CVE-2024-43090
https://notcve.org/view.php?id=CVE-2024-43090
This could lead to local information disclosure with User execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/4677d3ee0ec2d31acc6108fea7be6cced971da37 https://source.android.com/security/bulletin/2024-11-01 • CWE-862: Missing Authorization •
CVE-2024-43086
https://notcve.org/view.php?id=CVE-2024-43086
In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/55a3d36701bb874358f685d3ac3381eda10fcff0 https://source.android.com/security/bulletin/2024-11-01 • CWE-276: Incorrect Default Permissions •
CVE-2024-43084
https://notcve.org/view.php?id=CVE-2024-43084
In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/50eec20b570cd4cbbe8c5971af4c9dda3ddcb858 https://source.android.com/security/bulletin/2024-11-01 •
CVE-2024-43082
https://notcve.org/view.php?id=CVE-2024-43082
This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/6aa1b4fbf5936a1ff5bdbb79397c94910a6ed8f5 https://source.android.com/security/bulletin/2024-11-01 • CWE-125: Out-of-bounds Read •
CVE-2024-11165
https://notcve.org/view.php?id=CVE-2024-11165
An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS token in plaintext. • https://github.com/yugabyte/yugabyte-db/commit/920989b6c0db0222bb7a0cce46febc76cf72d438 • CWE-532: Insertion of Sensitive Information into Log File •