CVE-2024-5016
published 2024-06-25CVE-2024-5016: In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code…
PriorityP260high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
22.37%
97.4th percentile
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.
The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | whatsup_gold | < 23.1.0 | 23.1.0 |
| progress | whatsup_gold | — | — |
| progress_software_corporation | whatsup_gold | >= 2023.1.0 < 2023.1.3 | 2023.1.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5qqw-chw3-g8wp: In WhatsUp Gold versions released before 2023
ghsa_unreviewed·2024-06-25
CVE-2024-5016 [HIGH] CWE-502 GHSA-5qqw-chw3-g8wp: In WhatsUp Gold versions released before 2023
In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM.
The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage for server and NmDistributed.DistributedClient.OnMessage for clients.
Red Hat
kernel: nvdimm: Fix devs leaks in scan_labels()
vendor_redhat·2024-10-21
CVE-2024-47755 CWE-400 kernel: nvdimm: Fix devs leaks in scan_labels()
kernel: nvdimm: Fix devs leaks in scan_labels()
This CVE has been marked as Rejected by the assigning CNA.
Statement: This CVE has been rejected upstream:
https://lore.kernel.org/linux-cve-announce/2024102325-REJECTED-5016@gregkh/T/#u
Red Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations.
As such, this CVE has been marked as "Rejected" in alignment with Red Hat's vulnerability management policies.
If you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further cla
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-25
Published