CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-38382 – Ability Runtime has an out-of-bounds read permission bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-38382
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. en OpenHarmony v4.0.0 y versiones anteriores, se permite que un atacante local provoque fugas de información a través de lecturas fuera de los límites. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md • CWE-125: Out-of-bounds Read CWE-922: Insecure Storage of Sensitive Information •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-20088
https://notcve.org/view.php?id=CVE-2024-20088
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/September-2024 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-20085
https://notcve.org/view.php?id=CVE-2024-20085
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/September-2024 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-20084
https://notcve.org/view.php?id=CVE-2024-20084
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/September-2024 • CWE-125: Out-of-bounds Read •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8365 – Vault Leaks AppRole Client Tokens And Accessor in Audit Log
https://notcve.org/view.php?id=CVE-2024-8365
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. Vault Community Edition y Vault Enterprise experimentaron una regresión en la que se eliminó la funcionalidad que codificaba mediante HMAC los encabezados confidenciales en el dispositivo de auditoría configurado, específicamente los tokens de cliente y los descriptores de acceso de token. Esto provocó que los valores de texto sin formato de los tokens de cliente y los descriptores de acceso de token se almacenaran en el registro de auditoría. • https://discuss.hashicorp.com/t/hcsec-2024-18-vault-leaks-client-token-and-token-accessor-in-audit-devices • CWE-532: Insertion of Sensitive Information into Log File •