CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-39745 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39745
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. • https://www.ibm.com/support/pages/node/7166195 https://exchange.xforce.ibmcloud.com/vulnerabilities/297312 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-39746 – IBM Sterling Connect:Direct Web Services information disclosure
https://notcve.org/view.php?id=CVE-2024-39746
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. • https://www.ibm.com/support/pages/node/7166018 https://exchange.xforce.ibmcloud.com/vulnerabilities/297313 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-35151 – IBM OpenPages information disclosure
https://notcve.org/view.php?id=CVE-2024-35151
IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs. • https://www.ibm.com/support/pages/node/7165959 https://exchange.xforce.ibmcloud.com/vulnerabilities/292638 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-8072 – Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
https://notcve.org/view.php?id=CVE-2024-8072
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users Mage AI permite a atacantes remotos no autenticados filtrar el historial de comandos del servidor terminal de usuarios arbitrarios • https://research.jfrog.com/vulnerabilities/mage-ai-terminal-server-infoleak-jfsa-2024-001039574 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-36441 – DiCal-RED 4009 Information Disclosure
https://notcve.org/view.php?id=CVE-2024-36441
An unauthenticated attacker can therefore gain information about current emergency situations and possibly also emergency vehicle positions or routes. • https://www.swissphone.com/en-us/solutions/components/terminals/radio-data-module-dical-red https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-042.txt • CWE-284: Improper Access Control •