CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5010 – WhatsUp Gold TestController multiple information disclosure vulnerabilities
https://notcve.org/view.php?id=CVE-2024-5010
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad en la funcionalidad TestController. Una solicitud HTTP no autenticada especialmente manipulada puede dar lugar a la divulgación de información confidencial. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1933 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23962 – Alpine Halo9 Missing Authentication Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23962
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DLT interface, which listens on TCP port 3490 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. •
CVSS: 4.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-23937 – Silicon Labs Gecko OS Debug Interface Format String Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-23937
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the debug interface. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37115 – WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37115
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Automattic Newspack Blocks. Este problema afecta a Newspack Blocks: desde n/a hasta 3.0.8. The Newspack Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-sensitive-data-exposure-vulnerability? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37205 – WordPress affiliate-toolkit plugin <= 3.4.4 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-37205
Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4. Vulnerabilidad de inserción de información confidencial en un archivo de registro en SERVIT Software Solutions. Este problema afecta al kit de herramientas de afiliados: desde n/a hasta 3.4.4. The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.4 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files. • https://patchstack.com/database/vulnerability/affiliate-toolkit-starter/wordpress-affiliate-toolkit-plugin-3-4-4-sensitive-data-exposure-via-log-file-vulnerability? • CWE-532: Insertion of Sensitive Information into Log File •