ZDI-24-886: Progress Software WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability

July 3, 2024

Read Time:20 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request from a local machine in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.4. The following CVEs are assigned: CVE-2024-5009.

golang-github-openprinting-ipp-usb-0.9.30-1.fc41

FEDORA-2025-73800111e8 Packages in this update: golang-github-openprinting-ipp-usb-0.9.30-1.fc41 Update description: 0.9.30, rebuild due golang CVE-2025-22870 Read More

March 18, 2025

nodejs-nodemon-3.1.9-3.fc41

FEDORA-2025-0951177024 Packages in this update: nodejs-nodemon-3.1.9-3.fc41 Update description: Added patch for CVE-2024-4068 (rhbz#2280624) Read More

March 18, 2025

nodejs-nodemon-3.1.9-3.fc40

FEDORA-2025-9a278a7768 Packages in this update: nodejs-nodemon-3.1.9-3.fc40 Update description: Added patch for CVE-2024-4068 (rhbz#2280624) Read More

March 18, 2025

nodejs-nodemon-3.1.9-4.fc42

FEDORA-2025-7d7b644265 Packages in this update: nodejs-nodemon-3.1.9-4.fc42 Update description: Added patch for CVE-2024-4068 (rhbz#2280624) Read More

March 18, 2025

ZDI-25-148: (0Day) Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to...

March 18, 2025

USN-7354-1: djoser vulnerability

Diego Cebrián discovered that djoser did not properly handle user authentication. An attacker with valid credentials could possibly use this...

March 17, 2025

The AI Fix #42: AIs with anxiety, and why AIs don’t know what happened

Security Researcher Proves GenAI Tools Can Develop Google Chrome Infostealers

New Report Highlights Common Passwords in RDP Attacks

BlackBasta Ransomware Ties to Russian Authorities Uncovered

Google Buys Wiz in $32bn Cloud Security Push

Over 16.8 Billion Records Exposed as Data Breaches Increase 6%

Large-Scale Malicious App Campaign Bypassing Android Security

Is Security Human Factors Research Skewed Towards Western Ideas and Habits?

Third of UK Supply Chain Relies on “Chinese Military” Companies

ZDI-24-886: Progress Software WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability

golang-github-openprinting-ipp-usb-0.9.30-1.fc41

nodejs-nodemon-3.1.9-3.fc41

nodejs-nodemon-3.1.9-3.fc40

nodejs-nodemon-3.1.9-4.fc42

ZDI-25-148: (0Day) Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability

USN-7354-1: djoser vulnerability