CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39926
https://notcve.org/view.php?id=CVE-2024-39926
13 Sep 2024 — An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the applica... • https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-7652 – mozilla: Type Confusion in Async Generators in Javascript Engine
https://notcve.org/view.php?id=CVE-2024-7652
06 Sep 2024 — An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially lead... • https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 • CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-45063 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-45063
05 Sep 2024 — The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code ... • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8178 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-8178
04 Sep 2024 — The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution... • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41928 – bhyve(8) privileged guest escape via TPM device passthrough
https://notcve.org/view.php?id=CVE-2024-41928
04 Sep 2024 — Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. bhyve can be configured to provide access to the host's TPM device, where it passes the communication through an emulated device provided to the guest. This may be performed on the command-line by starting bhyv... • https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45288 – Multiple vulnerabilities in libnv
https://notcve.org/view.php?id=CVE-2024-45288
04 Sep 2024 — A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated buffer. CVE-2024-45287 is a vulnerability that affects both the kernel and userland. A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. CVE-2024-45288 is a vulnerability that affects both the kernel and userland. A missing null-termination character in the last element... • https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc • CWE-170: Improper Null Termination CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42416 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-42416
04 Sep 2024 — The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious... • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-790: Improper Filtering of Special Elements CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43110 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-43110
04 Sep 2024 — The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. ... • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45287 – Multiple vulnerabilities in libnv
https://notcve.org/view.php?id=CVE-2024-45287
04 Sep 2024 — A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. The introduced check was incorrect, as it took into account the size of the pointer, not the structure. This vulnerability affects both kernel and userland. This issue was or... • https://security.freebsd.org/advisories/FreeBSD-SA-24:09.libnv.asc • CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32668 – bhyve(8) privileged guest escape via USB controller
https://notcve.org/view.php?id=CVE-2024-32668
04 Sep 2024 — An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. bhyve can be configured to emulate devices on a virtual USB ... • https://security.freebsd.org/advisories/FreeBSD-SA-24:12.bhyve.asc • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •