer who has worked with signal handlers has probably made this mistake at some point because the issues it causes are extremely difficult to reproduce (some incredibly unlucky timing is required)
Arp leaking addresses - Not really a Mullvad issue and only exploitable on the local network
Deanonymization attacks - these work against all VPNs and you can always anonymize traffic more but it has a cost to do this.
Sideloading - Yeah this is probably the worst one but is not exploitable on it's own.