ZDI-24-890: Progress Software WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability

July 3, 2024

Read Time:13 Second

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-5015.

openssl-3.2.2-7.fc41

FEDORA-2024-7d5c1bcc78 Packages in this update: openssl-3.2.2-7.fc41 Update description: Fix CVE-2024-5535: SSL_select_next_proto buffer overread Read More

September 12, 2024

USN-7006-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null...

September 12, 2024

USN-7005-1: Linux kernel vulnerabilities

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...

September 12, 2024

USN-7004-1: Linux kernel vulnerabilities

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could...

September 12, 2024

USN-7002-1: Setuptools vulnerability

It was discovered that setuptools was vulnerable to remote code execution. An attacker could possibly use this issue to execute...

September 12, 2024

USN-7003-2: Linux kernel vulnerabilities

It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local...

September 12, 2024

Irish Data Protection Regulator to Investigate Google AI

WordPress plugin and theme developers told they must use 2FA

Microsoft Is Adding New Cryptography Algorithms

Schools Face Million-Dollar Bills as Ransomware Rises

TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested

Mastercard Acquires Global Threat Intelligence Firm Recorded Future for $2.65bn

Lazarus Group Targets Developers in Fresh VMConnect Campaign

UK Recognizes Data Centers as Critical National Infrastructure

Smashing Security podcast #384: A room with a view, AI music shenanigans, and a cocaine bear

ZDI-24-890: Progress Software WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability

openssl-3.2.2-7.fc41

USN-7006-1: Linux kernel vulnerabilities

USN-7005-1: Linux kernel vulnerabilities

USN-7004-1: Linux kernel vulnerabilities

USN-7002-1: Setuptools vulnerability

USN-7003-2: Linux kernel vulnerabilities