KB5048667: Windows 11 Version 24H2 / Windows Server 2025 Security Update (December 2024)

The remote Windows host is missing security update 5048667 or hotpatch 5048794. It is, therefore, affected by multiple vulnerabilities - Input Method Editor IME Remote Code Execution Vulnerability CVE-2024-49079 - Windows Common Log File System Driver Elevation of Privilege Vulnerability...

KB5048652: Windows 10 version 21H2 / Windows 10 Version 22H2 Security Update (December 2024)

The remote Windows host is missing security update 5048652. It is, therefore, affected by multiple vulnerabilities - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability CVE-2024-49074 - Input Method Editor IME Remote Code Execution Vulnerability CVE-2024-49079 - Windows Common Log Fil...

CVE-2024-52599

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a...

Dell NetWorker Management Console Trust Management Issues Vulnerability

Dell NetWorker Management Console is a backup and recovery software from Dell USA. A trust management issue vulnerability exists in Dell NetWorker Management Console version 19.11, which stems from the presence of improper cryptographic signature validation, and can be exploited by an attacker to...

IBM Data Virtualization Manager Code Execution Vulnerability

IBM Data Virtualization Manager is a general-purpose query engine from International Business Machines IBM that performs distributed and virtualized queries across databases, data warehouses, data lakes, and streaming data. A code execution vulnerability exists in IBM Data Virtualization Manager...

CVE-2024-12130

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute...

CVE-2024-11156

An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit thi...

CVE-2024-12130 Rockwell Automation Arena® Out of Bounds Read Vulnerability

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute...

CVE-2024-11156

Rockwell Automation Arena (and Arena Simulation) is affected by a DOE-file parsing out-of-bounds write that can lead to remote/local arbitrary code execution when a user opens a crafted DOE file. Exploitation requires user interaction (e.g., opening a malicious file/page). Several connected advis...

CVE-2024-11155 Rockwell Automation Arena® Use After Free Vulnerability

A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To...

CVE-2024-11155

Rockwell Automation Arena contains a use-after-free vulnerability in parsing DOE files that could allow an attacker to execute arbitrary code. The issue affects Arena versions prior to 16.20.06 (per Nessus and related advisories). Exploitation requires a legitimate user to run the malicious DOE c...

Proactively Managing High-Risk Vulnerabilities with TruRisk Mitigate™

In late 2024, organizations faced over 65 million detections from three critical vulnerabilities—CVE-2013-2900, CVE-2024-38122, and CVE-2024-30078—underscoring the urgent need for proactive vulnerability management. Adding to these challenges, the Qualys Threat Research Unit TRU uncovered five...

Fuji Electric Monitouch V-SFT X1 File Parsing Out-of-Bounds Write Code Execution Vulnerability

Fuji Electric Monitouch V-SFT is a configuration software for Human Machine Interfaces HMI from Fuji Electric. It supports a variety of features including customizable home screen, PDF document viewer, video player, alarm messages, 10 pop-up windows, and more. An out-of-bounds write code executio...

Code execution vulnerability in multiple Mozilla products (CNVD-2025-00862)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products, whic...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-werkzeug) security update

An update for python-werkzeug is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Command Execution Vulnerability in the Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co. Ltd (CNVD-C-2024-941497)

Founded in December 2010, Shanghai SinoCom-ArtM Information Technology Co., Ltd. is one of the leading domestic suppliers in the fields of data, intelligent security operation and maintenance, mobile security and security services. A command execution vulnerability exists in the Operations and...

Command Execution Vulnerability in Intelligent IOT Integrated Management Platform of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A command execution vulnerability exists in the Intelligent IOT Integrated Management Platform of Zhejiang Dahua Technology Co. Ltd, which can be exploited b...

Command Execution Vulnerability in UFIDA NC at UFIDA Network Technology Co.

UFIDA NC is a large erp enterprise management system and e-commerce platform. A command execution vulnerability exists in UFIDA NC, which can be exploited by an attacker to execute arbitrary commands...

Command Execution Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.

Founded in December 2010, Shanghai SinoCom-ArtM Information Technology Co., Ltd. is one of the leading domestic suppliers in the fields of data, intelligent security operation and maintenance, mobile security and security services. A command execution vulnerability exists in the Operations and...

IrfanView Code Execution Vulnerability (CNVD-2024-48747)

IrfanView is an image viewer. It supports image browsing, image editing, image format conversion and so on. IrfanView suffers from a code execution vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current process...