CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4561 – WhatsUp Gold Server-Side Request Forgery Information Disclosure Vulnerability via FaviconController
https://notcve.org/view.php?id=CVE-2024-4561
In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.2, existe una vulnerabilidad SSRF ciega en FaviconController de Whatsup Gold que permite a un atacante enviar solicitudes HTTP arbitrarias en nombre del servidor vulnerable. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the FaviconController class. The issue results from following HTTP redirects. • https://community.progress.com/s/article/Announcing-WhatsUp-Gold-v2023-1-2 https://www.progress.com/network-monitoring • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30054 – Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-30054
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del SDK de JavaScript del cliente Microsoft Power BI • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30054 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2024-30039 – Windows Remote Access Connection Manager Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-30039
Windows Remote Access Connection Manager Information Disclosure Vulnerability Vulnerabilidad de divulgación de información del Administrador de conexión de acceso remoto de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30039 • CWE-126: Buffer Over-read •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-30036 – Windows Deployment Services Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-30036
Windows Deployment Services Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de los servicios de implementación de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30036 • CWE-41: Improper Resolution of Path Equivalence •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2024-30016 – Windows Cryptographic Services Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-30016
Windows Cryptographic Services Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de servicios criptográficos de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30016 • CWE-125: Out-of-bounds Read •