Luke Faraone

**Name of the Vulnerable Software and Affected Versions** autokey versions prior to 0.61.3-2 **Description** The issue allows local attackers to write to arbitrary files via a symlink attack. This is a result of a flaw in the init script of the affected software. **Recommendations** For versions prior to 0.61.3-2, update to version 0.61.3-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the init script to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Shutter versions prior to 0.94 **Description** The issue allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action. This occurs in the App/HelperFunctions.pm module. **Recommendations** For versions prior to 0.94, update to version 0.94 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pitivi versions prior to 0.95 **Description** The issue is related to the incorrect handling of code generation in the mediaLibraryPlayCb function in mainwindow.py of the Pitivi video editor. This can be exploited by a remote attacker to execute arbitrary code using shell metacharacters in a file path. **Recommendations** For versions prior to 0.95, update to version 0.95 or later to resolve the issue. As a temporary workaround, consider restricting access to the mediaLibraryPlayCb function in mainwindow.py to minimize the risk of exploitation. Avoid using shell metacharacters in file paths until the issue is resolved.