CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5012 – WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5012
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, falta una vulnerabilidad de autenticación en WUGDataAccess.Credentials. Esta vulnerabilidad permite a atacantes no autenticados revelar las credenciales de Windows almacenadas en la librería de credenciales del producto. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5010 – WhatsUp Gold TestController multiple information disclosure vulnerabilities
https://notcve.org/view.php?id=CVE-2024-5010
A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1933 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6104 – go-retryablehttp can leak basic auth credentials to log files
https://notcve.org/view.php?id=CVE-2024-6104
This issue could expose sensitive authentication information. • https://discuss.hashicorp.com/c/security https://access.redhat.com/security/cve/CVE-2024-6104 https://bugzilla.redhat.com/show_bug.cgi?id=2294000 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-36682
https://notcve.org/view.php?id=CVE-2024-36682
Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information. • https://security.friendsofpresta.org/modules/2024/06/20/pk_themesettings.html • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-33881
https://notcve.org/view.php?id=CVE-2024-33881
The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter. • https://docs.virtosoftware.com/v/virto-security-frequently-asked-questions-faq https://download.virtosoftware.com/Manuals/nu_ncsc_virto_one_bulk_file_download_v5.4.4_pt_disclosure.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-400: Uncontrolled Resource Consumption •