CVE-2024-6096 – Unsafe Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-6096
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. • https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVE-2024-6327 – Progress Telerik Report Server Deserialization
https://notcve.org/view.php?id=CVE-2024-6327
In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. • https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327 https://www.telerik.com/report-server • CWE-502: Deserialization of Untrusted Data •
CVE-2024-4882 – URL Redirection to Arbitrary Site Exists in Sitefinity
https://notcve.org/view.php?id=CVE-2024-4882
The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. El usuario puede ser redirigido a un sitio arbitrario en Sitefinity 15.1.8321.0 y versiones anteriores. • https://community.progress.com/s/article/Open-Redirect-vulnerability-CVE-2024-4882 https://www.progress.com/sitefinity-cms • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2024-5019 – WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5019
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole privileges. En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe un problema de lectura arbitraria de archivos no autenticados en Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. Esta vulnerabilidad permite la lectura de cualquier archivo con privilegios iisapppool\NmConsole. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-5018 – WhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-5018
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory . En las versiones de WhatsUp Gold lanzadas antes de 2023.1.3, existe una vulnerabilidad de Path Traversal no autenticada Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. Esto permite la lectura de cualquier archivo desde el directorio raíz web de la aplicación. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 https://www.progress.com/network-monitoring • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •