CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4357 – XML External Entity Processing Information Disclosure
https://notcve.org/view.php?id=CVE-2024-4357
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. • https://docs.telerik.com/report-server/knowledge-base/xxe-vulnerability-cve-2024-4357 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3486 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3486
This could lead to information disclosure and remote code execution. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3485 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3485
This could lead to senstive information disclosure. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3970 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3970
This could lead to senstive information disclosure by directory traversal. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5937 – Sensitive data exfiltration via unsafe permissions on Windows systems in Arc before v1.6.0
https://notcve.org/view.php?id=CVE-2023-5937
On Windows systems, the Arc configuration files resulted to be world-readable. This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration files. • https://security.nozominetworks.com/NN-2023:15-01 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-732: Incorrect Permission Assignment for Critical Resource •