ISHACK AI BOT

Gentoo Linux: CVE-2023-25153: containerd: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/16/2023 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18.Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. Solution(s) gentoo-linux-upgrade-app-containers-containerd References https://attackerkb.com/topics/cve-2023-25153 CVE - 2023-25153 202408-01

Amazon Linux AMI: CVE-2023-0662: Security patch for php56 (ALAS-2023-1879) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/16/2023 Created 11/07/2023 Added 11/04/2023 Modified 01/28/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. Solution(s) amazon-linux-upgrade-php56 References ALAS-2023-1879 CVE-2023-0662

Debian: CVE-2023-0056: haproxy -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/16/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. Solution(s) debian-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-0056 CVE - 2023-0056 DSA-5348-1

Huawei EulerOS: CVE-2023-25173: docker-engine security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/16/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/30/2025 Description containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. Solution(s) huawei-euleros-2_0_sp5-upgrade-docker-engine References https://attackerkb.com/topics/cve-2023-25173 CVE - 2023-25173 EulerOS-SA-2023-2142

Debian: CVE-2023-0866: gpac -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/16/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV. Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2023-0866 CVE - 2023-0866 DSA-5411 DSA-5411-1

Debian: CVE-2023-0662: php7.4, php8.2 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/16/2023 Created 02/28/2023 Added 02/27/2023 Modified 01/28/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. Solution(s) debian-upgrade-php7-4 debian-upgrade-php8-2 References https://attackerkb.com/topics/cve-2023-0662 CVE - 2023-0662 DSA-5363-1

Debian: CVE-2023-25173: containerd -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/16/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. Solution(s) debian-upgrade-containerd References https://attackerkb.com/topics/cve-2023-25173 CVE - 2023-25173

Alma Linux: CVE-2023-0662: Important: php:8.0 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/16/2023 Created 10/24/2023 Added 10/23/2023 Modified 02/11/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. Solution(s) alma-upgrade-apcu-panel alma-upgrade-libzip alma-upgrade-libzip-devel alma-upgrade-libzip-tools alma-upgrade-php alma-upgrade-php-bcmath alma-upgrade-php-cli alma-upgrade-php-common alma-upgrade-php-dba alma-upgrade-php-dbg alma-upgrade-php-devel alma-upgrade-php-embedded alma-upgrade-php-enchant alma-upgrade-php-ffi alma-upgrade-php-fpm alma-upgrade-php-gd alma-upgrade-php-gmp alma-upgrade-php-intl alma-upgrade-php-ldap alma-upgrade-php-mbstring alma-upgrade-php-mysqlnd alma-upgrade-php-odbc alma-upgrade-php-opcache alma-upgrade-php-pdo alma-upgrade-php-pear alma-upgrade-php-pecl-apcu alma-upgrade-php-pecl-apcu-devel alma-upgrade-php-pecl-rrd alma-upgrade-php-pecl-xdebug3 alma-upgrade-php-pecl-zip alma-upgrade-php-pgsql alma-upgrade-php-process alma-upgrade-php-snmp alma-upgrade-php-soap alma-upgrade-php-xml References https://attackerkb.com/topics/cve-2023-0662 CVE - 2023-0662 https://errata.almalinux.org/8/ALSA-2023-5927.html https://errata.almalinux.org/9/ALSA-2023-5926.html https://errata.almalinux.org/9/ALSA-2024-0387.html

Alma Linux: CVE-2023-25173: Moderate: container-tools:rhel8 security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/16/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/30/2025 Description containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-fuse-overlayfs alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2023-25173 CVE - 2023-25173 https://errata.almalinux.org/8/ALSA-2023-6939.html https://errata.almalinux.org/9/ALSA-2023-6473.html https://errata.almalinux.org/9/ALSA-2023-6474.html

Alma Linux: CVE-2023-23936: Moderate: nodejs:16 security, bug fix, and enhancement update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 02/16/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici. Solution(s) alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-libs alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm References https://attackerkb.com/topics/cve-2023-23936 CVE - 2023-23936 https://errata.almalinux.org/8/ALSA-2023-1582.html https://errata.almalinux.org/8/ALSA-2023-1583.html https://errata.almalinux.org/9/ALSA-2023-2654.html https://errata.almalinux.org/9/ALSA-2023-2655.html

Alma Linux: CVE-2023-0568: Important: php:8.0 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/16/2023 Created 10/24/2023 Added 10/23/2023 Modified 02/11/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. Solution(s) alma-upgrade-apcu-panel alma-upgrade-libzip alma-upgrade-libzip-devel alma-upgrade-libzip-tools alma-upgrade-php alma-upgrade-php-bcmath alma-upgrade-php-cli alma-upgrade-php-common alma-upgrade-php-dba alma-upgrade-php-dbg alma-upgrade-php-devel alma-upgrade-php-embedded alma-upgrade-php-enchant alma-upgrade-php-ffi alma-upgrade-php-fpm alma-upgrade-php-gd alma-upgrade-php-gmp alma-upgrade-php-intl alma-upgrade-php-json alma-upgrade-php-ldap alma-upgrade-php-mbstring alma-upgrade-php-mysqlnd alma-upgrade-php-odbc alma-upgrade-php-opcache alma-upgrade-php-pdo alma-upgrade-php-pear alma-upgrade-php-pecl-apcu alma-upgrade-php-pecl-apcu-devel alma-upgrade-php-pecl-rrd alma-upgrade-php-pecl-xdebug alma-upgrade-php-pecl-xdebug3 alma-upgrade-php-pecl-zip alma-upgrade-php-pgsql alma-upgrade-php-process alma-upgrade-php-snmp alma-upgrade-php-soap alma-upgrade-php-xml alma-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2023-0568 CVE - 2023-0568 https://errata.almalinux.org/8/ALSA-2023-5927.html https://errata.almalinux.org/8/ALSA-2024-10952.html https://errata.almalinux.org/9/ALSA-2023-5926.html https://errata.almalinux.org/9/ALSA-2024-0387.html

Fortinet FortiNAC keyUpload.jsp arbitrary file write Disclosed 02/16/2023 Created 03/14/2023 Description This module uploads a payload to the /tmp directory in addition to a cron job to /etc/cron.d which executes the payload in the context of the root user. The core vulnerability is an arbitrary file write issue in /configWizard/keyUpload.jsp which is accessible remotely and without authentication. When you send the vulnerable endpoint a ZIP file, it will extract an attacker controlled file to a directory of the attackers choice on the target system. This issue is exploitable on the following versions of FortiNAC: FortiNAC version 9.4 prior to 9.4.1 FortiNAC version 9.2 prior to 9.2.6 FortiNAC version 9.1 prior to 9.1.8 FortiNAC 8.8 all versions FortiNAC 8.7 all versions FortiNAC 8.6 all versions FortiNAC 8.5 all versions FortiNAC 8.3 all versions Author(s) Gwendal Guégniaud Zach Hanley jheysel-r7 Platform Linux,Unix Architectures cmd, x64, x86 Development Source Code History

Amazon Linux 2023: CVE-2022-33196: Medium priority package update for microcode_ctl Severity 5 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:N) Published 02/16/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. A flaw was found in the Linux kernel. Some Intel(R) Xeon(R) processors with Intel® Software Guard Extensions (SGX) may allow privilege escalation. This issue may allow a privileged user to enable privilege escalation via local access. Solution(s) amazon-linux-2023-upgrade-microcode-ctl References https://attackerkb.com/topics/cve-2022-33196 CVE - 2022-33196 https://alas.aws.amazon.com/AL2023/ALAS-2023-189.html

Huawei EulerOS: CVE-2023-25173: docker-engine security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/16/2023 Created 05/05/2023 Added 04/13/2023 Modified 01/30/2025 Description containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups. Solution(s) huawei-euleros-2_0_sp8-upgrade-docker-engine References https://attackerkb.com/topics/cve-2023-25173 CVE - 2023-25173 EulerOS-SA-2023-1591

Oracle Database: Critical Patch Update - January 2025 (CVE-2022-26345) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 02/16/2023 Created 01/23/2025 Added 01/22/2025 Modified 01/28/2025 Description Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Solution(s) oracle-apply-jan-2025-cpu References https://attackerkb.com/topics/cve-2022-26345 CVE - 2022-26345 http://www.oracle.com/security-alerts/cpujan2025.html https://support.oracle.com/rs?type=doc&id=3056559.1

PHP Vulnerability: CVE-2023-0662 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/16/2023 Created 02/28/2023 Added 02/27/2023 Modified 01/28/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. Solution(s) php-upgrade-8_0_28 php-upgrade-8_1_16 php-upgrade-8_2_3 References https://attackerkb.com/topics/cve-2023-0662 CVE - 2023-0662

Debian: CVE-2022-35883: intel-mediasdk -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/16/2023 Created 09/24/2024 Added 09/23/2024 Modified 01/28/2025 Description NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. Solution(s) debian-upgrade-intel-mediasdk References https://attackerkb.com/topics/cve-2022-35883 CVE - 2022-35883

Oracle Linux: CVE-2023-33951: ELSA-2023-7077:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:P) Published 02/15/2023 Created 11/18/2023 Added 11/16/2023 Modified 01/07/2025 Description A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-33951 CVE - 2023-33951 ELSA-2023-7077 ELSA-2023-6583

Huawei EulerOS: CVE-2023-0361: gnutls security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 02/15/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. Solution(s) huawei-euleros-2_0_sp10-upgrade-gnutls huawei-euleros-2_0_sp10-upgrade-gnutls-utils References https://attackerkb.com/topics/cve-2023-0361 CVE - 2023-0361 EulerOS-SA-2023-1975

Oracle Linux: CVE-2023-33952: ELSA-2023-7077:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 02/15/2023 Created 11/18/2023 Added 11/16/2023 Modified 01/07/2025 Description A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-33952 CVE - 2023-33952 ELSA-2023-7077 ELSA-2023-6583

Oracle Linux: CVE-2022-41724: ELSA-2023-6380:runc security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 05/29/2023 Added 05/25/2023 Modified 01/08/2025 Description Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-delve oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-golang oracle-linux-upgrade-golang-bin oracle-linux-upgrade-golang-docs oracle-linux-upgrade-golang-misc oracle-linux-upgrade-golang-race oracle-linux-upgrade-golang-src oracle-linux-upgrade-golang-tests oracle-linux-upgrade-go-toolset oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2022-41724 CVE - 2022-41724 ELSA-2023-6380 ELSA-2023-6938 ELSA-2023-3083 ELSA-2023-6402 ELSA-2023-6474 ELSA-2023-6473 ELSA-2023-6939 ELSA-2023-6363 View more

pfSense: pfSense-SA-23_02.webgui: XSS vulnerability in the WebGUI Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/15/2023 Created 02/17/2023 Added 02/16/2023 Modified 02/17/2023 Description A potential Cross-Site Scripting (XSS) vulnerability was found in system_camanager.php and system_certmanager.php, components of the pfSense Plus and pfSense CE software GUI. In both cases, the page did not validate or sanitize the description of CA or certificate entries when editing and saving existing entries. Existing validation covered other actions. There are several places around the GUI which display CA and Certificate descriptions without encoding. This problem is present on pfSense Plus version 22.05, pfSense CE version 2.6.0, and earlier versions of both. Due to the lack of proper encoding on the affected parameters susceptible to XSS, arbitrary JavaScript could be executed in the user's browser. The user's session cookie or other information from the session may be compromised. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-23_02.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/13387

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-0616) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/30/2025 Description If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-0616 CVE - 2023-0616 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-25746) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25746 CVE - 2023-25746 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-0767) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-0767 CVE - 2023-0767 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html