CVSS: 5.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-39285
https://notcve.org/view.php?id=CVE-2024-39285
13 Nov 2024 — Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privileged user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01175.html • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11193
https://notcve.org/view.php?id=CVE-2024-11193
13 Nov 2024 — An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access to these logs to view the LDAP bi... • https://github.com/yugabyte/yugabyte-db/commit/0bf6e5a3e9c0718a28e654483596615d0798b208 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 2.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-28051
https://notcve.org/view.php?id=CVE-2024-28051
13 Nov 2024 — Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01131.html • CWE-125: Out-of-bounds Read •
CVSS: 4.6EPSS: 0%CPEs: -EXPL: 0CVE-2024-25563
https://notcve.org/view.php?id=CVE-2024-25563
13 Nov 2024 — Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01108.html • CWE-665: Improper Initialization •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2024-43090
https://notcve.org/view.php?id=CVE-2024-43090
13 Nov 2024 — This could lead to local information disclosure with User execution privileges needed. • https://github.com/nidhihcl75/frameworks_base_AOSP10_r33_CVE-2024-43090 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43086
https://notcve.org/view.php?id=CVE-2024-43086
13 Nov 2024 — This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/55a3d36701bb874358f685d3ac3381eda10fcff0 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43084
https://notcve.org/view.php?id=CVE-2024-43084
13 Nov 2024 — In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/50eec20b570cd4cbbe8c5971af4c9dda3ddcb858 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43082
https://notcve.org/view.php?id=CVE-2024-43082
13 Nov 2024 — This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/6aa1b4fbf5936a1ff5bdbb79397c94910a6ed8f5 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-11165
https://notcve.org/view.php?id=CVE-2024-11165
13 Nov 2024 — An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS token in plaintext. This oversight results in sensitive information l... • https://github.com/yugabyte/yugabyte-db/commit/920989b6c0db0222bb7a0cce46febc76cf72d438 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11117 – Debian Security Advisory 5817-1
https://notcve.org/view.php?id=CVE-2024-11117
12 Nov 2024 — (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •