Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for all severities.
Disclaimer: The Vulnerability Detection Pipeline is intended to give users an early insight into some of the CVEs the Qualys Research Team is investigating. It may not show all the CVEs that are actively being investigated. Specific CVE feature requests filed via a Qualys Support case may or may not show up on this page. Please reach out to Qualys Support for status of such support cases.
Under investigation:
We are researching a detection and will publish one if
it is feasible.
In development:
We are coding a detection and will typically publish it
within a few days.
Recently published:
We have published the detection on the date indicated,
and it will typically be available in the KnowledgeBase
on shared platforms within a day.
Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
Affected OS:
Fedora 35
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
Affected Software:
Oracle Database 12.2.01
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Affected OS:
Fedora 36
Affected Software:
Oracle Database 12.2.01
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Patch is NOT available for the package.
Patch is NOT available for the package.
Affected OS:
Fedora 35
Affected OS:
Fedora 36
Affected OS:
Fedora 36
In installed version of PHP, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
Affected Versions:
PHP versions 8.1.x prior to 8.1.8
QID Detection Logic (Unauthenticated):
This QID checks the HTTP Server header to see if the server is running a vulnerable version of PHP.
Multiple SQL Injection vulnerabilities (CVE-2022-40300) were discovered in Password Manager Pro, PAM360 and Access Manager Plus.
Affected Versions:
Access Manager Plus 4304 and below
Password Manager Pro 12120 and below
PAM360 5550 and below
QID Detection Logic:
.
Authenticated : This QID checks the product.conf file to check if latest build is installed
Affected versions of PHP has multiple vulnerabilities:
CVE-2022-31626 : mysqlnd/pdo password buffer overflow leading to RCE
CVE-2022-31625 : Uninitialized array in pg_query_params() leading to RCE
Affected Versions:
PHP versions 7.4.x prior to 7.4.30
PHP versions 8.0.x prior to 8.0.20
PHP versions 8.1.x prior to 8.1.7
QID Detection Logic (Unauthenticated):
This QID checks the HTTP Server header to see if the server is running a vulnerable version of PHP.
Affected OS:
Fedora 35
Affected OS:
Fedora 35
Affected OS:
Fedora 36
Affected OS:
Fedora 35
Affected OS:
Fedora 36
Affected OS:
Fedora 35
Booster for WooCommerce contains multiple vulnerabilities:
CVE-2022-41805: The plugin does not have CSRF checks, allowing attackers to perform CSRF attack.
CVE-2022-3762: The plugins do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrary files from the server even when they are not supposed to be able to (for example in multisite)
CVE-2022-3763: The plugins do not have CSRF check in place when deleting files uploaded at the checkout, allowing attackers to make a logged in shop manager or admin delete them via a CSRF attack
Affected Versions:
The Booster for WooCommerce WordPress plugin before 5.6.7
QID Detection Logic:
This QID sends a HTTP GET request and checks for vulnerable version of WordPress plugin running on the target application.
Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):Affected Products:
Affected Software:
Oracle Database 12.2.01
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected versions of Easy WP SMTP plugin unserialises the content of an imported file, which could lead to PHP object injection issue when an admin imports a malicious file and a suitable gadget chain is present on the blog.
Affected versions:
Easy WP SMTP prior to version 1.5.0
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request and checks for vulnerable version of WordPress plugin running on the target application.
Affected versions of PHP has multiple vulnerabilities:
CVE-2022-31628 : The vulnerability exists due to infinite loop within the phar uncompressor code when processing "quines" gzip files. A remote attacker can pass a specially crafted archive to the application, consume all available system resources and cause denial of service conditions.
CVE-2022-31629: The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a '__Host-' or '__Secure-' cookie by PHP applications.
Affected Versions:
PHP versions before 7.4.31
PHP versions 8.0.0 prior to 8.0.24
PHP versions 8.1.0 prior to 8.1.11
QID Detection Logic (Unauthenticated):
This QID checks the HTTP Server header to see if the server is running a vulnerable version of PHP.
Broken Access Control vulnerability in WordPress LoginPress plugin on WordPress leading to unauth changing of Opt-In or Opt-Out tracking settings.
Affected Versions:
WordPress LoginPress Plugin before 1.6.2
QID Detection Logic:
This QID sends a HTTP GET request and checks for vulnerable version of WordPress plugin running on the target application.
A Race Condition vulnerability exists in WP-Polls plugins which requires subscriber or higher role user authentication for exploitation.
Affected versions:
WP-Polls prior to version 2.77.0
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request and checks for vulnerable version of WordPress plugin running on the target application.
AFFECTED PRODUCTS
The following SIMATIC products are affected
CFU DIQ (6ES7655-5PX31-1XX0): All versions
CFU PA (6ES7655-5PX11-0XX0): All versions
ET200AL IM157-1 PN: All versions
ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0): Versions 5.1.1 and later
ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0): Versions 5.1.1 and later
ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0): Versions 5.1.1 and later
ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0): Versions 5.1.1 and later
ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0): Versions 5.1.1 and later
ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0): Versions 5.1.1 and later
ET200MP IM155-5 PN HF (incl. SIPLUS variants): Versions 4.2 and later
ET200SP IM155-6 MF HF: All versions
ET200SP IM155-6 PN HA (incl. SIPLUS variants): All versions
ET200SP IM155-6 PN HF (incl. SIPLUS variants): Versions 4.2 and later
ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants): Versions 4.2 and later
ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants): Versions 4.2 and later
ET 200pro IM154-8 PN/DP CPU(6ES7154-8AB01-0AB0): All versions prior to V3.2.19
ET 200pro IM154-8F PN/DP CPU(6ES7154-8FB01-0AB0): All versions prior to V3.2.19
ET 200pro IM154-8FX PN/DP CPU(6ES7154-8FX00-0AB0): All versions prior to V3.2.19
ET 200S IM151-8 PN/DP CPU(6ES7151-8AB01-0AB0): All versions prior to V3.2.19
ET 200S IM151-8F PN/DP CPU(6ES7151-8FB01-0AB0): All versions prior to V3.2.19
PN/MF Coupler (6ES7158-3MU10-0XA0): All versions
PN/PN Coupler (6ES7158-3AD10-0XA0): Versions 4.2 and later
S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0): All versions prior to V3.3.19
S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0): All versions prior to V3.2.19
S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0): All versions prior to V3.2.19
S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0): All versions prior to V3.2.19
S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0): All versions prior to V3.2.19
S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0): All versions prior to V3.2.19
S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0): All versions prior to V3.2.19
S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0): All versions prior to V3.2.19
S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0): All versions prior to V3.2.19
S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0): All versions prior to V3.2.19
S7-400 H V6 CPU family (incl. SIPLUS variants): All versions prior to v6.0.10
S7-400 PN/DP V7 CPU family (incl. SIPLUS variants): All versions
S7-410 V8 CPU family (incl. SIPLUS variants): All versions prior to V8.2.3
S7-410 V8 CPU family (incl. SIPLUS variants): All versions
S7-410 V10 CPU family (incl. SIPLUS variants): All versions
S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): All versions prior to v2.0.0
TDC CP51M1: All versions
TDC CPU555: All versions
WinAC RTX: All versions
The following SINAMICS products are affected
DCM: All versions with Ethernet interface
G110M: All versions with Ethernet interface
G115D: All versions with Ethernet interface
G120 (incl. SIPLUS variants): All versions with Ethernet interface
G130: All versions
G150: All versions
S110: All versions with Ethernet interface
S120 (incl. SIPLUS variants): All versions
S150: All versions
S210: All versions
V90: All versions with Ethernet interface
SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0): All versions
SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1): All versions
SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0): All versions
SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0): Versions 4.2 and later
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section icsa-22-104-06 for affected packages and patching details.
AFFECTED PRODUCTS
Siemens reports that the vulnerability affects the following products:
SIMATIC S7-300 CPUs with Profinet support: All versions prior to V3.2.12, and
SIMATIC S7-300 CPUs without Profinet support: All versions prior to V3.3.12.
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section ICSA-16-161-01 for affected packages and patching details.
AFFECTED PRODUCTS
Siemens reports the following SIMATIC S7-300 CPU product is affected:
SIMATIC S7-300 CPUs: All versions prior to v3.X.16
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section ICSA-19-043-04 for affected packages and patching details.
AFFECTED PRODUCTS
Siemens reports these vulnerabilities affect the following LOGO! 8 BM (Base Module) devices:
LOGO! 8 BM (incl. SIPLUS variants): All versions
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section icsa-22-286-13 for affected packages and patching details.
CVE-2022-31630: In installed version of PHP, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVE-2022-37454: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties.
Affected Versions:
PHP versions before 7.4.33
PHP versions 8.0.0 prior to 8.0.25
PHP versions 8.1.0 prior to 8.1.12
QID Detection Logic (Unauthenticated):
This QID checks the HTTP Server header to see if the server is running a vulnerable version of PHP.
Affected Products:
Oracle E-Business Suite versions 12.2.3 - 12.2.11
QID Detection Logic(Auth):
QID relied only on the application's self-reported version number.
Affected OS:
Fedora 35
Affected OS:
Fedora 35
In affected versions of Atlassian Bitbucket Server and Data Center a command injection vulnerability exists in environment variables where an attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled "Allow public signup".
Affected versions :
Atlassian Bitbucket Server and Data Center version from 7.0.0 before version 7.6.19
Atlassian Bitbucket Server and Data Center version from 7.7.0 before version 7.17.12
Atlassian Bitbucket Server and Data Center version from 7.18.0 before version 7.21.6
Atlassian Bitbucket Server and Data Center version from 7.22.0 before version 8.0.5
Atlassian Bitbucket Server and Data Center version from 8.1.0 before version 8.1.5
Atlassian Bitbucket Server and Data Center version from 8.2.0 before version 8.2.4
Atlassian Bitbucket Server and Data Center version from 8.3.0 before version 8.3.3
Atlassian Bitbucket Server and Data Center version from 8.4.0 before version 8.4.2
QID Detection Logic:(Unauthenticated):
It checks for vulnerable version of Atlassian Bitbucket Server.
Typical detection techniques for SQL injection vulnerabilities use a payload that attempts to produce an SQL error from the web application. Detection based on blind SQL injection uses inference based on the differences among the application's responses to various payloads. Blind SQL does not rely on error messages, which is beneficial when testing web applications that trap errors.
The WAS scanning engine uses a well-known technique called True / False inference to determine if there is a blind SQL injection vulnerability. Basically, it uses two payloads: one with a True condition and another with a False condition. If there is a blind SQL injection vulnerability, the query with the True condition payload will cause the web application to return a different response than the False condition payload.
A good example of a True condition payload is ' AND 1=1 (since 1 always equals 1, the condition is true). An example of a False condition payload is ' AND 1=2 (since 1 does not equal 2, the condition is false).
Say there is a web application with an input that searches customer first names and displays the results inside a table. Assume that if someone searches for John there is one result only. When scanning for blind SQL injection, the scanning engine sends two payloads:
- True condition payload: John' AND 1=1
This condition is true, so one record is returned and the output is John, which is the same as if the payload was the name John by itself.
- False condition payload: John' AND 1=2
The condition is false, so no records are returned and the output is nothing or a message such as No Results Found.
Seeing the difference in results, the scanning engine draws the conclusion that there is a blind SQL injection vulnerability.
All input received from the client side should be validated for correct content. If a value's type or content range is known beforehand, then stricter filters should be applied. For example, an email address should be in a specific format and only contain characters that make it a valid address; or numeric fields like a USA zip code should be limited to five digit values.
Prepared statements (also referred to as parameterized queries) provide strong protection from SQL injection. Prepared statements are precompiled SQL queries whose parameters can be modified when the query is executed. Prepared statements enforce the logic of the query and will fail if the query cannot be compiled correctly. Programming languages that support prepared statements provide specific functions for creating queries. These functions are more secure than string concatenation for assigning user-supplied data to a query.
Stored procedures are precompiled queries that reside in the database. Like prepared statements, they also enforce separation of query data and logic. SQL statements that call stored procedures should not be created via string concatenation, otherwise their security benefits are negated.
SQL injection exploits can be mitigated by the use of Access Control Lists or role-based access within the database. For example, a read-only account would prevent an attacker from modifying data, but would not prevent the user from viewing unauthorized data. Table and row-based access controls potentially minimize the scope of a compromise, but they do not prevent exploits.
For more information, see the OWASP SQL Injection Prevention Cheat Sheet.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
AFFECTED PRODUCTS
The following versions of SIMATIC S7-1500 CPU are affected:
SIMATIC S7-1500 CPU all versions v1.8.5 and prior, and
SIMATIC S7-1500 CPU all versions prior to v2.5 down to and including v2.0.
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section ICSA-19-036-04 for affected packages and patching details.
AFFECTED PRODUCTS
The following versions of Siemens Industrial Products with SIMATIC Firmware, a software platform, are affected:
SIMATIC Drive Controller family: All versions prior to v2.9.4
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants): All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 Ready4Linux: All versions
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants): All versions
SIMATIC S7-1200 CPU family (incl. SIPLUS variants): Version 4.5.0 and all following versions prior to v4.5.2
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants): Version 2.9.2 and all following versions prior to v2.9.4
SIMATIC S7-1500 Software Controller: All versions
SIMATIC S7-PLCSIM Advanced: All versions v4.0 SP1
TIM 1531 IRC (incl. SIPLUS NET variants): Version 2.2 and all following versions
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section icsa-22-041-01 for affected packages and patching details.
AFFECTED PRODUCTS
Moxa EDR-810 V4.1 build 17030317
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section TALOS-2017-0474 for affected packages and patching details.
Affected Versions:
versions prior to V3.5.18.0
QID Detection Logic:
The QID checks for App Paths\CODESYS.exe in HKLM in the windows registry to check the vulnerable version of the product.
Affected Versions:
versions prior to V3.5.18.20
QID Detection Logic:
The QID checks for App Paths\CODESYS.exe in HKLM in the windows registry to check the vulnerable version of the product.
Affected OS:
Fedora 36
In installed version of PHP, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Affected Versions:
PHP versions before 7.4.33
PHP versions 8.0.0 prior to 8.0.25
PHP versions 8.1.0 prior to 8.1.12
QID Detection Logic (Unauthenticated):
This QID checks the HTTP Server header to see if the server is running a vulnerable version of PHP.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
AFFECTED PRODUCTS
Reolink RLC-410W v3.0.0.136_20121102
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section TALOS-2021-1420 for affected packages and patching details.
AFFECTED PRODUCTS
The following versions of SCALANCE X-200 and X-200IRT devices, industrial ethernet switches, are affected:
SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): All versions prior to V5.5.0
SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): All versions prior to V5.5.0
SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.0
SCALANCE X202-2IRT (6GK5202-2BB10-2BA3): All versions prior to V5.5.0
SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3): All versions prior to V5.5.0
SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6): All versions prior to V5.5.0
SCALANCE X204-2 (6GK5204-2BB10-2AA3): All versions prior to V5.2.5
SCALANCE X204-2FM (6GK5204-2BB11-2AA3): All versions prior to V5.2.5
SCALANCE X204-2LD (6GK5204-2BC10-2AA3): All versions prior to V5.2.5
SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2): All versions prior to V5.2.5
SCALANCE X204-2TS (6GK5204-2BB10-2CA2): All versions prior to V5.2.5
SCALANCE X204IRT (6GK5204-0BA00-2BA3): All versions prior to V5.5.0
SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6): All versions prior to V5.5.0
SCALANCE X206-1 (6GK5206-1BB10-2AA3): All versions prior to V5.2.5
SCALANCE X206-1LD (6GK5206-1BC10-2AA3): All versions prior to V5.2.5
SCALANCE X208 (6GK5208-0BA10-2AA3): All versions prior to V5.2.5
SCALANCE X208PRO (6GK5208-0HA10-2AA6): All versions prior to V5.2.5
SCALANCE X212-2 (6GK5212-2BB00-2AA3): All versions prior to V5.2.5
SCALANCE X212-2LD (6GK5212-2BC00-2AA3): All versions prior to V5.2.5
SCALANCE X216 (6GK5216-0BA00-2AA3): All versions prior to V5.2.5
SCALANCE X224 (6GK5224-0BA00-2AA3): All versions prior to V5.2.5
SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2): All versions prior to V5.5.0
SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2): All versions prior to V5.5.0
SCALANCE XF204 (6GK5204-0BA00-2AF2): All versions prior to V5.2.5
SCALANCE XF204-2 (6GK5204-2BC00-2AF2): All versions prior to V5.2.5
SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2): All versions prior to V5.5.0
SCALANCE XF204IRT (6GK5204-0BA00-2BF2): All versions prior to V5.5.0
SCALANCE XF206-1 (6GK5206-1BC00-2AF2): All versions prior to V5.2.5
SCALANCE XF208 (6GK5208-0BA00-2AF2): All versions prior to V5.2.5
SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3): All versions prior to V5.5.0
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section icsa-22-286-15 for affected packages and patching details.
AFFECTED PRODUCTS
The following Siemens SCALANCE versions are affected:
SCALANCE S613 (MLFB: 6GK5613-0BA00-2AA3): All versions.
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section ICSA-16-103-02 for affected packages and patching details.
AFFECTED PRODUCTS
VPort P16-1MP-M12 Firmware Version v1.3 or lower.
VPort P16-1MP-M12-IR Firmware Version v1.4 or lower.
VPort P06-1MP-M12 Firmware Version v2.6 or lower.
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Customers are advised to refer to CERT MITIGATIONS section MPSA-221102 for affected packages and patching details.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 12.2.01
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 12.2.01
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 12.2.01
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
OJVM Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
AFFECTED PRODUCTS
The following versions of Mendix, a software platform to build mobile and web applications, are affected:
Mendix applications using Mendix 7: All versions prior to 7.23.31
Mendix applications using Mendix 8: All versions prior to 8.18.18
Mendix applications using Mendix 9: All versions prior to 9.11
Mendix applications using Mendix 9 (v9.6): All versions prior to 9.6.12
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of Siemens using registry "HKLM\SOFTWARE\Siemens"
Customers are advised to refer to CERT MITIGATIONS section icsa-22-104-07 for affected packages and patching details.
Affected Software:
Oracle Database 12.2.01
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
AFFECTED PRODUCTS
SIMATIC IPC DiagBase: all versions prior to V2.1.1.0
SIMATIC WinCC (TIA Portal): all versions prior to V13 SP2 Update 2
SIMATIC WinCC (TIA Portal): all versions prior to V14 SP1 Update 6
SIMATIC WinCC (TIA Portal): all versions prior to V15 Update 2
SIMATIC STEP 7 (TIA Portal) v13: all versions prior to V13 SP2 Update 2
SIMATIC STEP 7 (TIA Portal) v14: all versions prior to V14 SP1 Update 6
SIMATIC STEP 7 (TIA Portal) v15: all versions prior to V15 Update 2
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of Siemens using registry "HKLM\SOFTWARE\Siemens"
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 18c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Products
This vulnerability affects Cisco products if they are running a vulnerable release of Cisco FTD Software that is in the default configuration.
From 6.1.0 prior to 7.0.5
QID Detection Logic (Authenticated):
This QID will check the version retrieved via Unix Auth using "show version" command.
Customers are advised to refer to cisco-sa-fmc-dos-OwEunWJN for more information.
Affected Versions:
AIX 7.1, 7.2,7.3
QID Detection logic:
This QID checks for the vulnerable versions of AIX.
AFFECTED PRODUCTS
CW Configurator, Versions 1.011M and prior
MELSOFT Navigator, Versions 2.74C and prior
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):Affected Products:
AFFECTED PRODUCTS
The following versions of Mendix, a software platform to build mobile and web applications, are affected:
Mendix applications using Mendix 7: All versions prior to 7.23.29
Mendix applications using Mendix 8: All versions prior to 8.18.16
Mendix applications using Mendix 9: All versions
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of Siemens using registry "HKLM\SOFTWARE\Siemens"
Customers are advised to refer to CERT MITIGATIONS section SSA-148641 for affected packages and patching details.
Affected Products
This vulnerability affects Cisco products if they are running a vulnerable release of Cisco Firepower Threat Defense (FTD) Software:
QID Detection Logic (Authenticated):
This QID will check the version retrieved via Unix Auth using "show version" command.
Note: This QID only works in diagnostic console mode. Workaround commands need to be run in expert mode. Hence QID is kept as practice.
Customers are advised to refer to cisco-sa-ssl-client-dos-cCrQPkA for more information.
Affected Products:
Oracle E-Business Suite versions 12.2.3 - 12.2.11
QID Detection Logic(UnAuth):
QID relied only on the application's self-reported version number.
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
A security issue has been identified that may allow privileged code running in a guest VM to compromise the host. This issue is limited to only those guest VMs where the host administrator has explicitly assigned a PCI passthrough device to the guest VM.
Affected Products:
Citrix XenServer 7.1 LTSR, Citrix XenServer 7.0
Note: This QID will detect only for Citrix XenServer 7.1 LTSR ,Citrix XenServer 7.0
QID Detection Logic (Authenticated):
OS:Citrix XenServer
The QID checks if Hotfixes is applied on the vulnerable versions of Citrix XenServer.
Hotfixes have been released for Citrix XenServer to address these issues. Refer to CTX286511 to obtain more information.
The Windows host has "enforcement mode" enabled for Netlogon secure channel connections.
QID Detection Logic (authenticated):
This QID checks the registry "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" and value "RequireSeal" to see if Enforcement Mode is enabled on the host.
Several security issues have been identified: CVE-2020-29479 : An attacker with the ability to execute privileged mode code in a guest can compromise the host CVE-2020-29480 : An attacker with the ability to execute privileged mode code in a guest can read non-sensitive metadata about another guest. CVE-2020-29481 : An attacker with the ability to execute privileged mode code in a guest can read data previously shared, using the Xenstore API, between two other guests. CVE-2020-29482 : An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host. CVE-2020-29485 : An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host. CVE-2020-29486 : An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host or a selected other VM. CVE-2020-29487 : An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host. CVE-2020-29568 : An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host. CVE-2020-29569 : An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host. CVE-2020-29570 : An attacker with the ability to execute privileged mode code in a guest can perform a denial of service attack against the host.
Affected Products:
Citrix XenServer 7.1 LTSR, Citrix XenServer 7.0
Note: This QID will detect only for Citrix XenServer 7.1 LTSR ,Citrix XenServer 7.0
QID Detection Logic (Authenticated):
OS:Citrix XenServer
The QID checks if Hotfixes is applied on the vulnerable versions of Citrix XenServer.
Hotfixes have been released for Citrix XenServer to address these issues. Refer to CTX286756 to obtain more information.
Security issues have been identified that affect Citrix Xenserver : CVE-2021-27379 : privileged code in a guest VM may cause the host to crash or become unresponsive. CVE-2021-28692 : privileged code in a guest VM may cause the host to crash or become unresponsive. CVE-2021-0089/CVE-2021-26313 : malicious code running on a CPU could infer the value of registers or memory belonging to other processes running on that CPU.
Affected Products:
Citrix XenServer 7.1 LTSR CU2
Note: This QID will detect only for Citrix XenServer 7.1 LTSR
QID Detection Logic (Authenticated):
OS:Citrix XenServer
The QID checks if Hotfixes is applied on the vulnerable versions of Citrix XenServer.
Hotfixes have been released for Citrix XenServer to address these issues. Refer to CTX316324 to obtain more information.
Several security issues have been identified that affect Citrix XenServer: CVE-2022-23034 : An issue has been identified that may allow privileged code in a PV guest VM to cause the host to crash. CVE-2022-23035 : An issue has been identified that may allow privileged code in a guest VM to cause the host to crash. This issue only affects systems where the malicious guest VM has had a physical PCI device assigned through to it by the host administrator using the PCI passthrough feature. CVE-2021-0145 : Intel has disclosed an issue that affects Intel CPU hardware together with corresponding microcode updates. Although this is not an issue in the Citrix Hypervisor product itself, Citrix is releasing hotfixes that include the updated microcode together with the product changes needed to support the new microcode.
Affected Products:
Citrix XenServer 7.1 CU2 LTSR
Note: This QID will detect only for Citrix XenServer 7.1 LTSR
QID Detection Logic (Authenticated):
OS:Citrix XenServer
The QID checks if Hotfixes is applied on the vulnerable versions of Citrix XenServer.
Hotfixes have been released for Citrix XenServer to address these issues. Refer to CTX337526 to obtain more information.
The fix for CVE-2020-9484 was incomplete. When using a highly unlikely configuration edge case, the Tomcat instance was still vulnerable to CVE-2020-9484. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published non-upgrade mitigations for CVE-2020-9484 also apply to this issue.
Affected versions:
Apache Tomcat 9.0.0.M1 to 9.0.41
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
Affected versions:
Apache Tomcat 9.0.40 to 9.0.53
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The fix for CVE-2020-9484 was incomplete. When using a highly unlikely configuration edge case, the Tomcat instance was still vulnerable to CVE-2020-9484. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published non-upgrade mitigations for CVE-2020-9484 also apply to this issue.
Affected versions:
Apache Tomcat 8.5.0 to 8.5.61
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
Affected versions:
Apache Tomcat 8.5.60 to 8.5.71
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
Affected versions:
Apache Tomcat 9.0.0-M1 to 9.0.60
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
Affected versions:
Apache Tomcat 8.5.0 to 8.5.77
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (not the default), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
Affected versions:
Apache Tomcat 9.0.0-M1 to 9.0.67
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
Affected versions:
Apache Tomcat 8.5.0 to 8.5.82
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
Affected versions:
Apache Tomcat 9.0.35 to 9.0.56
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
Affected versions:
Apache Tomcat 8.5.55 to 8.5.73
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
Affected versions:
Apache Tomcat 9.0.30 to 9.0.64
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
Affected versions:
Apache Tomcat 8.5.50 to 8.5.81
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
AFFECTED PRODUCTS
The following versions of R-SeeNet, a monitoring application, are affected:
R-SeeNet Version 2.4.17 and prior
QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys
Customers are advised to refer to CERT MITIGATIONS section ICSA-22-291-01 for affected packages and patching details.
There are different built-in Actuators which may expose sensitive data and are labeled as "sensitive". This web application is configured with (management.endpoints.web.expose=* or management.endpoints.web.exposure.include=*) that is exposing all Spring Boot Actuator endpoints without authentication, causing significant problems with security.
AFFECTED PRODUCTS
The following versions of R-SeeNet, a monitoring application, are affected:
R-SeeNet Version 2.4.19 and prior
QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys
Customers are advised to refer to CERT MITIGATIONS section ICSA-22-291-01 for affected packages and patching details.
AFFECTED PRODUCTS
The following Siemens products are affected:
SIMATIC PCS 7 V8.2 and earlier All versions
SIMATIC STEP 7 V5.X All versions prior to V5.7
SINAMICS STARTER (containing STEP 7 OEM version) All versions prior to V5.4 SP2 HF1
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of Siemens using registry "HKLM\SOFTWARE\Siemens"
Customers are advised to refer to CERT MITIGATIONS section SSA-661034 for affected packages and patching details.Workaround:
The vendor has advised restricting access to the engineering station to trusted users only.
QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys
Customers are advised to refer to CERT MITIGATIONS section ICSA-20-212-04 for affected packages and patching details.
Affected OS:
Fedora 35
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected Software:
OJVM Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Vulnerable Component: BIG-IP ASM,LTM,APM
Affected Versions:
17.0.0
16.1.0 - 16.1.3
15.1.0 - 15.1.8
14.1.0 - 14.1.5
13.1.0 - 13.1.5
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
This vulnerability affects Cisco products if they are running a vulnerable release of Cisco ASA Software or Cisco FTD Software and all of the following conditions are true:
Remote access SSL VPN is enabled.
HostScan is enabled.
At least one custom DAP is configured.
Affected Versions
From 9.6.1 Prior to 9.8.4.44
From 9.9.1 Prior to 9.12.4.38
From 9.13.1 Prior to 9.14.3.18
From 9.15.1 Prior to 9.15.1.21
From 9.16.1 Prior to 9.16.2.13
From 9.17.1 Prior to 9.17.1.13
QID Detection Logic (Authenticated):
The check matches Cisco ASA OS version retrieved via Unix Auth using "version" command.
Customers are advised to refer to cisco-sa-asa-ftd-dap-dos-GhYZBxDU#fs for more information.
Vulnerable Component: BIG-IP ASM,LTM,APM
Affected Versions:
17.0.0
16.1.0 - 16.1.3
15.1.0 - 15.1.7
14.1.0 - 14.1.5
13.1.0 - 13.1.5
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Affected Products
This vulnerability affects Cisco products if they are running a vulnerable release of Cisco FMC Software.
6.1.0 prior to version 6.4.0.16
6.5.0 prior to version 6.6.7
6.7.0 prior to version 7.0.5
7.1.0 prior to version 7.2.0
QID Detection Logic (Authenticated):
This QID will check the version retrieved via Unix Auth using "show version" command.
Customers are advised to refer to cisco-sa-fmc-xxe-MzPC4bYd for more information.
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Note: We are not checking "VPN with multi-factor authentication (MFA) enabled" status in this QID hence kept Vuln Category as Practice.
Affected Products
At the time of publication, this vulnerability affected Cisco products if they were running a vulnerable release of Cisco ASA Software or Cisco FTD Software and had VPN with multi-factor authentication (MFA) enabled.
From 9.6.1 Prior to 9.8.4.46
From 9.9.1 Prior to 9.12.4.40
From 9.13.1 Prior to 9.14.4.7
From 9.15.1 Prior to 9.16.3
From 9.17.1 Prior to 9.17.1.9
QID Detection Logic (Authenticated):
The check matches Cisco ASA OS version retrieved via Unix Auth using "version" command.
Customers are advised to refer to cisco-sa-asa-ftd-vp-authz-N2GckjN6 for more information.
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
Affected versions:
Apache Tomcat 10.1.0-M1 to 10.1.0-M12
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
Affected versions:
Apache Tomcat 10.0.0-M1 to 10.0.18
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (not the default), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
Affected versions:
Apache Tomcat 10.1.0-M1 to 10.1.0
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
If Tomcat was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (not the default), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
Affected versions:
Apache Tomcat 10.0.0-M1 to 10.0.26
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
Affected versions:
Apache Tomcat 10.1.0-M1 to 10.1.0-M8
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.
Affected versions:
Apache Tomcat 10.0.0-M5 to 10.0.14
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
Affected versions:
Apache Tomcat 10.1.0-M1 to 10.1.0-M16
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
Affected versions:
Apache Tomcat 10.0.0-M1 to 10.0.22
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to an invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
Affected OS:
Fedora 36
Affected OS:
Fedora 35
Affected Versions:
Crowd 3.0.0 - Crowd 3.7.2
Crowd 4.0.0 - Crowd 4.4.3
Crowd 5.0.0 - Crowd 5.0.2
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable version of Atlassian Crowd by sending an HTTP GET request to login.action endpoint.
Note: QID is kept potential because only new installations of Atlassian Crowd are vulnerable, if you upgraded from earlier version, you're not affected.
Affected OS:
Fedora 35
Affected OS:
Fedora 35
Affected OS:
Fedora 36
CVE-2022-28766: A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
Affected Versions:
Zoom VDI Windows Meeting Client for Windows (32-bit) prior to 5.12.6
QID Detection Logic:
This authenticated QID detects vulnerable Zoom VDI Windows Meeting Clients prior to version 5.12.6 on Windows
Affected Versions:
Zoom Client for Meetings for Windows (32-bit) prior to 5.12.6
QID Detection Logic (Authenticated):
This authenticated QID detects vulnerable Zoom Client prior to version 5.12.6(Windows)
Affected Software:
Oracle Database 19c
QID Detection Logic (Authenticated):
Authentication via Oracle Database:
This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.
Affected Products
Cisco ISE following vulnerable versions:
From 3.1 Prior to 3.1 patch 4
QID Detection Logic (Authenticated):
The check matches the Cisco ISE version and ise_patch retrieved via Unix Auth using "show version" command.
Customers are advised to refer to cisco-sa-ise-path-trav-f6M7cs6r for more information.
Affected Versions:
Atlassian Bitbucket Server and Data Center version 7.0 to 7.5 (all versions)
Atlassian Bitbucket Server and Data Center version 7.6.0 to 7.6.18
Atlassian Bitbucket Server and Data Center version 7.7 to 7.16 (all versions)
Atlassian Bitbucket Server and Data Center version 7.17.0 to 7.17.11
Atlassian Bitbucket Server and Data Center version 7.18 to 7.20 (all versions)
Atlassian Bitbucket Server and Data Center version 7.21.0 to 7.21.5
Atlassian Bitbucket Server and Data Center version If mesh.enabled=false is set in bitbucket.properties:
Atlassian Bitbucket Server and Data Center version 8.0.0 to 8.0.4
Atlassian Bitbucket Server and Data Center version 8.1.0 to 8.1.4
Atlassian Bitbucket Server and Data Center version 8.2.0 to 8.2.3
Atlassian Bitbucket Server and Data Center version 8.3.0 to 8.3.2
Atlassian Bitbucket Server and Data Center version 8.4.0 to 8.4.1
Detection Logic:
QID checks for vulnerable versions of Atlassian Bitbucket Server by sending a GET request to /login endpoint.
Note: QID is kept potential as there are temporary mitigations and version 8.x are only vulnerable if mesh.enabled=false is set in bitbucket.properties.
Workaround:
If you're unable to upgrade your Bitbucket instance, a temporary mitigation step is to disable "Public Signup". Disabling public signup would change the attack vector from an unauthenticated attack to an authenticated one which would reduce the risk of exploitation. To disable this setting, go to Administration > Authentication and clear the Allow public sign up checkbox.
ADMIN or SYS_ADMIN authenticated users still have the ability to exploit the vulnerability when public signup is disabled. For this reason, this mitigation should be treated as a temporary step and customers are recommended to upgrade to a fixed version as soon as possible.
Affected OS:
Fedora 36
Affected OS:
Fedora 35
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
Affected OS:
Fedora 36
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
Affected OS:
Fedora 35
Affected OS:
Fedora 36
Following security issues are observed :
The issue was addressed with improved memory handling.
CVE-2022-32898
This issue was addressed by removing the vulnerable code.
CVE-2022-42796
A permissions issue was addressed with additional restrictions.
CVE-2022-32929
This issue was addressed with improved checks.
CVE-2022-32854
The issue was addressed with improved memory handling.
CVE-2022-32911
The issue was addressed with improved memory handling.
CVE-2022-32864
The issue was addressed with improved bounds checks.
CVE-2022-32917
A logic issue was addressed with improved restrictions.
CVE-2022-32883
A memory corruption issue was addressed with improved input validation.
CVE-2022-32908
A logic issue was addressed with improved state management.
CVE-2022-32879
This issue was addressed with improved checks.
CVE-2022-32795
A logic issue was addressed with improved state management.
WebKit Bugzilla
An issue in code signature validation was addressed with improved checks.
CVE-2022-42793
A logic issue was addressed with improved restrictions.
CVE-2022-32872
A logic issue was addressed with improved state management.
CVE-2022-42790
An out-of-bounds write issue was addressed with improved bounds checking.
WebKit Bugzilla
A buffer overflow issue was addressed with improved memory handling.
WebKit Bugzilla
An out-of-bounds read was addressed with improved bounds checking.
WebKit Bugzilla
An access issue was addressed with improvements to the sandbox.
WebKit Bugzilla
Affected Devices
iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Following security issues are observed :
An integer overflow was addressed through improved input validation.
CVE-2022-40303
This issue was addressed with improved checks.
CVE-2022-40304
Affected Devices
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
Affected OS:
Fedora 36
