CVSS: 7.5EPSS: 0%CPEs: -EXPL: 1CVE-2024-45241
https://notcve.org/view.php?id=CVE-2024-45241
A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. • https://github.com/d4lyw/CVE-2024-45241 https://www.centralsquare.com/solutions/public-safety-software/public-safety-agency-operations/crywolf-false-alarm-management-solution https://daly.wtf/cve-2024-45241-path-traversal-in-centralsquare-crywolf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-39745 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39745
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7166195 https://exchange.xforce.ibmcloud.com/vulnerabilities/297312 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-39746 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39746
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7166018 https://exchange.xforce.ibmcloud.com/vulnerabilities/297313 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-35151 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-35151
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. • https://www.ibm.com/support/pages/node/7165959 https://exchange.xforce.ibmcloud.com/vulnerabilities/292638 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-8072 – Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
https://notcve.org/view.php?id=CVE-2024-8072
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users Mage AI permite a atacantes remotos no autenticados filtrar el historial de comandos del servidor terminal de usuarios arbitrarios • https://research.jfrog.com/vulnerabilities/mage-ai-terminal-server-infoleak-jfsa-2024-001039574 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •