CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45063 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-45063
The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-43110 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-43110
The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-42416 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-42416
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-790: Improper Filtering of Special Elements CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-8178 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-8178
The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42885
https://notcve.org/view.php?id=CVE-2024-42885
SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. • https://supervisor0.notion.site/ESAFENET-CDG-SQL-Injection-17d7e244810147f697c3c42a884f932b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •