CVE-2024-4540 – Keycloak: exposure of sensitive information in pushed authorization requests (par) kc_restart cookie
https://notcve.org/view.php?id=CVE-2024-4540
Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability. • https://access.redhat.com/errata/RHSA-2024:3566 https://access.redhat.com/errata/RHSA-2024:3567 https://access.redhat.com/errata/RHSA-2024:3568 https://access.redhat.com/errata/RHSA-2024:3570 https://access.redhat.com/errata/RHSA-2024:3572 https://access.redhat.com/errata/RHSA-2024:3573 https://access.redhat.com/errata/RHSA-2024:3574 https://access.redhat.com/errata/RHSA-2024:3575 https://access.redhat.com/errata/RHSA-2024:3576 https://access.redhat.com/security/cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-43555 – Buffer Over-read in Video
https://notcve.org/view.php?id=CVE-2023-43555
Information disclosure in Video while parsing mp2 clip with invalid section length. • https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html • CWE-126: Buffer Over-read •
CVE-2023-43537 – Buffer Over-read in WLAN Host
https://notcve.org/view.php?id=CVE-2023-43537
Information disclosure while handling T2LM Action Frame in WLAN Host. • https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html • CWE-126: Buffer Over-read •
CVE-2024-20071
https://notcve.org/view.php?id=CVE-2024-20071
This could lead to local information disclosure with System execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/June-2024 • CWE-125: Out-of-bounds Read •
CVE-2024-20070
https://notcve.org/view.php?id=CVE-2024-20070
In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/June-2024 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •