Danny De Weille

**Name of the Vulnerable Software and Affected Versions** Check Point Gaia Portal (affected versions not specified) **Description** The issue is related to a command injection vulnerability in the Check Point Gaia Portal. It allows a local user to potentially escalate privileges using the Gaia Portal hostnames page. The vulnerability is due to the failure to neutralize special elements used in the operating system command when processing the `hostname` parameter. This could enable a remote attacker to execute arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BigBlueButton versions prior to 2.4.8 BigBlueButton versions prior to 2.5.0 **Description** BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker starts a chat, and in the victim's client, the JavaScript will be executed. **Recommendations** For versions prior to 2.4.8, update to version 2.4.8 or later to resolve the issue. For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue.