CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39925
https://notcve.org/view.php?id=CVE-2024-39925
13 Sep 2024 — An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a copy of the organization key. Additionally, the application fails to adequately protect some encrypted data stored on the server. • https://github.com/dani-garcia/vaultwarden/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39926
https://notcve.org/view.php?id=CVE-2024-39926
13 Sep 2024 — An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code into the dashboard, which is then executed or rendered in the context of an administrator's browser when viewing the injected content. However, it is important to note that the default Content Security Policy (CSP) of the applica... • https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-7652 – mozilla: Type Confusion in Async Generators in Javascript Engine
https://notcve.org/view.php?id=CVE-2024-7652
06 Sep 2024 — An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially lead... • https://bugzilla.mozilla.org/show_bug.cgi?id=1901411 • CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43102 – umtx Kernel panic or Use-After-Free
https://notcve.org/view.php?id=CVE-2024-43102
05 Sep 2024 — Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape. • https://security.freebsd.org/advisories/FreeBSD-SA-24:14.umtx.asc • CWE-416: Use After Free CWE-911: Improper Update of Reference Count •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32668 – bhyve(8) privileged guest escape via USB controller
https://notcve.org/view.php?id=CVE-2024-32668
05 Sep 2024 — An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. • https://security.freebsd.org/advisories/FreeBSD-SA-24:12.bhyve.asc • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-45063 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-45063
05 Sep 2024 — The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code ... • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43110 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-43110
05 Sep 2024 — The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42416 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-42416
05 Sep 2024 — The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious... • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-790: Improper Filtering of Special Elements CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8178 – Multiple issues in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-8178
05 Sep 2024 — The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution... • https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc • CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41928 – bhyve(8) privileged guest escape via TPM device passthrough
https://notcve.org/view.php?id=CVE-2024-41928
05 Sep 2024 — Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. • https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •