CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5012 – WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5012
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, falta una vulnerabilidad de autenticación en WUGDataAccess.Credentials. Esta vulnerabilidad permite a atacantes no autenticados revelar las credenciales de Windows almacenadas en la librería de credenciales del producto. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5010 – WhatsUp Gold TestController multiple information disclosure vulnerabilities
https://notcve.org/view.php?id=CVE-2024-5010
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad en la funcionalidad TestController. Una solicitud HTTP no autenticada especialmente manipulada puede dar lugar a la divulgación de información confidencial. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1933 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23962 – Alpine Halo9 Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23962
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23937 – Silicon Labs Gecko OS Debug Interface Format String Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23937
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37115 – WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37115
This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •