Sai Cheng

Name of the Vulnerable Software and Affected Versions: pfSense versions 2.4.4-p2 and earlier Description: An authenticated Cross-Site Scripting issue was found in the pfSense software WebGUI. The `descr` (description) parameter of wake-on-LAN entries in the widgets/widgets/wake on lan widget.php component was not properly encoded, leading to a possible stored XSS. Recommendations: For versions 2.4.4-p2 and earlier, update to a version that contains a fix for this issue to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Connected User Experiences and Telemetry Service (affected versions not specified) **Description** A Denial Of Service issue exists due to the Connected User Experiences and Telemetry Service's failure to properly validate certain function values. An attacker who successfully exploits this could deny dependent security feature functionality. To exploit, an attacker must log on to an affected system and run a specially crafted application. The issue is related to insufficient permission validation for a critical resource. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to the incorrect handling of objects in memory by the ActiveX Installer Service in Windows operating systems. This can be exploited by an attacker using a specially crafted application to elevate their privileges. The vulnerability allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.