CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41721 – bhyve(8) out-of-bounds read access via XHCI emulation
https://notcve.org/view.php?id=CVE-2024-41721
19 Sep 2024 — An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution. Una validación de los límites insuficiente en el código USB podría provocar una lectura fuera de los límites en el montón, lo que potencialmente podría generar una escritura arbitraria y la ejecución remota de código. bhyve can be configured to emulate devices on a virtual USB controller (XHCI), such as USB tablet devices. An insuf... • https://security.freebsd.org/advisories/FreeBSD-SA-24:15.bhyve.asc • CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-23984 – Ubuntu Security Notice USN-7033-1
https://notcve.org/view.php?id=CVE-2024-23984
16 Sep 2024 — Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controller when using Intel SGX. This may allow a local privileged attacker to further escalate their privileges. It was discovered that some 4th and 5th Generation Intel Xeon Processors did not properly implement finite... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html • CWE-203: Observable Discrepancy •
CVSS: 5.6EPSS: 0%CPEs: 15EXPL: 0CVE-2024-24968 – microcode_ctl: Denial of Service
https://notcve.org/view.php?id=CVE-2024-24968
16 Sep 2024 — Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of service via local access. A flaw was found in intel Processors. Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to enable a denial of service via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controlle... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html • CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-39924
https://notcve.org/view.php?id=CVE-2024-39924
13 Sep 2024 — An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait... • https://github.com/l4rm4nd/PoC-CVE-2024-39924 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39925
https://notcve.org/view.php?id=CVE-2024-39925
13 Sep 2024 — An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. • https://github.com/dani-garcia/vaultwarden/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39926
https://notcve.org/view.php?id=CVE-2024-39926
13 Sep 2024 — An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the applica... • https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-7652 – mozilla: Type Confusion in Async Generators in Javascript Engine
https://notcve.org/view.php?id=CVE-2024-7652
06 Sep 2024 — An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially lead... • https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 • CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-45063 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-45063
05 Sep 2024 — The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code ... • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-416: Use After Free •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32668 – bhyve(8) privileged guest escape via USB controller
https://notcve.org/view.php?id=CVE-2024-32668
04 Sep 2024 — An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. bhyve can be configured to emulate devices on a virtual USB ... • https://security.freebsd.org/advisories/FreeBSD-SA-24:12.bhyve.asc • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41928 – bhyve(8) privileged guest escape via TPM device passthrough
https://notcve.org/view.php?id=CVE-2024-41928
04 Sep 2024 — Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. bhyve can be configured to provide access to the host's TPM device, where it passes the communication through an emulated device provided to the guest. This may be performed on the command-line by starting bhyv... • https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •