How severe is CVE-2024-10041?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2024-10041?

This is classified as CWE-922, which is a common weakness in software security.

CVE-2024-10041 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Related Vulnerabilities

CVE-2019-20469

MEDIUM

CVSS:4.6(Medium)

An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker wh...

CWE-9222019

CVE-2022-2815

MEDIUM

CVSS:4.6(Medium)

Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10.

CWE-9222022

CVE-2023-49515

MEDIUM

CVSS:4.6(Medium)

Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connecti...

CWE-9222023

CVE-2024-40813

MEDIUM

CVSS:4.6(Medium)

A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able to use Siri to access sens...

CWE-9222024

CVE-2021-28815

MEDIUM

CVSS:4.9(Medium)

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by acces...

CWE-9222021

CVE-2021-42718

MEDIUM

CVSS:4.9(Medium)

Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including appl...

CWE-9222021