CVE-2024-49115 Windows Remote Desktop Services Remote Code Execution Vulnerability

...

CVE-2024-49108

CVE-2024-49108 is a Windows Remote Desktop Services remote code execution vulnerability. According to the connected advisories, it is rated high severity (CVSSv3.1 base 8.1) with network access required and no user interaction, and the impact is execution of arbitrary code with high confidentiali...

CVE-2024-49108 Windows Remote Desktop Services Remote Code Execution Vulnerability

...

CVE-2024-49070 Microsoft SharePoint Remote Code Execution Vulnerability

...

CVE-2024-53041

A vulnerability has been identified in Teamcenter Visualization V14.2 All versions V14.2.0.14, Teamcenter Visualization V14.3 All versions V14.3.0.12, Teamcenter Visualization V2312 All versions V2312.0008, Tecnomatix Plant Simulation V2302 All versions V2302.0016, Tecnomatix Plant Simulation V24...

Windows Remote Desktop Services Remote Code Execution Vulnerability

...

Ivanti Connect Secure 安全漏洞

Ivanti Connect Secure is a secure remote network connection tool from Ivanti USA. A code execution vulnerability exists in Ivanti Connect Secure, which can be exploited by an attacker to remotely execute code...

KB5048652: Windows 10 version 21H2 / Windows 10 Version 22H2 Security Update (December 2024)

The remote Windows host is missing security update 5048652. It is, therefore, affected by multiple vulnerabilities - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability CVE-2024-49074 - Input Method Editor IME Remote Code Execution Vulnerability CVE-2024-49079 - Windows Common Log Fil...

Microsoft Windows Remote Desktop Services 安全漏洞

Microsoft Windows Remote Desktop Services is a collection of features from Microsoft USA that allow users to remotely access graphical desktops and Windows applications. A remote code execution vulnerability exists in Microsoft Windows Remote Desktop Services, which is caused by a flaw in the...

KB5048667: Windows 11 Version 24H2 / Windows Server 2025 Security Update (December 2024)

The remote Windows host is missing security update 5048667 or hotpatch 5048794. It is, therefore, affected by multiple vulnerabilities - Input Method Editor IME Remote Code Execution Vulnerability CVE-2024-49079 - Windows Common Log File System Driver Elevation of Privilege Vulnerability...

CVE-2024-52599

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a...

IBM Data Virtualization Manager Code Execution Vulnerability

IBM Data Virtualization Manager is a general-purpose query engine from International Business Machines IBM that performs distributed and virtualized queries across databases, data warehouses, data lakes, and streaming data. A code execution vulnerability exists in IBM Data Virtualization Manager...

Dell NetWorker Management Console Trust Management Issues Vulnerability

Dell NetWorker Management Console is a backup and recovery software from Dell USA. A trust management issue vulnerability exists in Dell NetWorker Management Console version 19.11, which stems from the presence of improper cryptographic signature validation, and can be exploited by an attacker to...

CVE-2024-11156

An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit thi...

CVE-2024-12130

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute...

CVE-2024-12130 Rockwell Automation Arena® Out of Bounds Read Vulnerability

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute...

CVE-2024-11156

Rockwell Automation Arena (and Arena Simulation) is affected by a DOE-file parsing out-of-bounds write that can lead to remote/local arbitrary code execution when a user opens a crafted DOE file. Exploitation requires user interaction (e.g., opening a malicious file/page). Several connected advis...

CVE-2024-11155

Rockwell Automation Arena contains a use-after-free vulnerability in parsing DOE files that could allow an attacker to execute arbitrary code. The issue affects Arena versions prior to 16.20.06 (per Nessus and related advisories). Exploitation requires a legitimate user to run the malicious DOE c...

CVE-2024-11155 Rockwell Automation Arena® Use After Free Vulnerability

A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To...

Proactively Managing High-Risk Vulnerabilities with TruRisk Mitigate™

In late 2024, organizations faced over 65 million detections from three critical vulnerabilities—CVE-2013-2900, CVE-2024-38122, and CVE-2024-30078—underscoring the urgent need for proactive vulnerability management. Adding to these challenges, the Qualys Threat Research Unit TRU uncovered five...