CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27255 – IBM MQ Container information disclosure
https://notcve.org/view.php?id=CVE-2024-27255
IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://exchange.xforce.ibmcloud.com/vulnerabilities/283905 https://www.ibm.com/support/pages/node/7126571 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0CVE-2019-25210 – helm: shows secrets with --dry-run option in clear text
https://notcve.org/view.php?id=CVE-2019-25210
A vulnerability was found in Helm that may lead to sensitive information disclosure. • https://github.com/helm/helm/issues/7275 https://helm.sh/blog/response-cve-2019-25210 https://www.cncf.io/projects/helm https://access.redhat.com/security/cve/CVE-2019-25210 https://bugzilla.redhat.com/show_bug.cgi?id=2268201 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-1869
https://notcve.org/view.php?id=CVE-2024-1869
Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220. • https://support.hp.com/us-en/document/ish_10235960-10236033-16/hpsbpi03920 • CWE-125: Out-of-bounds Read •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24904
https://notcve.org/view.php?id=CVE-2024-24904
Exploitation may lead to information disclosure, session theft, or client-side request forgery. • https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24905
https://notcve.org/view.php?id=CVE-2024-24905
Exploitation may lead to information disclosure, session theft, or client-side request forgery. • https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •