This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-4885.
ZDI-24-894: Progress Software WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-4884.
ZDI-24-895: Progress Software WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5008.
DSA-5725-1 znc – security update
Johannes Kuhn discovered that messages and channel names are not
properly escaped in the modtcl module in ZNC, a IRC bouncer, which could
result in remote code execution via specially crafted messages.
Mobile Political Spam Surges Threefold For 2024 Election
Proofpoint highlighted how smishing, impersonation and spam are eroding trust in mobile messaging
Chrome Update Will Block Entrust Certificates by November 2024
The move follows a series of reported compliance failures and lack of progress in addressing publicly disclosed incidents
Ransomware Attack Demands Reach a Staggering $5.2m in 2024
Comparitech calculated that the average ransom demand was over $5.2m in the first six months of 2024, with 421 confirmed incidents during this period
USN-6860-1: OpenVPN vulnerabilities
Reynir Björnsson discovered that OpenVPN incorrectly handled terminating
client connections. A remote authenticated client could possibly use this
issue to keep the connection active, bypassing certain security policies.
This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS.
(CVE-2024-28882)
Reynir Björnsson discovered that OpenVPN incorrectly handled certain
control channel messages with nonprintable characters. A remote attacker
could possibly use this issue to cause OpenVPN to consume resources, or
fill up log files with garbage, leading to a denial of service.
(CVE-2024-5594)
The AI Fix #5: An angry AI girlfriend, and artificial intelligence is stupid
Find out why AI is stupid, what Toys “R” Us has done that’s even more annoying than putting that “R” in its name, why Graham Cluley has an angry AI girlfriend, and much much more in episode five of “The AI Fix” podcast
onnx-1.14.1-3.fc40
FEDORA-2024-d9c7181a19
Packages in this update:
onnx-1.14.1-3.fc40
Update description:
Security fix for CVE-2024-5187