CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57910 – iio: light: vcnl4035: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57910
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to ... • https://git.kernel.org/stable/c/da8ef748fec2d55db0ae424ab40eee0c737564aa • CWE-908: Use of Uninitialized Resource •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57908 – iio: imu: kmx61: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57908
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is u... • https://git.kernel.org/stable/c/c3a23ecc0901f624b681bbfbc4829766c5aa3070 • CWE-908: Use of Uninitialized Resource •
CVSS: 3.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38829 – Spring LDAP sensitive data exposure for case-sensitive comparisons
https://notcve.org/view.php?id=CVE-2024-38829
04 Dec 2024 — A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 Una v... • https://spring.io/security/cve-2024-38829 • CWE-178: Improper Handling of Case Sensitivity •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49975 – uprobes: fix kernel info leak via "[uprobes]" vma
https://notcve.org/view.php?id=CVE-2024-49975
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. ... • https://git.kernel.org/stable/c/d4b3b6384f98f8692ad0209891ccdbc7e78bbefe •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38815
https://notcve.org/view.php?id=CVE-2024-38815
09 Oct 2024 — VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47671 – USB: usbtmc: prevent kernel-usb-infoleak
https://notcve.org/view.php?id=CVE-2024-47671
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. • https://git.kernel.org/stable/c/4ddc645f40e90fa3bc7af3a3f3bd7d29e671a775 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 3CVE-2024-44947 – fuse: Initialize beyond-EOF page contents before setting uptodate
https://notcve.org/view.php?id=CVE-2024-44947
02 Sep 2024 — This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). ... • https://packetstorm.news/files/id/189855 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42076 – net: can: j1939: Initialize unused data in j1939_send_one()
https://notcve.org/view.php?id=CVE-2024-42076
29 Jul 2024 — [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: ... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35893 – net/sched: act_skbmod: prevent kernel-infoleak
https://notcve.org/view.php?id=CVE-2024-35893
19 May 2024 — [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline] BUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline] BUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline] BUG: ... • https://git.kernel.org/stable/c/86da71b57383d40993cb90baafb3735cffe5d800 •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22270 – VMware Workstation hgfsVMCI_fileread Use of Uninitialized Variable Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-22270
14 May 2024 — VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. ... VMware Workstation y Fusion contienen una vulnerabilidad de divulgación de información en la funcionalidad Host Guest File Sharing (HGFS). ... This vulnerability allows local attackers to disclose ... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •