Weasel

**Name of the Vulnerable Software and Affected Versions** xlockmore versions 5.13 through 5.22 **Description** The issue allows unauthorized users to access the X session due to a segfault when using libpam-opensc, which returns the underlying xsession. **Recommendations** For xlockmore versions 5.13 through 5.22, consider disabling the use of libpam-opensc as a temporary workaround until a patch is available. Restrict access to the X session to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OnionShare versions 1.3.1 and earlier **Description** The issue concerns the `debug mode` function in `web/web.py`, which uses the `/tmp/onionshare server.log` pathname for logging when `--debug` is enabled. This might allow local users to overwrite files or obtain sensitive information by using this pathname. **Recommendations** For OnionShare versions 1.3.1 and earlier, as a temporary workaround, consider disabling the `debug mode` function until a patch is available. Restrict access to the `/tmp/onionshare server.log` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.