CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47339 – media: v4l2-core: explicitly clear ioctl input data
https://notcve.org/view.php?id=CVE-2021-47339
21 May 2024 — As the drivers need to check user input already, the possible impact is fairly low, but it might still cause an information leak. ... As the drivers need to check user input already, the possible impact is fairly low, but it might still cause an information leak. • https://git.kernel.org/stable/c/dc02c0b2bd6096f2f3ce63e1fc317aeda05f74d8 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3CVE-2024-4323 – Fluent Bit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2024-4323
20 May 2024 — This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution. • https://github.com/d0rb/CVE-2024-4323 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-1968 – Authorization Header Leakage in scrapy/scrapy on Scheme Change Redirects
https://notcve.org/view.php?id=CVE-2024-1968
20 May 2024 — Consequently, when a redirect downgrades from HTTPS to HTTP, the Authorization header may be inadvertently exposed in plaintext, leading to potential sensitive information disclosure to unauthorized actors. • https://github.com/scrapy/scrapy/commit/1d0502f25bbe55a22899af915623fda1aaeb9dd8 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34798 – WordPress Debug Log – Manger Tool plugin <= 1.4.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34798
20 May 2024 — Insertion of Sensitive Information into Log File vulnerability in Lukman Nakib Debug Log – Manger Tool.This issue affects Debug Log – Manger Tool: from n/a through 1.4.5. ... The Debug Log – Manger Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/debug-log-config-tool/wordpress-debug-log-manger-tool-plugin-1-4-5-sensitive-data-exposure-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35893 – net/sched: act_skbmod: prevent kernel-infoleak
https://notcve.org/view.php?id=CVE-2024-35893
19 May 2024 — [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: ... • https://git.kernel.org/stable/c/86da71b57383d40993cb90baafb3735cffe5d800 •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5096 – Hipcam Device MAC Address wifi.mac information disclosure
https://notcve.org/view.php?id=CVE-2024-5096
19 May 2024 — The manipulation leads to information disclosure. ... NOTE: The vendor was contacted early about this disclosure but did not respond in any way. ... Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://netsecfish.notion.site/Unauthorized-Access-to-MAC-Address-in-Hipcam-Device-a9a8daeeda954e83af847eb27805dc99?pvs=4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35849 – btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
https://notcve.org/view.php?id=CVE-2024-35849
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_t... • https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772 •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48727
https://notcve.org/view.php?id=CVE-2023-48727
16 May 2024 — NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference •
CVSS: 2.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-22384
https://notcve.org/view.php?id=CVE-2024-22384
16 May 2024 — Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00983.html • CWE-125: Out-of-bounds Read •
CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38420
https://notcve.org/view.php?id=CVE-2023-38420
16 May 2024 — Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html • CWE-703: Improper Check or Handling of Exceptional Conditions CWE-754: Improper Check for Unusual or Exceptional Conditions •