Mickael Karatekin

**Name of the Vulnerable Software and Affected Versions** GNOME Shell (affected versions not specified) **Description** A vulnerability was found in GNOME Shell, where the lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jeedom versions prior to 4.0.39 **Description** The issue allows for cross-site scripting (XSS), which is a type of attack where an attacker can inject malicious scripts into a website, potentially allowing them to steal user data or take control of the user's session. **Recommendations** For versions prior to 4.0.39, update to version 4.0.39 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: KDE Okular versions prior to 1.10.0 Description: The issue is related to insufficient input validation in the Okular PDF viewer software, which can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability can be triggered via an action link in a PDF document, potentially allowing code execution. Recommendations: For KDE Okular versions prior to 1.10.0, update to version 1.10.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of action links in PDF documents until the update is applied. Restrict access to sensitive data and monitor for any signs of unauthorized access or service disruption.

**Name of the Vulnerable Software and Affected Versions** Druide Antidote versions prior to 9.5.2 **Description** The issue allows remote code execution through the update mechanism. This is achieved by leveraging the use of HTTP to download installation packages, which can be exploited to execute malicious code remotely. **Recommendations** For versions prior to 9.5.2, update to version 9.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Gespage versions prior to 7.4.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `show prn` parameter to "webapp/users/prnow.jsp", the `show month` parameter to "webapp/users/blhistory.jsp", or the `show month` parameter to "webapp/users/prhistory.jsp". **Recommendations** For versions prior to 7.4.9, update to version 7.4.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the "webapp/users/prnow.jsp", "webapp/users/blhistory.jsp", and "webapp/users/prhistory.jsp" pages to minimize the risk of exploitation. Avoid using the `show prn` and `show month` parameters in the affected API endpoints until the issue is resolved.