What is the difference between confirmed vulnerabilities (red) and potential vulnerabilities (yellow)?
Confirmed vulnerabilities were positively identified by QualysGuard.
Potential vulnerabilities include vulnerabilities that cannot be fully verified. In these cases, at least one necessary condition for the vulnerability is detected. It is recommended that you investigate these vulnerabilities further to determine if they are present or not.
QualysGuard can verify the existence of some potential vulnerabilities when authenticated / trusted scanning is enabled and will promote potential vulnerabilities to confirmed vulnerabilities in that case.
Qualys Support KnowledgeBase