CVE-2023-28746 – kernel: Local information disclosure on Intel(R) Atom(R) processors
https://notcve.org/view.php?id=CVE-2023-28746
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. ... This issue may allow a malicious actor to achieve a local information disclosure, impacting the data confidentiality of the targeted system. • http://www.openwall.com/lists/oss-security/2024/03/12/13 https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIUICU6CVJUIB6BPJ7P5QTPQR5VOBHFK https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H63LGAQXPEVJOES73U4XK65I6DASOAAG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org • CWE-1342: Information Exposure through Microarchitectural State after Transient Execution •
CVE-2023-27502
https://notcve.org/view.php?id=CVE-2023-27502
Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00923.html • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2023-38575
https://notcve.org/view.php?id=CVE-2023-38575
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html https://security.netapp.com/advisory/ntap-20240405-0008 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00982.html • CWE-1303: Non-Transparent Sharing of Microarchitectural Resources •
CVE-2023-43490
https://notcve.org/view.php?id=CVE-2023-43490
Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html https://security.netapp.com/advisory/ntap-20240405-0009 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01045.html • CWE-682: Incorrect Calculation •
CVE-2024-25154 – Path Traversal in FileCatalyst Direct 3.8.8 and Earlier
https://notcve.org/view.php?id=CVE-2024-25154
Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage. • https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html https://www.fortra.com/security/advisory/fi-2024-003 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •