Vulnerability Detection Pipeline

Upcoming and New QIDs

Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for all severities.

Disclaimer: The Vulnerability Detection Pipeline is intended to give users an early insight into some of the CVEs the Qualys Research Team is investigating. It may not show all the CVEs that are actively being investigated. Specific CVE feature requests filed via a Qualys Support case may or may not show up on this page. Please reach out to Qualys Support for status of such support cases.

Detection Status

  • Under investigation: We are researching a detection and will publish one if it is feasible.
  • In development: We are coding a detection and will typically publish it within a few days.
  • Recently published: We have published the detection on the date indicated, and it will typically be available in the KnowledgeBase on shared platforms within a day.

Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.

Displaying QID development activity from through last updated:
703 results
CVE
Qualys ID
Title
Severity
  • CVE-2022-37434
    QID: 752487
    In Development

    SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:2846-1)

    Severity
    Urgent5
    Qualys ID
    752487
    Vendor Reference
    SUSE-SU-2022:2846-1
    CVE Reference
    CVE-2022-37434
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for zlib to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2846-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2846-1
  • CVE-2020-14343+
    QID: 752486
    In Development

    SUSE Enterprise Linux Security Update for python-PyYAML (SUSE-SU-2022:2841-1)

    Severity
    Urgent5
    Qualys ID
    752486
    Vendor Reference
    SUSE-SU-2022:2841-1
    CVE Reference
    CVE-2020-14343, CVE-2020-1747
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for python-pyyaml to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2841-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2841-1
  • CVE-2022-37434
    QID: 752485
    In Development

    SUSE Enterprise Linux Security Update for zlib (SUSE-SU-2022:2847-1)

    Severity
    Urgent5
    Qualys ID
    752485
    Vendor Reference
    SUSE-SU-2022:2847-1
    CVE Reference
    CVE-2022-37434
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for zlib to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2847-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2847-1
  • CVE-2022-37434
    QID: 198905
    In Development

    Ubuntu Security Notification for rsync Vulnerability (USN-5573-1)

    Severity
    Urgent5
    Qualys ID
    198905
    Vendor Reference
    USN-5573-1
    CVE Reference
    CVE-2022-37434
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Ubuntu has released a security update for rsync to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5573-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5573-1
  • CVE-2022-21233
    QID: 752484
    In Development

    SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2022:2842-1)

    Severity
    Critical4
    Qualys ID
    752484
    Vendor Reference
    SUSE-SU-2022:2842-1
    CVE Reference
    CVE-2022-21233
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for ucode-intel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2842-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2842-1
  • CVE-2022-2625
    QID: 198904
    In Development

    Ubuntu Security Notification for PostgreSQL Vulnerability (USN-5571-1)

    Severity
    Critical4
    Qualys ID
    198904
    Vendor Reference
    USN-5571-1
    CVE Reference
    CVE-2022-2625
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Ubuntu has released a security update for postgresql to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5571-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5571-1
  • CVE-2022-34749
    QID: 902754
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for python-mistune (10403-1)

    Severity
    Urgent5
    Qualys ID
    902754
    Vendor Reference
    Mariner_2.0_10403-1
    CVE Reference
    CVE-2022-34749
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for python-mistune to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 10403-1
  • CVE-2022-30788+
    QID: 752477
    Recently Published

    SUSE Enterprise Linux Security Update for ntfs-3g_ntfsprogs (SUSE-SU-2022:2836-1)

    Severity
    Urgent5
    Qualys ID
    752477
    Date Published
    August 18, 2022
    Vendor Reference
    SUSE-SU-2022:2836-1
    CVE Reference
    CVE-2022-30788, CVE-2022-30787, CVE-2021-46790, CVE-2022-30789, CVE-2022-30783, CVE-2022-30785, CVE-2022-30784, CVE-2022-30786
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for ntfs-3g_ntfsprogs to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2836-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2836-1
  • CVE-2022-29154+
    QID: 283050
    In Development

    Fedora Security Update for rsync (FEDORA-2022-25e4dbedf9)

    Severity
    Urgent5
    Qualys ID
    283050
    Vendor Reference
    FEDORA-2022-25e4dbedf9
    CVE Reference
    CVE-2022-29154, CVE-2022-37434
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released a security update for rsync to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-25e4dbedf9
  • CVE-2022-37434
    QID: 198903
    Recently Published

    Ubuntu Security Notification for zlib Vulnerability (USN-5570-1)

    Severity
    Urgent5
    Qualys ID
    198903
    Date Published
    August 18, 2022
    Vendor Reference
    USN-5570-1
    CVE Reference
    CVE-2022-37434
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Ubuntu has released a security update for zlib to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5570-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5570-1
  • CVE-2022-0204
    QID: 752482
    In Development

    SUSE Enterprise Linux Security Update for bluez (SUSE-SU-2022:2837-1)

    Severity
    Critical4
    Qualys ID
    752482
    Vendor Reference
    SUSE-SU-2022:2837-1
    CVE Reference
    CVE-2022-0204
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released a security update for bluez to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server for SAP Applications 15
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2837-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2837-1
  • CVE-2022-21233
    QID: 752483
    In Development

    SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2022:2838-1)

    Severity
    Critical4
    Qualys ID
    752483
    Vendor Reference
    SUSE-SU-2022:2838-1
    CVE Reference
    CVE-2022-21233
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for ucode-intel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2838-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2838-1
  • CVE-2022-21233
    QID: 752480
    Recently Published

    SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2022:2832-1)

    Severity
    Critical4
    Qualys ID
    752480
    Date Published
    August 18, 2022
    Vendor Reference
    SUSE-SU-2022:2832-1
    CVE Reference
    CVE-2022-21233
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for ucode-intel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2832-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2832-1
  • CVE-2022-21233
    QID: 752479
    Recently Published

    SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2022:2833-1)

    Severity
    Critical4
    Qualys ID
    752479
    Date Published
    August 18, 2022
    Vendor Reference
    SUSE-SU-2022:2833-1
    CVE Reference
    CVE-2022-21233
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for ucode-intel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2833-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2833-1
  • CVE-2022-2861+
    QID: 690923
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for chromium (f12368a8-1e05-11ed-a1ef-3065ec8fd3ec)

    Severity
    Critical4
    Qualys ID
    690923
    Date Published
    August 18, 2022
    Vendor Reference
    f12368a8-1e05-11ed-a1ef-3065ec8fd3ec
    CVE Reference
    CVE-2022-2861, CVE-2022-2853, CVE-2022-2855, CVE-2022-2857, CVE-2022-2856, CVE-2022-2859, CVE-2022-2852, CVE-2022-2854, CVE-2022-2858, CVE-2022-2860
    CVSS Scores
    Base 8.6 / Temporal 8
    Description
    FreeBSD has released a security update for chromium to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory f12368a8-1e05-11ed-a1ef-3065ec8fd3ec for updates and patch information.
    Patches
    "FreeBSD" f12368a8-1e05-11ed-a1ef-3065ec8fd3ec
  • CVE-2022-32894+
    QID: 376830
    Recently Published

    Apple macOS Monterey 12.5.1 Not Installed (HT213413)

    Severity
    Critical4
    Qualys ID
    376830
    Date Published
    August 18, 2022
    Vendor Reference
    HT213413
    CVE Reference
    CVE-2022-32894, CVE-2022-32893
    CVSS Scores
    Base 8.6 / Temporal 8
    Description
    macOS Monterey 12.5.1 is current major release of macOS, Apple's desktop operating system for Macintosh computers.

    Affected versions:
    Apple macOS Monterey Versions Prior to 12.5.1

    QID Detection Logic (Authenticated)
    This QID checks for vulnerable versions of Apple macOS Monterey.

    Consequence
    A malicious application may be able to execute arbitrary code.

    Solution
    For more information regarding the update HT213413
    Patches
    HT213413
  • CVE-2022-2856
    QID: 376829
    Recently Published

    Microsoft Edge Based on Chromium Prior to 104.0.1293.60 Multiple Vulnerabilities

    Severity
    Critical4
    Qualys ID
    376829
    Date Published
    August 18, 2022
    Vendor Reference
    Edge (chromium based) 104.0.1293.60
    CVE Reference
    CVE-2022-2856
    CVSS Scores
    Base 8.6 / Temporal 8
    Description
    EdgeChromium has released security update for Mac and Windows to fix the vulnerabilities.
    QID Detection Logic: (Authenticated).
    It checks package versions to check for the vulnerable packages.


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Customers are advised to upgrade to version 104.0.1293.60 or later
    Patches
    Edge (chromium based) 104.0.1293.60
  • QID: 283053
    In Development

    Fedora Security Update for freeciv (FEDORA-2022-3cbf2184bd)

    Severity
    Critical4
    Qualys ID
    283053
    Vendor Reference
    FEDORA-2022-3cbf2184bd
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for freeciv to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-3cbf2184bd
  • CVE-2022-21233
    QID: 283052
    In Development

    Fedora Security Update for microcode_ctl (FEDORA-2022-b7d8dcefc5)

    Severity
    Critical4
    Qualys ID
    283052
    Vendor Reference
    FEDORA-2022-b7d8dcefc5
    CVE Reference
    CVE-2022-21233
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for microcode_ctl to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-b7d8dcefc5
  • CVE-2022-0216
    QID: 283051
    In Development

    Fedora Security Update for qemu (FEDORA-2022-baf3c3b781)

    Severity
    Critical4
    Qualys ID
    283051
    Vendor Reference
    FEDORA-2022-baf3c3b781
    CVE Reference
    CVE-2022-0216
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for qemu to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-baf3c3b781
  • CVE-2022-2787
    QID: 180950
    In Development

    Debian Security Update for schroot (DSA 5213-1)

    Severity
    Critical4
    Qualys ID
    180950
    Vendor Reference
    DSA 5213-1
    CVE Reference
    CVE-2022-2787
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for schroot to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5213-1 for updates and patch information.
    Patches
    Debian DSA 5213-1
  • CVE-2022-2787
    QID: 180948
    In Development

    Debian Security Update for schroot (DLA 3075-1)

    Severity
    Critical4
    Qualys ID
    180948
    Vendor Reference
    DLA 3075-1
    CVE Reference
    CVE-2022-2787
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for schroot to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3075-1 for updates and patch information.
    Patches
    Debian DLA 3075-1
  • CVE-2022-2861+
    QID: 180946
    Recently Published

    Debian Security Update for chromium (DSA 5212-1)

    Severity
    Critical4
    Qualys ID
    180946
    Date Published
    August 18, 2022
    Vendor Reference
    DSA 5212-1
    CVE Reference
    CVE-2022-2861, CVE-2022-2853, CVE-2022-2855, CVE-2022-2857, CVE-2022-2856, CVE-2022-2859, CVE-2022-2852, CVE-2022-2854, CVE-2022-2858, CVE-2022-2860
    CVSS Scores
    Base 8.6 / Temporal 8
    Description
    Debian has released a security update for chromium to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5212-1 for updates and patch information.
    Patches
    Debian DSA 5212-1
  • CVE-2022-2816
    QID: 902753
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10564)

    Severity
    Critical4
    Qualys ID
    902753
    Vendor Reference
    10564
    CVE Reference
    CVE-2022-2816
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-2819
    QID: 902752
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10566)

    Severity
    Critical4
    Qualys ID
    902752
    Vendor Reference
    10566
    CVE Reference
    CVE-2022-2819
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-2817
    QID: 902751
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10565)

    Severity
    Critical4
    Qualys ID
    902751
    Vendor Reference
    10565
    CVE Reference
    CVE-2022-2817
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-45844
    QID: 180947
    In Development

    Debian Security Update for freecad (DLA 3076-1)

    Severity
    Critical4
    Qualys ID
    180947
    Vendor Reference
    DLA 3076-1
    CVE Reference
    CVE-2021-45844
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Debian has released a security update for freecad to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3076-1 for updates and patch information.
    Patches
    Debian DLA 3076-1
  • CVE-2022-30629
    QID: 902749
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10562)

    Severity
    Critical4
    Qualys ID
    902749
    Vendor Reference
    10562
    CVE Reference
    CVE-2022-30629
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-4209+
    QID: 752481
    Recently Published

    SUSE Enterprise Linux Security Update for gnutls (SUSE-SU-2022:2830-1)

    Severity
    Critical4
    Qualys ID
    752481
    Date Published
    August 18, 2022
    Vendor Reference
    SUSE-SU-2022:2830-1
    CVE Reference
    CVE-2021-4209, CVE-2022-2509
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for gnutls to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server for SAP Applications 15
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2830-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2830-1
  • CVE-2022-32208+
    QID: 752478
    Recently Published

    SUSE Enterprise Linux Security Update for curl (SUSE-SU-2022:2829-1)

    Severity
    Critical4
    Qualys ID
    752478
    Date Published
    August 18, 2022
    Vendor Reference
    SUSE-SU-2022:2829-1
    CVE Reference
    CVE-2022-32208, CVE-2022-32206, CVE-2022-27782, CVE-2022-27781
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for curl to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server for SAP Applications 15
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2829-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2829-1
  • CVE-2021-45087+
    QID: 180949
    In Development

    Debian Security Update for epiphany-browser (DLA 3074-1)

    Severity
    Critical4
    Qualys ID
    180949
    Vendor Reference
    DLA 3074-1
    CVE Reference
    CVE-2021-45087, CVE-2021-45088, CVE-2021-45085, CVE-2022-29536
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for epiphany-browser to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3074-1 for updates and patch information.
    Patches
    Debian DLA 3074-1
  • CVE-2022-1708
    QID: 160049
    Recently Published

    Oracle Enterprise Linux Security Update for cri-o (ELSA-2022-9718)

    Severity
    Critical4
    Qualys ID
    160049
    Date Published
    August 18, 2022
    Vendor Reference
    ELSA-2022-9718
    CVE Reference
    CVE-2022-1708
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for cri-o to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9718
    Patches
    Oracle Linux ELSA-2022-9718
  • CVE-2022-1708
    QID: 160048
    Recently Published

    Oracle Enterprise Linux Security Update for cri-o (ELSA-2022-9719)

    Severity
    Critical4
    Qualys ID
    160048
    Date Published
    August 18, 2022
    Vendor Reference
    ELSA-2022-9719
    CVE Reference
    CVE-2022-1708
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for cri-o to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9719
    Patches
    Oracle Linux ELSA-2022-9719
  • CVE-2022-1708
    QID: 160047
    Recently Published

    Oracle Enterprise Linux Security Update for cri-o (ELSA-2022-9717)

    Severity
    Critical4
    Qualys ID
    160047
    Date Published
    August 18, 2022
    Vendor Reference
    ELSA-2022-9717
    CVE Reference
    CVE-2022-1708
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for cri-o to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9717
    Patches
    Oracle Linux ELSA-2022-9717
  • CVE-2020-1927+
    QID: 376838
    Under Investigation

    IBM Hypertext Transfer Protocol (HTTP) Server Multiple Vulnerabilities (6191631)

    Severity
    Critical4
    Qualys ID
    376838
    Vendor Reference
    6191631
    CVE Reference
    CVE-2020-1927, CVE-2020-1934
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    BM HTTP Server powered by Apache is based on the Apache HTTP Server available for multiple platforms.

    CVE-2020-1927: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module.
    CVE-2020-1934: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by the use of uninitialized value in mod_proxy_ftp. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

    Affected Versions:
    IBM HTTP Server V9.0.0.0 through 9.0.5.3
    IBM HTTP Server V8.5.0.0 through 8.5.5.17
    IBM HTTP Server V8.0.0.0 through 8.0.0.15
    IBM HTTP Server V70.0.0 through 7.0.0.45
    QID Detection Logic (Authenticated):
    Operating System: Windows
    The QID checks the key "HKLM\SYSTEM\CurrentControlSet\Services" to see if IBM HTTP vulnerable version installed on the host or not.

    QID Detection Logic (Authenticated):
    Operating System: Linux
    The QID checks the vulnerable version IBM HTTP Server. "version.signature" is used to verify the version.

    Consequence
    An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.

    Solution
    The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following link for further details: 6191631
    Patches
    6191631
  • CVE-2020-12049+
    QID: 296071
    In Development

    Oracle Solaris 11.4 Support Repository Update (SRU) 27.82.1 Missing (CPUOCT2020)

    Severity
    Serious3
    Qualys ID
    296071
    Vendor Reference
    CPUOCT2020
    CVE Reference
    CVE-2020-12049, CVE-2020-13254, CVE-2020-13596, CVE-2020-24583, CVE-2020-24584, CVE-2019-11734, CVE-2019-11735, CVE-2019-11736, CVE-2019-11737, CVE-2019-11738, CVE-2019-11741, CVE-2019-11747, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11751, CVE-2019-11754, CVE-2019-11756, CVE-2019-11765, CVE-2019-17000, CVE-2019-17002, CVE-2019-17013, CVE-2019-17014, CVE-2019-17018, CVE-2019-17019, CVE-2019-17020, CVE-2019-17023, CVE-2019-17025, CVE-2020-12402, CVE-2020-12415, CVE-2020-12416, CVE-2020-12422, CVE-2020-12423, CVE-2020-12424, CVE-2020-12425, CVE-2020-12426, CVE-2020-15648, CVE-2020-15653, CVE-2020-15654, CVE-2020-15655, CVE-2020-15656, CVE-2020-15657, CVE-2020-15658, CVE-2020-15670, CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678, CVE-2018-20781, CVE-2020-17489, CVE-2020-14928, CVE-2020-16117, CVE-2019-14869, CVE-2019-3829, CVE-2019-3836, CVE-2020-11501, CVE-2020-13777, CVE-2019-6706, CVE-2020-15888, CVE-2020-15889, CVE-2020-15945, CVE-2020-24342, CVE-2020-24369, CVE-2020-24370, CVE-2020-24371, CVE-2020-14093, CVE-2020-14154, CVE-2020-14954, CVE-2020-15025, CVE-2019-20892, CVE-2020-10177, CVE-2020-10378, CVE-2020-10379, CVE-2020-10994, CVE-2020-11538, CVE-2020-5311, CVE-2020-14422, CVE-2020-13871, CVE-2020-15358, CVE-2020-12402, CVE-2020-12415, CVE-2020-12416, CVE-2020-12423, CVE-2020-12425, CVE-2020-12426, CVE-2020-15648, CVE-2020-15653, CVE-2020-15654, CVE-2020-15655, CVE-2020-15656, CVE-2020-15657, CVE-2020-15658, CVE-2020-15670, CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678, CVE-2020-25862, CVE-2020-25863, CVE-2020-25866, CVE-2020-8177, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-25219
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    The target does not have Solaris 11.4 SRU 27.82.1 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 4 and 2: Published on 2020-November-18 and 2021-January-06

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 27. Refer to Oracle Solaris 11.4 SRU 27.82.1 for more information.
    Patches
    CPUOCT2020
  • CVE-2020-15683+
    QID: 296070
    In Development

    Oracle Solaris 11.4 Support Repository Update (SRU) 28.82.3 Missing (CPUOCT2020)

    Severity
    Serious3
    Qualys ID
    296070
    Vendor Reference
    CPUOCT2020
    CVE Reference
    CVE-2020-15683, CVE-2020-15969, CVE-2020-15999, CVE-2020-16012, CVE-2020-26950, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020-26968, CVE-2020-15999, CVE-2020-24659, CVE-2020-14672, CVE-2020-14760, CVE-2020-14765, CVE-2020-14769, CVE-2020-14771, CVE-2020-14775, CVE-2020-14776, CVE-2020-14789, CVE-2020-14790, CVE-2020-14793, CVE-2020-14809, CVE-2020-14812, CVE-2020-14814, CVE-2020-14827, CVE-2020-14828, CVE-2020-14829, CVE-2020-14830, CVE-2020-14837, CVE-2020-14839, CVE-2020-14845, CVE-2020-14846, CVE-2020-14852, CVE-2020-14860, CVE-2020-14861, CVE-2020-14866, CVE-2020-14867, CVE-2020-14868, CVE-2020-14869, CVE-2020-14870, CVE-2020-14873, CVE-2020-14878, CVE-2020-14891, CVE-2020-14893, CVE-2020-26159, CVE-2020-7069, CVE-2020-7070, CVE-2019-20919, CVE-2020-26116, CVE-2020-26137, CVE-2020-25613, CVE-2020-27347, CVE-2020-15683, CVE-2020-15969, CVE-2020-15999, CVE-2020-16012, CVE-2020-26950, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26966, CVE-2020-26968, CVE-2020-26575
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    The target does not have Solaris 11.4 SRU 28.82.3 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 3:Published on 2020-December-18

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 28. Refer to Oracle Solaris 11.4 SRU 28.82.3 for more information.
    Patches
    CPUOCT2020
  • CVE-2020-8625+
    QID: 296069
    In Development

    Oracle Solaris 11.4 Support Repository Update (SRU) 31.88.5 Missing (CPUJAN2021)

    Severity
    Serious3
    Qualys ID
    296069
    Vendor Reference
    CPUJAN2021
    CVE Reference
    CVE-2020-8625, CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687, CVE-2020-16044, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964, CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978, CVE-2020-27814, CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27844, CVE-2020-27845, CVE-2020-36221, CVE-2020-36222, CVE-2020-36223, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226, CVE-2020-36227, CVE-2020-36228, CVE-2020-36229, CVE-2020-36230, CVE-2020-7071, CVE-2021-21702, CVE-2020-35653, CVE-2020-35654, CVE-2020-35655, CVE-2020-25659, CVE-2020-27783, CVE-2020-15685, CVE-2020-16044, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964, CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978, CVE-2020-26154
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    The target does not have Solaris 11.4 SRU 31.88.5 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 4: Published on 2021-03-16

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 31. Refer to Oracle Solaris 11.4 SRU 31.88.5 for more information.
    Patches
    CPUJAN2021
  • CVE-2022-2503
    QID: 902755
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10559)

    Severity
    Serious3
    Qualys ID
    902755
    Vendor Reference
    Mariner_2.0_10559
    CVE Reference
    CVE-2022-2503
    CVSS Scores
    Base 6.7 / Temporal 6.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-2503
    QID: 902750
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10563)

    Severity
    Serious3
    Qualys ID
    902750
    Vendor Reference
    10563
    CVE Reference
    CVE-2022-2503
    CVSS Scores
    Base 6.7 / Temporal 6.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-2503
    QID: 180951
    In Development

    Debian Security Update for linux (CVE-2022-2503)

    Severity
    Serious3
    Qualys ID
    180951
    Vendor Reference
    CVE-2022-2503
    CVE Reference
    CVE-2022-2503
    CVSS Scores
    Base 6.7 / Temporal 5.8
    Description
    Debian has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory CVE-2022-2503 for updates and patch information.
    Patches
    Debian CVE-2022-2503
  • QID: 376837
    In Development

    Foxit Reader 5.4.5 and Foxit PhantomPDF 5.4.3 Security Update

    Severity
    Serious3
    Qualys ID
    376837
    Vendor Reference
    Foxit Reader 5.4.5 and Foxit PhantomPDF 5.4.3
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 5.4.4 and earlier
    Foxit PhantomPDF version 5.4.2 and earlier
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code on the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader 5.4.5 and Foxit PhantomPDF 5.4.3
    Patches
    https://www.foxit.com/support/security-bulletins.html
  • CVE-2022-34716
    QID: 940616
    In Development

    AlmaLinux Security Update for .NET (ALSA-2022:6057)

    Severity
    Serious3
    Qualys ID
    940616
    Vendor Reference
    ALSA-2022:6057
    CVE Reference
    CVE-2022-34716
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    AlmaLinux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2022-6057 for updates and patch information.
    Patches
    AlmaLinux ALSA-2022:6057
  • CVE-2022-34716
    QID: 940615
    In Development

    AlmaLinux Security Update for .NET (ALSA-2022:6058)

    Severity
    Serious3
    Qualys ID
    940615
    Vendor Reference
    ALSA-2022:6058
    CVE Reference
    CVE-2022-34716
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    AlmaLinux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2022-6058 for updates and patch information.
    Patches
    AlmaLinux ALSA-2022:6058
  • QID: 376835
    In Development

    Foxit Reader and Foxit PhantomPDF Prior to 7.1 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376835
    Vendor Reference
    Foxit Reader 7.1 and Foxit PhantomPDF 7.1
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 7.0.6.1126 and earlier
    Foxit PhantomPDF version 7.0.6.1126 and earlier
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to either execute arbitrary code or crash the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader and Foxit PhantomPDF 7.1
    Patches
    Foxit Reader and Foxit PhantomPDF 7.1
  • QID: 376833
    In Development

    Foxit Reader and Foxit PhantomPDF Prior to 7.2 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376833
    Vendor Reference
    Foxit Reader 7.2 and Foxit PhantomPDF 7.2
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 7.1.5.425 and earlier
    Foxit PhantomPDF version 7.1.5.425 and earlier
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to either execute arbitrary code or crash the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader and Foxit PhantomPDF 7.2
    Patches
    Foxit Reader and Foxit PhantomPDF 7.2
  • QID: 376832
    In Development

    Foxit Reader and Foxit PhantomPDF Prior to 7.2.2 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376832
    Vendor Reference
    Foxit Reader 7.2.2 and Foxit PhantomPDF 7.2.2
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 7.2.0.722 and earlier
    Foxit PhantomPDF version 7.2.0.722 and earlier
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to either execute arbitrary code or crash the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader and Foxit PhantomPDF 7.2.2
    Patches
    Foxit Reader and Foxit PhantomPDF 7.2.2
  • QID: 376831
    In Development

    Foxit Reader and Foxit PhantomPDF Prior to 7.3 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376831
    Vendor Reference
    Foxit Reader 7.3 and Foxit PhantomPDF 7.3
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 7.2.8.1124 and earlier
    Foxit PhantomPDF version 7.2.2.929 and earlier
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to either execute arbitrary code or crash the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader 7.3 and Foxit PhantomPDF 7.3
    Patches
    Foxit Reader and Foxit PhantomPDF 7.3
  • QID: 376836
    In Development

    Foxit Reader and Foxit PhantomPDF Prior to 6.2.1 Stored Cross-Site Scripting (XSS) Vulnerability

    Severity
    Serious3
    Qualys ID
    376836
    Vendor Reference
    Foxit Reader 6.2.1 and Foxit PhantomPDF 6.2.1
    CVSS Scores
    Base 5.1 / Temporal 4.5
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 6.2.0.429 and earlier
    Foxit PhantomPDF version 6.2.0.429 and earlier
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of this vulnerability may allow an attacker to execute arbitrary javascript code on the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader and Foxit PhantomPDF 6.2.1
    Patches
    Foxit Reader and Foxit PhantomPDF 6.2.1
  • QID: 376834
    In Development

    Foxit Reader and Foxit PhantomPDF Prior to 7.1.5 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376834
    Vendor Reference
    Foxit Reader 7.1.5 and Foxit PhantomPDF 7.1.5
    CVSS Scores
    Base 4 / Temporal 3.5
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 7.1.0.306 and 7.1.3.320
    Foxit PhantomPDF version 7.1.0.306, 7.1.2.311 and 7.1.3.320
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to crash the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader and Foxit PhantomPDF 7.1.5
    Patches
    Foxit Reader and Foxit PhantomPDF 7.1.5
  • CVE-2022-1785+
    QID: 672076
    Recently Published

    EulerOS Security Update for vim (EulerOS-SA-2022-2237)

    Severity
    Urgent5
    Qualys ID
    672076
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2237
    CVE Reference
    CVE-2022-1785, CVE-2022-1942, CVE-2022-1897, CVE-2022-1968, CVE-2022-1735, CVE-2022-1898, CVE-2022-1674, CVE-2022-1851, CVE-2022-1733, CVE-2022-1771, CVE-2022-1629, CVE-2022-1621, CVE-2022-1796, CVE-2022-2000, CVE-2022-1927
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2237 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2237
  • CVE-2022-1897+
    QID: 672072
    Recently Published

    EulerOS Security Update for vim (EulerOS-SA-2022-2250)

    Severity
    Urgent5
    Qualys ID
    672072
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2250
    CVE Reference
    CVE-2022-1897, CVE-2022-1968, CVE-2022-1735, CVE-2022-1720, CVE-2022-1725, CVE-2022-1733, CVE-2022-1851, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1927
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2250 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2250
  • CVE-2021-3652
    QID: 672069
    Recently Published

    EulerOS Security Update for 389-ds-base (EulerOS-SA-2022-2214)

    Severity
    Urgent5
    Qualys ID
    672069
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2214
    CVE Reference
    CVE-2021-3652
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for 389-ds-base to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2214 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2214
  • CVE-2022-30556+
    QID: 672060
    Recently Published

    EulerOS Security Update for httpd (EulerOS-SA-2022-2243)

    Severity
    Urgent5
    Qualys ID
    672060
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2243
    CVE Reference
    CVE-2022-30556, CVE-2022-26377, CVE-2022-28614, CVE-2022-29404, CVE-2022-28615, CVE-2022-31813, CVE-2022-30522
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2243 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2243
  • CVE-2022-1897+
    QID: 672056
    Recently Published

    EulerOS Security Update for vim (EulerOS-SA-2022-2263)

    Severity
    Urgent5
    Qualys ID
    672056
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2263
    CVE Reference
    CVE-2022-1897, CVE-2022-1968, CVE-2022-1735, CVE-2022-1720, CVE-2022-1725, CVE-2022-1733, CVE-2022-1851, CVE-2022-1771, CVE-2022-1785, CVE-2022-1796, CVE-2022-1927
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2263 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2263
  • CVE-2022-2068
    QID: 672054
    Recently Published

    EulerOS Security Update for compat-openssl (EulerOS-SA-2022-2215)

    Severity
    Urgent5
    Qualys ID
    672054
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2215
    CVE Reference
    CVE-2022-2068
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for compat-openssl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2215 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2215
  • CVE-2022-30556+
    QID: 672052
    Recently Published

    EulerOS Security Update for httpd (EulerOS-SA-2022-2222)

    Severity
    Urgent5
    Qualys ID
    672052
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2222
    CVE Reference
    CVE-2022-30556, CVE-2022-26377, CVE-2022-28614, CVE-2022-29404, CVE-2022-28615, CVE-2022-31813, CVE-2022-30522
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2222 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2222
  • CVE-2022-1616+
    QID: 672048
    Recently Published

    EulerOS Security Update for vim (EulerOS-SA-2022-2282)

    Severity
    Urgent5
    Qualys ID
    672048
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2282
    CVE Reference
    CVE-2022-1616, CVE-2022-1942, CVE-2022-1620, CVE-2022-1897, CVE-2022-1968, CVE-2022-1735, CVE-2022-1898, CVE-2022-1674, CVE-2022-1851, CVE-2022-1733, CVE-2022-2042, CVE-2022-1629, CVE-2022-1621, CVE-2022-1796, CVE-2022-2000
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2282 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2282
  • CVE-2022-1664
    QID: 672029
    Recently Published

    EulerOS Security Update for dpkg (EulerOS-SA-2022-2219)

    Severity
    Urgent5
    Qualys ID
    672029
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2219
    CVE Reference
    CVE-2022-1664
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for dpkg to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2219 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2219
  • CVE-2022-30556+
    QID: 672022
    Recently Published

    EulerOS Security Update for httpd (EulerOS-SA-2022-2256)

    Severity
    Urgent5
    Qualys ID
    672022
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2256
    CVE Reference
    CVE-2022-30556, CVE-2022-26377, CVE-2022-28614, CVE-2022-29404, CVE-2022-28615, CVE-2022-31813, CVE-2022-30522
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2256 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2256
  • CVE-2022-2068
    QID: 672020
    Recently Published

    EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2022-2228)

    Severity
    Urgent5
    Qualys ID
    672020
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2228
    CVE Reference
    CVE-2022-2068
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for openssl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2228 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2228
  • CVE-2022-31625+
    QID: 672018
    Recently Published

    EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2022-2229)

    Severity
    Urgent5
    Qualys ID
    672018
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2229
    CVE Reference
    CVE-2022-31625, CVE-2022-31626
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    EulerOS has released a security update(s) for php to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2229 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2229
  • CVE-2019-12256+
    QID: 590996
    In Development

    Hitachi ABB Power Grids Relion 670/650 series Relion SAM600-IO Multiple Vulnerabilities (1MRG035816)

    Severity
    Urgent5
    Qualys ID
    590996
    Vendor Reference
    1MRG035816
    CVE Reference
    CVE-2019-12256, CVE-2019-12258, CVE-2019-12259, CVE-2019-12260, CVE-2019-12261, CVE-2019-12262, CVE-2019-12263, CVE-2019-12265
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    AFFECTED PRODUCTS
    1. Relion 670 series version 2.2.0.9 through version 2.2.0.12
    2. Relion 670 series version 2.2.1.0 through version 2.2.1.5
    3. Relion 670 series version 2.2.2.0 and version 2.2.2.2
    4. Relion 670 series version 2.2.3.0 and version 2.2.3.1
    5. Relion 650 series version 1.3.0.0 through version 1.3.0.6
    6. Relion 650 series version 2.2.0.9 through version 2.2.0.12
    7. Relion 650 series version 2.2.1.0 through version 2.2.1.5
    8. Relion SAM600-IO version 2.2.1.0 through version 2.2.1.4

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    An attacker who successfully exploited these vulnerabilities could affect communication on the Control Network.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section 1MRG035816 for affected packages and patching details.

    Patches
    1MRG035816
  • CVE-2022-1586
    QID: 672066
    Recently Published

    EulerOS Security Update for pcre2 (EulerOS-SA-2022-2276)

    Severity
    Urgent5
    Qualys ID
    672066
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2276
    CVE Reference
    CVE-2022-1586
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    EulerOS has released a security update(s) for pcre2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2276 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2276
  • CVE-2022-1587+
    QID: 672057
    Recently Published

    EulerOS Security Update for pcre2 (EulerOS-SA-2022-2247)

    Severity
    Urgent5
    Qualys ID
    672057
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2247
    CVE Reference
    CVE-2022-1587, CVE-2022-1586
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    EulerOS has released a security update(s) for pcre2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2247 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2247
  • CVE-2022-30594+
    QID: 672045
    Recently Published

    EulerOS Security Update for kernel (EulerOS-SA-2022-2225)

    Severity
    Urgent5
    Qualys ID
    672045
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2225
    CVE Reference
    CVE-2022-30594, CVE-2022-32250, CVE-2022-29581, CVE-2022-20132, CVE-2022-1012, CVE-2022-20141, CVE-2022-1678, CVE-2022-20008, CVE-2022-1729, CVE-2022-32296
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    EulerOS has released a security update(s) for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2225 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2225
  • CVE-2022-26377+
    QID: 672041
    Recently Published

    EulerOS Security Update for httpd (EulerOS-SA-2022-2270)

    Severity
    Urgent5
    Qualys ID
    672041
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2270
    CVE Reference
    CVE-2022-26377, CVE-2022-28614, CVE-2022-29404, CVE-2022-28615, CVE-2022-30522
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    EulerOS has released a security update(s) for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2270 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2270
  • CVE-2022-1587+
    QID: 672035
    Recently Published

    EulerOS Security Update for pcre2 (EulerOS-SA-2022-2260)

    Severity
    Urgent5
    Qualys ID
    672035
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2260
    CVE Reference
    CVE-2022-1587, CVE-2022-1586
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    EulerOS has released a security update(s) for pcre2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2260 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2260
  • CVE-2021-39686+
    QID: 672017
    Recently Published

    EulerOS Security Update for kernel (EulerOS-SA-2022-2244)

    Severity
    Urgent5
    Qualys ID
    672017
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2244
    CVE Reference
    CVE-2021-39686, CVE-2022-30594, CVE-2022-1966, CVE-2022-29581, CVE-2022-32250, CVE-2021-33061, CVE-2022-1652, CVE-2022-1836, CVE-2022-1012, CVE-2022-1195, CVE-2022-1678, CVE-2022-1789, CVE-2022-1729, CVE-2022-1734
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    EulerOS has released a security update(s) for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2244 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2244
  • CVE-2022-28131+
    QID: 283049
    Recently Published

    Fedora Security Update for fzf (FEDORA-2022-30c5ed5625)

    Severity
    Urgent5
    Qualys ID
    283049
    Date Published
    August 18, 2022
    Vendor Reference
    FEDORA-2022-30c5ed5625
    CVE Reference
    CVE-2022-28131, CVE-2022-28327, CVE-2022-32148, CVE-2022-24675, CVE-2022-30631, CVE-2022-30630, CVE-2022-30629, CVE-2022-30635, CVE-2022-30632, CVE-2022-1962, CVE-2022-1705, CVE-2022-27191, CVE-2022-30633, CVE-2022-1996, CVE-2022-29526
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    Fedora has released a security update for fzf to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could be used this vulnerability to change partial contents or configuration on the system and information disclosure.Denial of service may appear in some cases too.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-30c5ed5625
  • CVE-2022-2354
    QID: 150560
    In Development

    WordPress WP-DBManager Plugin: Authenticated Remote Command Execution Vulnerability (CVE-2022-2354)

    Severity
    Urgent5
    Qualys ID
    150560
    Vendor Reference
    WPScan
    CVE Reference
    CVE-2022-2354
    CVSS Scores
    Base 7.2 / Temporal 6.5
    Description
    WP-DBManager is a WordPress plugin, which allows you to optimize database, repair database, backup database, restore database, delete backup database, drop/empty tables and run selected queries.

    The WP-DBManager WordPress plugin does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. Affected Versions:
    WordPress WP-DBManager plugin before 2.80.8

    QID Detection Logic:
    This QID sends a HTTP GET request and checks for vulnerable version of WordPress plugin running on the target application.

    Consequence
    Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target system.

    Solution
    Customers are advised to upgrade to WP-DBManager plugin before 2.80.8 or later version to remediate this vulnerability. For more information regarding this vulnerability please refer WPScan Security Advisory
    Patches
    WPScan
  • QID: 590997
    In Development

    Hitachi ABB Power Grids Relion 670 series Vulnerability (ABB-VU-PPGA-1MRG024910)

    Severity
    Urgent5
    Qualys ID
    590997
    Vendor Reference
    ABB-VU-PPGA-1MRG024910
    CVSS Scores
    Base 10 / Temporal 8.7
    Description

    AFFECTED PRODUCTS
    Relion670 series version 1p1r26 and earlier releases
    Relion 670 series version 1.2.3.17 and earlier releases
    Relion 670 series version 2.0.0.10 and earlier releases (RES670 2.0.0.4 and earlier releases)
    Relion 670 series version 2.1.0.1 and earlier releases

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    An attacker who successfully exploited this vulnerability could retrieve any file on the device flash drive without authentication on the device or make the product inoperative by deleting files from the device flash drive.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ABB-VU-PPGA-1MRG024910 for affected packages and patching details.

    Patches
    ABB-VU-PPGA-1MRG024910
  • CVE-2022-28506
    QID: 672053
    Recently Published

    EulerOS Security Update for giflib (EulerOS-SA-2022-2267)

    Severity
    Critical4
    Qualys ID
    672053
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2267
    CVE Reference
    CVE-2022-28506
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    EulerOS has released a security update(s) for giflib to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2267 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2267
  • CVE-2012-3040
    QID: 590992
    In Development

    Siemens S7-1200 Web Application Cross Site Scripting Vulnerability (ICSA-12-283-01) (SSA-279823)

    Severity
    Critical4
    Qualys ID
    590992
    Vendor Reference
    ICSA-12-283-01
    CVE Reference
    CVE-2012-3040
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description

    Affected Products
    Siemens reports that the vulnerabilities affect the following versions of S7-1200 PLCs:
    V2.x,
    V3.0.0, and
    V3.0.1.
    Impact

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    An attacker that successfully exploits this vulnerability can run malicious JavaScript code on the target machine. Malicious code can execute various actions such as modify browser contents delivered from the PLC, steal session data, and issue commands from the PLCs Web server.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-12-283-01 for affected packages and patching details.

    Patches
    ICSA-12-283-01
  • CVE-2022-2294
    QID: 180945
    Recently Published

    Debian Security Update for wpewebkitwebkit2gtk (CVE-2022-2294)

    Severity
    Critical4
    Qualys ID
    180945
    Date Published
    August 18, 2022
    Vendor Reference
    CVE-2022-2294
    CVE Reference
    CVE-2022-2294
    CVSS Scores
    Base 8.8 / Temporal 8.2
    Description
    Debian has released a security update for wpewebkit,webkit2gtk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory CVE-2022-2294 for updates and patch information.
    Patches
    Debian CVE-2022-2294
  • CVE-2021-3839+
    QID: 672079
    Recently Published

    EulerOS Security Update for dpdk (EulerOS-SA-2022-2241)

    Severity
    Critical4
    Qualys ID
    672079
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2241
    CVE Reference
    CVE-2021-3839, CVE-2022-0669
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for dpdk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2241 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2241
  • CVE-2021-3839+
    QID: 672077
    Recently Published

    EulerOS Security Update for dpdk (EulerOS-SA-2022-2254)

    Severity
    Critical4
    Qualys ID
    672077
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2254
    CVE Reference
    CVE-2021-3839, CVE-2022-0669
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for dpdk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2254 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2254
  • CVE-2022-1552
    QID: 672071
    Recently Published

    EulerOS Security Update for postgresql (EulerOS-SA-2022-2278)

    Severity
    Critical4
    Qualys ID
    672071
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2278
    CVE Reference
    CVE-2022-1552
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for postgresql to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2278 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2278
  • CVE-2022-1354
    QID: 672065
    Recently Published

    EulerOS Security Update for libtiff (EulerOS-SA-2022-2259)

    Severity
    Critical4
    Qualys ID
    672065
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2259
    CVE Reference
    CVE-2022-1354
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for libtiff to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2259 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2259
  • CVE-2022-0934
    QID: 672062
    Recently Published

    EulerOS Security Update for dnsmasq (EulerOS-SA-2022-2239)

    Severity
    Critical4
    Qualys ID
    672062
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2239
    CVE Reference
    CVE-2022-0934
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for dnsmasq to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2239 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2239
  • CVE-2022-1354
    QID: 672059
    Recently Published

    EulerOS Security Update for libtiff (EulerOS-SA-2022-2246)

    Severity
    Critical4
    Qualys ID
    672059
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2246
    CVE Reference
    CVE-2022-1354
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for libtiff to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2246 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2246
  • CVE-2021-3670
    QID: 672058
    Recently Published

    EulerOS Security Update for samba (EulerOS-SA-2022-2249)

    Severity
    Critical4
    Qualys ID
    672058
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2249
    CVE Reference
    CVE-2021-3670
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for samba to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2249 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2249
  • CVE-2022-28737
    QID: 672050
    Recently Published

    EulerOS Security Update for shim (EulerOS-SA-2022-2235)

    Severity
    Critical4
    Qualys ID
    672050
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2235
    CVE Reference
    CVE-2022-28737
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for shim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2235 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2235
  • CVE-2022-1552
    QID: 672040
    Recently Published

    EulerOS Security Update for postgresql (EulerOS-SA-2022-2231)

    Severity
    Critical4
    Qualys ID
    672040
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2231
    CVE Reference
    CVE-2022-1552
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for postgresql to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2231 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2231
  • CVE-2022-28737
    QID: 672038
    Recently Published

    EulerOS Security Update for shim (EulerOS-SA-2022-2280)

    Severity
    Critical4
    Qualys ID
    672038
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2280
    CVE Reference
    CVE-2022-28737
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for shim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2280 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2280
  • CVE-2022-0934
    QID: 672027
    Recently Published

    EulerOS Security Update for dnsmasq (EulerOS-SA-2022-2252)

    Severity
    Critical4
    Qualys ID
    672027
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2252
    CVE Reference
    CVE-2022-0934
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for dnsmasq to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2252 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2252
  • CVE-2021-3670
    QID: 672025
    Recently Published

    EulerOS Security Update for samba (EulerOS-SA-2022-2262)

    Severity
    Critical4
    Qualys ID
    672025
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2262
    CVE Reference
    CVE-2021-3670
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    EulerOS has released a security update(s) for samba to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2262 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2262
  • QID: 283048
    Recently Published

    Fedora Security Update for python (FEDORA-2022-21cf5402fc)

    Severity
    Critical4
    Qualys ID
    283048
    Date Published
    August 18, 2022
    Vendor Reference
    FEDORA-2022-21cf5402fc
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for python to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-21cf5402fc
  • CVE-2022-32816+
    QID: 180944
    Recently Published

    Debian Security Update for webkit2gtk (DLA 3073-1)

    Severity
    Critical4
    Qualys ID
    180944
    Date Published
    August 18, 2022
    Vendor Reference
    DLA 3073-1
    CVE Reference
    CVE-2022-32816, CVE-2022-32792
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for webkit2gtk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3073-1 for updates and patch information.
    Patches
    Debian DLA 3073-1
  • CVE-2022-27781+
    QID: 672064
    Recently Published

    EulerOS Security Update for curl (EulerOS-SA-2022-2217)

    Severity
    Critical4
    Qualys ID
    672064
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2217
    CVE Reference
    CVE-2022-27781, CVE-2022-22576, CVE-2022-27782
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    EulerOS has released a security update(s) for curl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2217 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2217
  • CVE-2022-2817
    QID: 902747
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10554)

    Severity
    Critical4
    Qualys ID
    902747
    Date Published
    August 18, 2022
    Vendor Reference
    Mariner_2.0_10554
    CVE Reference
    CVE-2022-2817
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-2819
    QID: 902745
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10555)

    Severity
    Critical4
    Qualys ID
    902745
    Date Published
    August 18, 2022
    Vendor Reference
    Mariner_2.0_10555
    CVE Reference
    CVE-2022-2819
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-2816
    QID: 902744
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10553)

    Severity
    Critical4
    Qualys ID
    902744
    Date Published
    August 18, 2022
    Vendor Reference
    Mariner_2.0_10553
    CVE Reference
    CVE-2022-2816
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-25255
    QID: 672080
    Recently Published

    EulerOS Security Update for qt5-qtbase (EulerOS-SA-2022-2233)

    Severity
    Critical4
    Qualys ID
    672080
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2233
    CVE Reference
    CVE-2022-25255
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for qt5-qtbase to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2233 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2233
  • CVE-2022-32545+
    QID: 672078
    Recently Published

    EulerOS Security Update for imagemagick (EulerOS-SA-2022-2271)

    Severity
    Critical4
    Qualys ID
    672078
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2271
    CVE Reference
    CVE-2022-32545, CVE-2022-32547
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for imagemagick to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2271 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2271
  • CVE-2022-1920+
    QID: 672070
    Recently Published

    EulerOS Security Update for gstreamer1-plugins-good (EulerOS-SA-2022-2269)

    Severity
    Critical4
    Qualys ID
    672070
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2269
    CVE Reference
    CVE-2022-1920, CVE-2022-1923, CVE-2022-1924, CVE-2022-1922, CVE-2022-2122, CVE-2022-1921, CVE-2022-1925
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for gstreamer1-plugins-good to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2269 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2269
  • CVE-2021-35331
    QID: 672067
    Recently Published

    EulerOS Security Update for tcl (EulerOS-SA-2022-2236)

    Severity
    Critical4
    Qualys ID
    672067
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2236
    CVE Reference
    CVE-2021-35331
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for tcl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2236 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2236
  • CVE-2021-35331
    QID: 672051
    Recently Published

    EulerOS Security Update for tcl (EulerOS-SA-2022-2281)

    Severity
    Critical4
    Qualys ID
    672051
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2281
    CVE Reference
    CVE-2021-35331
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for tcl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2281 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2281
  • CVE-2022-29162+
    QID: 672049
    Recently Published

    EulerOS Security Update for docker-engine (EulerOS-SA-2022-2240)

    Severity
    Critical4
    Qualys ID
    672049
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2240
    CVE Reference
    CVE-2022-29162, CVE-2021-41091, CVE-2021-41092, CVE-2021-41190, CVE-2021-41089
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for docker-engine to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2240 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2240
  • CVE-2022-1215
    QID: 672044
    Recently Published

    EulerOS Security Update for libinput (EulerOS-SA-2022-2258)

    Severity
    Critical4
    Qualys ID
    672044
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2258
    CVE Reference
    CVE-2022-1215
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for libinput to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2258 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2258
  • CVE-2022-26981+
    QID: 672039
    Recently Published

    EulerOS Security Update for liblouis (EulerOS-SA-2022-2226)

    Severity
    Critical4
    Qualys ID
    672039
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2226
    CVE Reference
    CVE-2022-26981, CVE-2022-31783
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for liblouis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2226 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2226
  • CVE-2021-39686+
    QID: 672037
    Recently Published

    EulerOS Security Update for kernel (EulerOS-SA-2022-2257)

    Severity
    Critical4
    Qualys ID
    672037
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2257
    CVE Reference
    CVE-2021-39686, CVE-2022-1966, CVE-2022-29581, CVE-2021-33061, CVE-2022-1652, CVE-2022-1836, CVE-2022-1678, CVE-2022-1734, CVE-2022-1729, CVE-2022-1789
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2257 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2257
  • CVE-2019-25059
    QID: 672034
    Recently Published

    EulerOS Security Update for ghostscript (EulerOS-SA-2022-2266)

    Severity
    Critical4
    Qualys ID
    672034
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2266
    CVE Reference
    CVE-2019-25059
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for ghostscript to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2266 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2266
  • CVE-2019-25059
    QID: 672033
    Recently Published

    EulerOS Security Update for ghostscript (EulerOS-SA-2022-2220)

    Severity
    Critical4
    Qualys ID
    672033
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2220
    CVE Reference
    CVE-2019-25059
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for ghostscript to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2220 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2220
  • CVE-2022-29162+
    QID: 672019
    Recently Published

    EulerOS Security Update for docker-engine (EulerOS-SA-2022-2253)

    Severity
    Critical4
    Qualys ID
    672019
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2253
    CVE Reference
    CVE-2022-29162, CVE-2021-41091, CVE-2021-41092, CVE-2021-41190, CVE-2021-41089
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for docker-engine to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2253 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2253
  • CVE-2022-0854+
    QID: 672016
    Recently Published

    EulerOS Security Update for kernel (EulerOS-SA-2022-2273)

    Severity
    Critical4
    Qualys ID
    672016
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2273
    CVE Reference
    CVE-2022-0854, CVE-2021-33061, CVE-2022-0850, CVE-2022-1652, CVE-2022-20132, CVE-2022-33981, CVE-2022-20166, CVE-2022-1729, CVE-2021-39636
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2273 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2273
  • CVE-2022-1215
    QID: 672014
    Recently Published

    EulerOS Security Update for libinput (EulerOS-SA-2022-2245)

    Severity
    Critical4
    Qualys ID
    672014
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2245
    CVE Reference
    CVE-2022-1215
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    EulerOS has released a security update(s) for libinput to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2245 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2245
  • CVE-2022-1404+
    QID: 590990
    In Development

    Delta Electronics CNCSoft Multiple Vulnerabilities (ICSA-22-132-01)

    Severity
    Critical4
    Qualys ID
    590990
    Vendor Reference
    ICSA-22-132-01
    CVE Reference
    CVE-2022-1404, CVE-2022-1405
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    AFFECTED PRODUCTS
    The following versions of CNCSoft, a software management platform, are affected:
    CNCSoft: All versions prior to 1.01.32

    QID Detection Logic (Authenticated)
    QID checks for the Vulnerable version using windows registry keys

    Consequence
    Successful exploitation of these vulnerabilities could allow arbitrary code execution or information disclosure.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-22-132-01 for affected packages and patching details.

    Patches
    ICSA-22-132-01
  • CVE-2022-24795
    QID: 902748
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for rubygem-yajl-ruby (10552)

    Severity
    Critical4
    Qualys ID
    902748
    Date Published
    August 18, 2022
    Vendor Reference
    Mariner_2.0_10552
    CVE Reference
    CVE-2022-24795
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for rubygem-yajl-ruby to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30629
    QID: 902746
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10550)

    Severity
    Critical4
    Qualys ID
    902746
    Date Published
    August 18, 2022
    Vendor Reference
    Mariner_2.0_10550
    CVE Reference
    CVE-2022-30629
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-28739
    QID: 672081
    Recently Published

    EulerOS Security Update for ruby (EulerOS-SA-2022-2261)

    Severity
    Critical4
    Qualys ID
    672081
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2261
    CVE Reference
    CVE-2022-28739
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for ruby to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2261 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2261
  • CVE-2021-22570
    QID: 672075
    Recently Published

    EulerOS Security Update for protobuf (EulerOS-SA-2022-2279)

    Severity
    Critical4
    Qualys ID
    672075
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2279
    CVE Reference
    CVE-2021-22570
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for protobuf to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2279 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2279
  • CVE-2021-41089+
    QID: 672074
    Recently Published

    EulerOS Security Update for docker-engine (EulerOS-SA-2022-2218)

    Severity
    Critical4
    Qualys ID
    672074
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2218
    CVE Reference
    CVE-2021-41089, CVE-2021-41091, CVE-2021-41092, CVE-2021-41190
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for docker-engine to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2218 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2218
  • CVE-2022-21476
    QID: 672068
    Recently Published

    EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2022-2224)

    Severity
    Critical4
    Qualys ID
    672068
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2224
    CVE Reference
    CVE-2022-21476
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for java-1.8.0-openjdk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2224 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2224
  • CVE-2021-35588+
    QID: 672061
    Recently Published

    EulerOS Security Update for java-1.8.0-openjdk (EulerOS-SA-2022-2272)

    Severity
    Critical4
    Qualys ID
    672061
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2272
    CVE Reference
    CVE-2021-35588, CVE-2022-21476
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for java-1.8.0-openjdk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2272 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2272
  • CVE-2022-28739
    QID: 672047
    Recently Published

    EulerOS Security Update for ruby (EulerOS-SA-2022-2248)

    Severity
    Critical4
    Qualys ID
    672047
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2248
    CVE Reference
    CVE-2022-28739
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for ruby to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2248 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2248
  • CVE-2022-27455+
    QID: 672046
    Recently Published

    EulerOS Security Update for mariadb (EulerOS-SA-2022-2275)

    Severity
    Critical4
    Qualys ID
    672046
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2275
    CVE Reference
    CVE-2022-27455, CVE-2022-27457, CVE-2022-31624, CVE-2022-27383, CVE-2022-27386
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for mariadb to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2275 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2275
  • CVE-2021-46662+
    QID: 672043
    Recently Published

    EulerOS Security Update for mariadb (EulerOS-SA-2022-2227)

    Severity
    Critical4
    Qualys ID
    672043
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2227
    CVE Reference
    CVE-2021-46662, CVE-2022-27384, CVE-2022-27380, CVE-2022-31623, CVE-2022-27455, CVE-2022-31622, CVE-2022-27381, CVE-2022-27457, CVE-2022-31624, CVE-2022-27383, CVE-2022-27378, CVE-2022-27385, CVE-2022-31621, CVE-2022-27448, CVE-2022-27387, CVE-2022-27445, CVE-2022-27386, CVE-2021-46658
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for mariadb to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2227 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2227
  • CVE-2022-1949
    QID: 672036
    Recently Published

    EulerOS Security Update for 389-ds-base (EulerOS-SA-2022-2264)

    Severity
    Critical4
    Qualys ID
    672036
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2264
    CVE Reference
    CVE-2022-1949
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for 389-ds-base to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2264 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2264
  • CVE-2022-27781+
    QID: 672030
    Recently Published

    EulerOS Security Update for curl (EulerOS-SA-2022-2251)

    Severity
    Critical4
    Qualys ID
    672030
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2251
    CVE Reference
    CVE-2022-27781, CVE-2022-27782
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for curl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2251 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2251
  • CVE-2022-27781+
    QID: 672028
    Recently Published

    EulerOS Security Update for curl (EulerOS-SA-2022-2238)

    Severity
    Critical4
    Qualys ID
    672028
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2238
    CVE Reference
    CVE-2022-27781, CVE-2022-27782
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for curl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2238 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2238
  • CVE-2021-22570
    QID: 672024
    Recently Published

    EulerOS Security Update for protobuf (EulerOS-SA-2022-2232)

    Severity
    Critical4
    Qualys ID
    672024
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2232
    CVE Reference
    CVE-2021-22570
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for protobuf to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2232 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2232
  • CVE-2021-41089+
    QID: 672023
    Recently Published

    EulerOS Security Update for docker (EulerOS-SA-2022-2265)

    Severity
    Critical4
    Qualys ID
    672023
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2265
    CVE Reference
    CVE-2021-41089, CVE-2021-41091, CVE-2021-41092
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    EulerOS has released a security update(s) for docker to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2265 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2265
  • CVE-2022-0778
    QID: 590999
    In Development

    PHOENIX CONTACT FL MGUARD, TC MGUARD, mGuard Device Manager and FL WLAN devices Vulnerability (VDE-2022-013)

    Severity
    Critical4
    Qualys ID
    590999
    Vendor Reference
    VDE-2022-013
    CVE Reference
    CVE-2022-0778
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    AFFECTED PRODUCTS
    For following products affected version is 8.8.5 and prior
    FL MGUARD RS2000 TX/TX VPN
    FL MGUARD RS2005 TX VPN
    TC MGUARD RS2000 3G VPN
    FL MGUARD RS4000 TX/TX
    FL MGUARD RS4000 TX/TX VPN
    FL MGUARD RS4004 TX/DTX
    FL MGUARD RS4004 TX/DTX VPN
    TC MGUARD RS4000 3G VPN
    FL MGUARD RS2000 TX/TX-B
    FL MGUARD RS4000 TX/TX-P
    FL MGUARD RS4000 TX/TX-M
    FL MGUARD PCI4000
    FL MGUARD PCI4000 VPN
    FL MGUARD PCIE4000
    FL MGUARD PCIE4000 VPN
    FL MGUARD DELTA TX/TX
    FL MGUARD DELTA TX/TX VPN
    FL MGUARD SMART2
    FL MGUARD SMART2 VPN
    FL MGUARD CORE TX
    FL MGUARD CORE TX VPN
    FL MGUARD SMART2 VPN/K1
    FL MGUARD RS4000 TX/TX VPN/K1
    FL MGUARD PCIE4000 VPN/K2
    FL MGUARD RS4000 VPN/K2
    FL MGUARD PCI4000 VPN/K2
    TC MGUARD RS2000 4G VPN
    TC MGUARD RS4000 4G VPN
    TC MGUARD RS4000 4G VZW VPN
    TC MGUARD RS2000 4G VZW VPN
    TC MGUARD RS4000 4G ATT VPN
    TC MGUARD RS2000 4G ATT VPN
    FL MGUARD GT/GT
    FL MGUARD GT/GT VPN
    FL MGUARD CENTERPORT
    FL MGUARD CENTERPORT VPN-1000
    For following products affected version is 1.13.0.1 and prior
    FL MGUARD DM UNLIMITED
    For following products affected version is 2.70 and prior
    FL WLAN 1010
    FL WLAN 1011
    FL WLAN 1100
    FL WLAN 1101
    FL WLAN 2010
    FL WLAN 2011
    FL WLAN 2100
    FL WLAN 2101
    For following products affected version is 3.21 and prior
    FL WLAN 5100
    FL WLAN 5101
    FL WLAN 5102
    FL WLAN 5110
    FL WLAN 5111

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    By sending a crafted certificate, attackers may trigger an infinite loop in the receiving service. This may cause the service to become unavailable. Additionally, the availability of other services may be reduced due to high CPU load.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section VDE-2022-013 for affected packages and patching details.

    Patches
    VDE-2022-013
  • CVE-2019-5149
    QID: 590995
    In Development

    WAGO PFC100/200 Web-Based Management (WBM) FastCGI configuration insufficient resource pool denial of service (DoS) Vulnerability (TALOS-2019-0939)

    Severity
    Critical4
    Qualys ID
    590995
    Vendor Reference
    TALOS-2019-0939
    CVE Reference
    CVE-2019-5149
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    AFFECTED PRODUCTS
    WAGO PFC200 Firmware version 03.00.39(12) WAGO PFC200 Firmware version 03.01.07(13) WAGO PFC100 Firmware version 03.00.39(12) WAGO PFC100 Firmware version 03.02.02(14)
    Based on inspection of various firmware versions, this vulnerability appears to impact all versions from the current and going back to at least 10 and likely earlier.

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    The WBM web application on firmwares prior to 03.02.02 and 03.01.07 on the WAGO PFC100 and PFC2000, respectively, runs on a lighttpd web server and makes use of the FastCGI module, which is intended to provide high performance for all Internet applications without the penalties of Web server APIs. However, the default configuration of this module appears to limit the number of concurrent php-cgi processes to two, which can be abused to cause a denial of service of the entire web server.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section TALOS-2019-0939 for affected packages and patching details.

    Patches
    TALOS-2019-0939
  • CVE-2019-5134
    QID: 590993
    In Development

    WAGO PFC100/200 Web-Based Management (WBM) Authentication Regex Information Disclosure Vulnerability (TALOS-2019-0923)

    Severity
    Critical4
    Qualys ID
    590993
    Vendor Reference
    TALOS-2019-0923
    CVE Reference
    CVE-2019-5134
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    AFFECTED PRODUCTS
    WAGO PFC200 Firmware version 03.00.39(12) WAGO PFC200 Firmware version 03.01.07(13) WAGO PFC100 Firmware version 03.00.39(12)
    Based on inspection of various firmware versions, this vulnerability appears to impact all versions from the current and going back to at least 10 and likely earlier.

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC100/200 controllers. A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section TALOS-2019-0923 for affected packages and patching details.

    Patches
    TALOS-2019-0923
  • CVE-2021-3696+
    QID: 672031
    Recently Published

    EulerOS Security Update for grub2 (EulerOS-SA-2022-2255)

    Severity
    Critical4
    Qualys ID
    672031
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2255
    CVE Reference
    CVE-2021-3696, CVE-2021-3697, CVE-2022-28735, CVE-2021-3695, CVE-2022-28733, CVE-2022-28736, CVE-2022-28734
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    EulerOS has released a security update(s) for grub2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2255 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2255
  • CVE-2021-3696+
    QID: 672026
    Recently Published

    EulerOS Security Update for grub2 (EulerOS-SA-2022-2221)

    Severity
    Critical4
    Qualys ID
    672026
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2221
    CVE Reference
    CVE-2021-3696, CVE-2021-3697, CVE-2021-3695, CVE-2022-28733, CVE-2022-28736, CVE-2022-28734
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    EulerOS has released a security update(s) for grub2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2221 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2221
  • CVE-2021-3696+
    QID: 672021
    Recently Published

    EulerOS Security Update for grub2 (EulerOS-SA-2022-2242)

    Severity
    Critical4
    Qualys ID
    672021
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2242
    CVE Reference
    CVE-2021-3696, CVE-2021-3697, CVE-2022-28735, CVE-2021-3695, CVE-2022-28733, CVE-2022-28736, CVE-2022-28734
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    EulerOS has released a security update(s) for grub2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2242 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP10 EulerOS-SA-2022-2242
  • CVE-2021-35549+
    QID: 296068
    Recently Published

    Oracle Solaris 11.4 Support Repository Update (SRU) 34.94.4 Missing (CPUAPR2021)

    Severity
    Serious3
    Qualys ID
    296068
    Date Published
    August 18, 2022
    Vendor Reference
    Solaris 11.4 SRU 34
    CVE Reference
    CVE-2021-35549, CVE-2021-2381, CVE-2021-25214, CVE-2021-25215, CVE-2021-25216, CVE-2021-28658, CVE-2021-31542, CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29921, CVE-2021-20227, CVE-2021-23961, CVE-2021-23991, CVE-2021-23992, CVE-2021-23993, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948, CVE-2021-29949, CVE-2021-1788, CVE-2021-1844, CVE-2021-1871, CVE-2021-22207
    CVSS Scores
    Base 9.8 / Temporal 9.1
    Description
    The target does not have Solaris 11.4 SRU 34.94.4 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 3: Published on 2021-06-15

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 34. Refer to Oracle Solaris 11.4 SRU 34.94.4 for more information.
    Patches
    CPUAPR2021
  • CVE-2022-21263+
    QID: 296065
    Recently Published

    Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)

    Severity
    Serious3
    Qualys ID
    296065
    Date Published
    August 18, 2022
    Vendor Reference
    Solaris 11.4 SRU 39
    CVE Reference
    CVE-2022-21263, CVE-2022-21298, CVE-2021-35517, CVE-2021-36090, CVE-2021-36373, CVE-2021-36374, CVE-2017-12613, CVE-2021-35940, CVE-2021-30640, CVE-2021-33037, CVE-2008-2711, CVE-2020-36386, CVE-2021-36386, CVE-2020-16042, CVE-2020-26950, CVE-2020-26968, CVE-2020-35113, CVE-2021-23960, CVE-2021-23964, CVE-2021-29955, CVE-2021-29967, CVE-2021-3530, CVE-2021-3497, CVE-2021-3498, CVE-2021-3522, CVE-2018-19490, CVE-2018-19491, CVE-2018-19492, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603, CVE-2021-3517, CVE-2021-3522, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35560, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603, CVE-2021-40528, CVE-2021-3580, CVE-2021-22959, CVE-2021-22960, CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2021-39134, CVE-2021-39135, CVE-2020-7942, CVE-2021-23437, CVE-2020-5419, CVE-2021-22116, CVE-2021-22117, CVE-2021-32719, CVE-2020-36317, CVE-2020-36318, CVE-2021-28875, CVE-2021-28876, CVE-2021-28877, CVE-2021-28878, CVE-2021-28879, CVE-2021-29922, CVE-2021-36690, CVE-2021-20254, CVE-2020-25097, CVE-2021-28116, CVE-2021-28651, CVE-2021-28652, CVE-2021-28662, CVE-2021-31806, CVE-2021-31807, CVE-2021-31808, CVE-2021-33620, CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826, CVE-2021-21775, CVE-2021-21779, CVE-2021-21806, CVE-2021-30661, CVE-2021-30663, CVE-2021-30665, CVE-2021-30666, CVE-2021-30682, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30758, CVE-2021-30761, CVE-2021-30762, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799, CVE-2021-30858, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2019-20388, CVE-2020-24977, CVE-2020-7595, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541
    CVSS Scores
    Base 9.8 / Temporal 9.1
    Description
    The target does not have Solaris 11.4 SRU 39.107.1 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 2: Published on 2021-11-16

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 39. Refer to Oracle Solaris 11.4 SRU 39.107.1 for more information.
    Patches
    CPUOCT2021
  • CVE-2022-21514+
    QID: 296064
    Recently Published

    Oracle Solaris 11.4 Support Repository Update (SRU) 46.119.2 Missing (CPUAPR2022)

    Severity
    Serious3
    Qualys ID
    296064
    Date Published
    August 18, 2022
    Vendor Reference
    Solaris 11.4 SRU 46
    CVE Reference
    CVE-2022-21514, CVE-2022-28346, CVE-2022-28347, CVE-2022-1097, CVE-2022-1196, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917, CVE-2022-1097, CVE-2022-1196, CVE-2022-1197, CVE-2022-1520, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917, CVE-2018-25032
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    The target does not have Solaris 11.4 SRU 46.119.2 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 3: Published on 2022-06-17

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 46. Refer to Oracle Solaris 11.4 SRU 46.119.2 for more information.
    Patches
    CPUAPR2022
  • CVE-2022-21524+
    QID: 296063
    Recently Published

    Oracle Solaris 11.4 Support Repository Update (SRU) 45.119.2 Missing (CPUAPR2022)

    Severity
    Serious3
    Qualys ID
    296063
    Date Published
    August 18, 2022
    Vendor Reference
    Solaris 11.4 SRU 45
    CVE Reference
    CVE-2022-21524, CVE-2021-25220, CVE-2021-3448, CVE-2021-34558, CVE-2021-36221, CVE-2021-41771, CVE-2021-41772, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496, CVE-2021-43519, CVE-2020-0499, CVE-2021-0561, CVE-2021-22946, CVE-2022-21245, CVE-2022-21270, CVE-2022-21303, CVE-2022-21304, CVE-2022-21344, CVE-2022-21367, CVE-2021-4115, CVE-2020-29651, CVE-2021-4217, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0408, CVE-2022-0413, CVE-2022-0417, CVE-2022-0443, CVE-2022-0554, CVE-2022-0572, CVE-2022-0629, CVE-2022-0685, CVE-2022-0696, CVE-2022-0714, CVE-2022-0729, CVE-2022-4187, CVE-2021-30809, CVE-2021-30818, CVE-2021-30823, CVE-2021-30836, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-45481, CVE-2021-45482, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22620, CVE-2022-24130, CVE-2021-45444, CVE-2022-23308
    CVSS Scores
    Base 9.8 / Temporal 9.1
    Description
    The target does not have Solaris 11.4 SRU 45.119.2 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 2: Published on 2022-05-17

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 45. Refer to Oracle Solaris 11.4 SRU 45.119.2 for more information.
    Patches
    CPUAPR2022
  • CVE-2022-21461+
    QID: 296062
    Recently Published

    Oracle Solaris 11.4 Support Repository Update (SRU) 43.113.3 Missing (CPUJAN2022)

    Severity
    Serious3
    Qualys ID
    296062
    Date Published
    August 18, 2022
    Vendor Reference
    Solaris 11.4 SRU 43
    CVE Reference
    CVE-2022-21461, CVE-2022-21463, CVE-2020-9484, CVE-2022-23181, CVE-2021-45115, CVE-2021-45116, CVE-2021-45452, CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22744, CVE-2022-22745, CVE-2022-22746, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751, CVE-2022-22753, CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764, CVE-2021-45078, CVE-2021-43818, CVE-2021-44531, CVE-2021-44532, CVE-2021-44533, CVE-2022-21824, CVE-2021-33430, CVE-2021-34141, CVE-2021-41495, CVE-2021-41496, CVE-2021-44540, CVE-2021-44541, CVE-2021-44542, CVE-2021-44543, CVE-2021-3733, CVE-2021-3737, CVE-2022-22815, CVE-2022-22816, CVE-2022-22817, CVE-2021-41817, CVE-2021-41819, CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22744, CVE-2022-22745, CVE-2022-22746, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751, CVE-2022-22753, CVE-2022-22754, CVE-2022-22756, CVE-2022-22759, CVE-2022-22760, CVE-2022-22761, CVE-2022-22763, CVE-2022-22764, CVE-2021-4181, CVE-2021-4182, CVE-2021-4183, CVE-2021-4184, CVE-2021-4185, CVE-2022-0581, CVE-2022-0582, CVE-2022-0583, CVE-2022-0585, CVE-2022-0586
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    The target does not have Solaris 11.4 SRU 43.113.3 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 4: Published on 2022-03-15

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 43. Refer to Oracle Solaris 11.4 SRU 43.113.3 for more information.
    Patches
    cpujan2022
  • CVE-2022-26691
    QID: 672063
    Recently Published

    EulerOS Security Update for cups (EulerOS-SA-2022-2216)

    Severity
    Serious3
    Qualys ID
    672063
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2216
    CVE Reference
    CVE-2022-26691
    CVSS Scores
    Base 6.7 / Temporal 5.8
    Description
    EulerOS has released a security update(s) for cups to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2216 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2216
  • CVE-2021-3596
    QID: 672055
    Recently Published

    EulerOS Security Update for imagemagick (EulerOS-SA-2022-2223)

    Severity
    Serious3
    Qualys ID
    672055
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2223
    CVE Reference
    CVE-2021-3596
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    EulerOS has released a security update(s) for imagemagick to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2223 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2223
  • CVE-2020-11420
    QID: 590998
    In Development

    ABB UPS Adapter CS141 Vulnerability (ABBVU-ELSP-4178-2150)

    Severity
    Serious3
    Qualys ID
    590998
    Vendor Reference
    ABBVU-ELSP-4178-2150
    CVE Reference
    CVE-2020-11420
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description

    AFFECTED PRODUCTS
    The vulnerability affects the products listed below. Affected firmware versions are 1.66 - 1.88.
    4NWP102879R0001 CS141 Advanced - Box
    4NWP102880R0001 CS141 Advanced - Slot
    4NWP102881R0001 CS141 ModBus - Box
    4NWP102882R0001 CS141 ModBus - Slot
    4NWP102687R0001 CS141 Basic - Box
    4NWP102688R0001 CS141 Basic - Slot

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    An attacker who successfully exploited this vulnerability could read arbitrary files and directories from the UPS Adapter CS141
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ABBVU-ELSP-4178-2150 for affected packages and patching details.

    Patches
    ABBVU-ELSP-4178-2150
  • CVE-2022-20713
    QID: 317216
    Recently Published

    Cisco Adaptive Security Appliance (ASA) Software Clientless Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client-Side Request Smuggling Vulnerability (cisco-sa-asa-webvpn-LOeKsNmO)

    Severity
    Serious3
    Qualys ID
    317216
    Date Published
    August 18, 2022
    Vendor Reference
    cisco-sa-asa-webvpn-LOeKsNmO
    CVE Reference
    CVE-2022-20713
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    A vulnerability in the Clientless SSL VPN (WebVPN) component of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks.

    Affected Products
    Cisco ASA Software earlier than Release 9.17(1) and had the Clientless SSL VPN feature enabled.

    QID Detection Logic (Authenticated):
    The check matches Cisco ASA OS version retrieved via Unix Auth using "version" command.

    Consequence
    A successful exploit could allow the attacker to conduct browser-based attacks

    Solution

    Customers are advised to refer to cisco-sa-asa-webvpn-LOeKsNmO for more information.

    Patches
    cisco-sa-asa-webvpn-LOeKsNmO
  • CVE-2022-26491
    QID: 672042
    Recently Published

    EulerOS Security Update for pidgin (EulerOS-SA-2022-2277)

    Severity
    Serious3
    Qualys ID
    672042
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2277
    CVE Reference
    CVE-2022-26491
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    EulerOS has released a security update(s) for pidgin to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2277 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2277
  • CVE-2022-26491
    QID: 672015
    Recently Published

    EulerOS Security Update for pidgin (EulerOS-SA-2022-2230)

    Severity
    Serious3
    Qualys ID
    672015
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2230
    CVE Reference
    CVE-2022-26491
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    EulerOS has released a security update(s) for pidgin to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2230 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2230
  • CVE-2019-5135
    QID: 590994
    In Development

    WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability (TALOS-2019-0924)

    Severity
    Serious3
    Qualys ID
    590994
    Vendor Reference
    TALOS-2019-0924
    CVE Reference
    CVE-2019-5135
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description

    AFFECTED PRODUCTS
    WAGO PFC200 Firmware version 03.00.39(12) WAGO PFC200 Firmware version 03.01.07(13) WAGO PFC100 Firmware version 03.00.39(12)
    Based on inspection of various firmware versions, this vulnerability appears to impact all versions from the current and going back to at least 10 and likely earlier.

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt() function which can be exploited to disclose hashed user credentials.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section TALOS-2019-0924 for affected packages and patching details.

    Patches
    https://talosintelligence.com/vulnerability_reports/TALOS-2019-0924
  • CVE-2015-5374
    QID: 590991
    In Development

    Siemens SIPROTEC Denial-of-Service (DoS) Vulnerability (ICSA-15-202-01) (SSA-732541)

    Severity
    Serious3
    Qualys ID
    590991
    Vendor Reference
    ICSA-15-202-01
    CVE Reference
    CVE-2015-5374
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description

    AFFECTED PRODUCTS
    Siemens reports that the vulnerability affects the following versions:
    SIPROTEC 4 and SIPROTEC Compact product families
    All devices that include the EN100 Ethernet module version V4.24 or prior.

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    An attacker could remotely cause a denial of service by exploiting this vulnerability.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-15-202-01 for affected packages and patching details.

    Patches
    ICSA-15-202-01
  • CVE-2020-17525+
    QID: 296067
    Recently Published

    Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)

    Severity
    Serious3
    Qualys ID
    296067
    Date Published
    August 18, 2022
    Vendor Reference
    Solaris 11.4 SRU 33
    CVE Reference
    CVE-2020-17525, CVE-2020-35492, CVE-2021-28153, CVE-2020-36241, CVE-2021-28650, CVE-2020-14150, CVE-2021-26937, CVE-2021-21300, CVE-2021-40330, CVE-2021-20176, CVE-2021-20241, CVE-2021-20245, CVE-2021-20246, CVE-2021-2161, CVE-2021-2163, CVE-2020-28493, CVE-2020-14409, CVE-2020-14410, CVE-2020-19143, CVE-2020-35521, CVE-2020-35522, CVE-2020-35523, CVE-2020-35524, CVE-2021-3181, CVE-2020-14871, CVE-2021-28041, CVE-2021-41617, CVE-2021-23839, CVE-2021-23840, CVE-2021-23841, CVE-2020-14343, CVE-2020-1747, CVE-2020-35654, CVE-2021-25289, CVE-2021-25290, CVE-2021-25291, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922, CVE-2021-27923, CVE-2020-36242, CVE-2019-11750, CVE-2019-9792, CVE-2020-27918, CVE-2020-29623, CVE-2020-9947, CVE-2021-1765, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870, CVE-2021-26937, CVE-2021-27135, CVE-2007-1562, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2020-29599
    CVSS Scores
    Base 10 / Temporal 9.3
    Description
    The target does not have Solaris 11.4 SRU 33.94.0 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 2: Published on 2021-05-18

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 33. Refer to Oracle Solaris 11.4 SRU 33.94.0 for more information.
    Patches
    CPUAPR2021
  • CVE-2022-21375+
    QID: 296066
    Recently Published

    Oracle Solaris 11.4 Support Repository Update (SRU) 40.107.3 Missing (CPUOCT2021)

    Severity
    Serious3
    Qualys ID
    296066
    Date Published
    August 18, 2022
    Vendor Reference
    Solaris 11.4 SRU 40
    CVE Reference
    CVE-2022-21375, CVE-2019-13038, CVE-2021-42340, CVE-2021-25219, CVE-2021-29980, CVE-2021-29981, CVE-2021-29982, CVE-2021-29985, CVE-2021-29987, CVE-2021-29990, CVE-2021-29991, CVE-2021-32810, CVE-2021-38495, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38503, CVE-2021-38504, CVE-2021-38505, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2021-42771, CVE-2021-42096, CVE-2021-42097, CVE-2021-41617, CVE-2021-21703, CVE-2021-29981, CVE-2021-29982, CVE-2021-29987, CVE-2021-29991, CVE-2021-38502, CVE-2021-38503, CVE-2021-38504, CVE-2021-38505, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509, CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-16056, CVE-2018-16057, CVE-2018-16058
    CVSS Scores
    Base 10 / Temporal 8.7
    Description
    The target does not have Solaris 11.4 SRU 40.107.3 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 3: Published on 2021-12-10

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 40. Refer to Oracle Solaris 11.4 SRU 40.107.3 for more information.
    Patches
    CPUOCT2021
  • CVE-2013-4235
    QID: 672013
    Recently Published

    EulerOS Security Update for shadow-utils (EulerOS-SA-2022-2234)

    Severity
    Medium2
    Qualys ID
    672013
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2234
    CVE Reference
    CVE-2013-4235
    CVSS Scores
    Base 4.7 / Temporal 4.1
    Description
    EulerOS has released a security update(s) for shadow-utils to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2234 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP8 EulerOS-SA-2022-2234
  • CVE-2021-3696+
    QID: 672032
    Recently Published

    EulerOS Security Update for grub2 (EulerOS-SA-2022-2268)

    Severity
    Medium2
    Qualys ID
    672032
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2268
    CVE Reference
    CVE-2021-3696, CVE-2021-3695, CVE-2021-3981, CVE-2022-28734
    CVSS Scores
    Base 4.5 / Temporal 3.9
    Description
    EulerOS has released a security update(s) for grub2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2268 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2268
  • CVE-2019-2708
    QID: 672073
    Recently Published

    EulerOS Security Update for libdb (EulerOS-SA-2022-2274)

    Severity
    Medium2
    Qualys ID
    672073
    Date Published
    August 18, 2022
    Vendor Reference
    EulerOS-SA-2022-2274
    CVE Reference
    CVE-2019-2708
    CVSS Scores
    Base 3.3 / Temporal 2.9
    Description
    EulerOS has released a security update(s) for libdb to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to EulerOS security advisory EulerOS-SA-2022-2274 for updates and patch information.
    Patches
    EulerOS 2\\.0 SP5 EulerOS-SA-2022-2274
  • CVE-2020-10109
    QID: 752470
    Recently Published

    SUSE Enterprise Linux Security Update for python-Twisted (SUSE-SU-2022:2822-1)

    Severity
    Urgent5
    Qualys ID
    752470
    Date Published
    August 17, 2022
    Vendor Reference
    SUSE-SU-2022:2822-1
    CVE Reference
    CVE-2020-10109
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for python-twisted to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2822-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2822-1
  • CVE-2022-34169+
    QID: 752468
    Recently Published

    SUSE Enterprise Linux Security Update for java-1_8_0-openjdk (SUSE-SU-2022:2819-1)

    Severity
    Urgent5
    Qualys ID
    752468
    Date Published
    August 17, 2022
    Vendor Reference
    SUSE-SU-2022:2819-1
    CVE Reference
    CVE-2022-34169, CVE-2022-21541, CVE-2022-21540
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for java-1_8_0-openjdk to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2819-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2819-1
  • CVE-2022-32816+
    QID: 752475
    Recently Published

    SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:2826-1)

    Severity
    Critical4
    Qualys ID
    752475
    Date Published
    August 17, 2022
    Vendor Reference
    SUSE-SU-2022:2826-1
    CVE Reference
    CVE-2022-32816, CVE-2022-32792
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for webkit2gtk3 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2826-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2826-1
  • CVE-2022-32816+
    QID: 752473
    Recently Published

    SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:2820-1)

    Severity
    Critical4
    Qualys ID
    752473
    Date Published
    August 17, 2022
    Vendor Reference
    SUSE-SU-2022:2820-1
    CVE Reference
    CVE-2022-32816, CVE-2022-32792
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for webkit2gtk3 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP3
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2820-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2820-1
  • CVE-2022-32816+
    QID: 752472
    Recently Published

    SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:2821-1)

    Severity
    Critical4
    Qualys ID
    752472
    Date Published
    August 17, 2022
    Vendor Reference
    SUSE-SU-2022:2821-1
    CVE Reference
    CVE-2022-32816, CVE-2022-32792
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for webkit2gtk3 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2821-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2821-1
  • QID: 752471
    Recently Published

    SUSE Enterprise Linux Security Update for compat-openssl098 (SUSE-SU-2022:2824-1)

    Severity
    Critical4
    Qualys ID
    752471
    Date Published
    August 17, 2022
    Vendor Reference
    SUSE-SU-2022:2824-1
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for suse_enterprise_linux to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server for SAP Applications 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2824-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2824-1
  • CVE-2021-3979
    QID: 752467
    Recently Published

    SUSE Enterprise Linux Security Update for ceph (SUSE-SU-2022:2818-1)

    Severity
    Critical4
    Qualys ID
    752467
    Date Published
    August 17, 2022
    Vendor Reference
    SUSE-SU-2022:2818-1
    CVE Reference
    CVE-2021-3979
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for ceph to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2818-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2818-1
  • CVE-2022-2855+
    QID: 376828
    Recently Published

    Google Chrome Prior to 104.0.5112.101 Multiple Vulnerabilities

    Severity
    Critical4
    Qualys ID
    376828
    Date Published
    August 17, 2022
    Vendor Reference
    Google Chrome 104.0.5112.101
    CVE Reference
    CVE-2022-2855, CVE-2022-2857, CVE-2022-2852, CVE-2022-2856, CVE-2022-2859, CVE-2022-2858, CVE-2022-2861, CVE-2022-2853, CVE-2022-2854, CVE-2022-2860
    CVSS Scores
    Base 8.6 / Temporal 8
    Description
    Chrome has released security updates for Windows, Mac, and Linux to fix the vulnerabilities.


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Chrome security advisory 104.0.5112.101 for updates and patch information.
    Patches
    Google Chrome 104.0.5112.101
  • CVE-2022-32816+
    QID: 180943
    Recently Published

    Debian Security Update for wpewebkit (DSA 5211-1)

    Severity
    Critical4
    Qualys ID
    180943
    Date Published
    August 17, 2022
    Vendor Reference
    DSA 5211-1
    CVE Reference
    CVE-2022-32816, CVE-2022-32792
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for wpewebkit to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5211-1 for updates and patch information.
    Patches
    Debian DSA 5211-1
  • CVE-2022-24808+
    QID: 180942
    Recently Published

    Debian Security Update for net-snmp (DSA 5209-1)

    Severity
    Critical4
    Qualys ID
    180942
    Date Published
    August 17, 2022
    Vendor Reference
    DSA 5209-1
    CVE Reference
    CVE-2022-24808, CVE-2022-24805, CVE-2022-24806, CVE-2022-24809, CVE-2022-24810, CVE-2022-24807
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for net-snmp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5209-1 for updates and patch information.
    Patches
    Debian DSA 5209-1
  • CVE-2022-32816+
    QID: 180940
    Recently Published

    Debian Security Update for webkit2gtk (DSA 5210-1)

    Severity
    Critical4
    Qualys ID
    180940
    Date Published
    August 17, 2022
    Vendor Reference
    DSA 5210-1
    CVE Reference
    CVE-2022-32816, CVE-2022-32792
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for webkit2gtk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5210-1 for updates and patch information.
    Patches
    Debian DSA 5210-1
  • CVE-2022-36946+
    QID: 752474
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2827-1)

    Severity
    Critical4
    Qualys ID
    752474
    Date Published
    August 17, 2022
    Vendor Reference
    SUSE-SU-2022:2827-1
    CVE Reference
    CVE-2022-36946, CVE-2021-33655, CVE-2020-36557, CVE-2021-33656, CVE-2022-1462, CVE-2022-20166, CVE-2020-36558
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released a security update for kernel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2827-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2827-1
  • CVE-2022-32206+
    QID: 752476
    Recently Published

    SUSE Enterprise Linux Security Update for curl (SUSE-SU-2022:2813-1)

    Severity
    Critical4
    Qualys ID
    752476
    Date Published
    August 17, 2022
    Vendor Reference
    SUSE-SU-2022:2813-1
    CVE Reference
    CVE-2022-32206, CVE-2022-27781, CVE-2022-32208, CVE-2022-27782
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for curl to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2813-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2813-1
  • CVE-2022-29536
    QID: 180941
    Recently Published

    Debian Security Update for epiphany-browser (DSA 5208-1)

    Severity
    Critical4
    Qualys ID
    180941
    Date Published
    August 17, 2022
    Vendor Reference
    DSA 5208-1
    CVE Reference
    CVE-2022-29536
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for epiphany-browser to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5208-1 for updates and patch information.
    Patches
    Debian DSA 5208-1
  • CVE-2022-29154
    QID: 752469
    Recently Published

    SUSE Enterprise Linux Security Update for rsync (SUSE-SU-2022:2825-1)

    Severity
    Critical4
    Qualys ID
    752469
    Date Published
    August 17, 2022
    Vendor Reference
    SUSE-SU-2022:2825-1
    CVE Reference
    CVE-2022-29154
    CVSS Scores
    Base 7.4 / Temporal 6.4
    Description
    SUSE has released a security update for rsync to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2825-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2825-1
  • CVE-2022-30699+
    QID: 198902
    Recently Published

    Ubuntu Security Notification for Unbound Vulnerabilities (USN-5569-1)

    Severity
    Serious3
    Qualys ID
    198902
    Date Published
    August 17, 2022
    Vendor Reference
    USN-5569-1
    CVE Reference
    CVE-2022-30699, CVE-2022-30698
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Ubuntu has released a security update for unbound to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5569-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5569-1
  • CVE-2022-28614
    QID: 160046
    Recently Published

    Oracle Enterprise Linux Security Update for httpd (ELSA-2022-9714)

    Severity
    Serious3
    Qualys ID
    160046
    Date Published
    August 17, 2022
    Vendor Reference
    ELSA-2022-9714
    CVE Reference
    CVE-2022-28614
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    Oracle Enterprise Linux has released a security update for httpd to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9714
    Patches
    Oracle Linux ELSA-2022-9714
  • CVE-2022-2137+
    QID: 590986
    In Development

    Advantech iView Multiple Vulnerabilities (ICSA-22-179-03)

    Severity
    Urgent5
    Qualys ID
    590986
    Vendor Reference
    ICSA-22-179-03
    CVE Reference
    CVE-2022-2137, CVE-2022-2143, CVE-2022-2139, CVE-2022-2135, CVE-2022-2136, CVE-2022-2138, CVE-2022-2142
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Multiple vulerbilities: SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, Command Injection were discovered in Advantech IView

    AFFECTED PRODUCTS
    The following versions of Advantech iView management software are affected:
    Advantech iView: All versions prior to 5_7_04_6469

    QID Detection Logic (Authenticated)
    QID checks for the Vulnerable version using windows registry keys

    Consequence
    Successful exploitation of these vulnerabilities could allow an attacker to read or modify sensitive data, disclose information, or execute arbitrary code.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-22-179-03 for affected packages and patching details.

    Patches
    ICSA-22-179-03
  • CVE-2022-23990+
    QID: 87497
    Under Investigation

    IBM HTTP Server Multiple Expat Vulnerabilities

    Severity
    Critical4
    Qualys ID
    87497
    Vendor Reference
    IBM HTTP Server
    CVE Reference
    CVE-2022-23990, CVE-2022-23852
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    IBM HTTP Server powered by Apache is based on the Apache HTTP Server available for multiple platforms.

    CVE-2022-23990 - Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system..
    CVE-2022-23852 - Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system..

    7.0,8.0,8.5, and 9.0. Affected Versions:
    IBM HTTP Server V9.0.0.0 through 9.0.5.7
    IBM HTTP Server V8.5.0.0 through 8.5.5.19
    IBM HTTP Server V8.0.0.0 through 8.0.0.15
    IBM HTTP Server V7.0.0.0 through 7.0.0.45

    QID Detection Logic (Authenticated):
    Operating System: Linux
    The QID checks the vulnerable version IBM HTTP Server. "version.signature" is used to verify the version.

    Consequence
    Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
    Solution
    The vendor has released advisories and updates to fix these vulnerabilities. Refer to the following link for further details: 6557294
    Patches
    6557294
  • CVE-2017-12120
    QID: 590989
    In Development

    Moxa EDR-810 Web Server ping Command Injection Vulnerability (TALOS-2017-0472)

    Severity
    Critical4
    Qualys ID
    590989
    Vendor Reference
    TALOS-2017-0472
    CVE Reference
    CVE-2017-12120
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description

    AFFECTED PRODUCTS
    Moxa EDR-810 V4.1 build 17030317

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the /goform/net_WebPingGetValue URI to trigger this vulnerability.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section TALOS-2017-0472 for affected packages and patching details.

    Patches
    TALOS-2017-0472
  • CVE-2022-21439+
    QID: 296061
    Recently Published

    Oracle Solaris 11.4 Support Repository Update (SRU) 42.113.1 Missing (CPUJAN2022)

    Severity
    Serious3
    Qualys ID
    296061
    Date Published
    August 18, 2022
    Vendor Reference
    Solaris 11.4 SRU 42
    CVE Reference
    CVE-2022-21439, CVE-2022-21416, CVE-2022-21446, CVE-2021-42717, CVE-2021-44224, CVE-2021-44790, CVE-2021-44420, CVE-2021-39272, CVE-2021-38115, CVE-2021-40145, CVE-2021-40812, CVE-2019-14822, CVE-2021-39212, CVE-2022-21248, CVE-2022-21271, CVE-2022-21282, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21349, CVE-2022-21360, CVE-2022-21365, CVE-2022-21248, CVE-2022-21271, CVE-2022-21282, CVE-2022-21291, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21349, CVE-2022-21360, CVE-2022-21365, CVE-2020-15250, CVE-2021-27815, CVE-2021-43331, CVE-2021-43332, CVE-2021-22926, CVE-2021-35604, CVE-2021-35624, CVE-2021-3711, CVE-2021-43527, CVE-2021-3572, CVE-2016-2124, CVE-2020-17049, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-23192, CVE-2021-3738, CVE-2021-3770, CVE-2021-3778, CVE-2021-3796, CVE-2021-3872, CVE-2021-3875, CVE-2021-3903, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30858, CVE-2021-41133, CVE-2021-42762, CVE-2021-4008, CVE-2021-4009, CVE-2021-4010, CVE-2021-4011, CVE-2021-4034
    CVSS Scores
    Base 9.8 / Temporal 9.1
    Description
    The target does not have Solaris 11.4 SRU 42.113.1 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 3: Published on 2022-02-15

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 42. Refer to Oracle Solaris 11.4 SRU 42.113.1 for more information.
    Patches
    cpujan2022
  • CVE-2022-34655
    QID: 376776
    Recently Published

    F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Traffic Management Microkernel (TMM) vulnerability cve-2022-34655 (K93504311)

    Severity
    Critical4
    Qualys ID
    376776
    Date Published
    August 18, 2022
    Vendor Reference
    K93504311
    CVE Reference
    CVE-2022-34655
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    When an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate.CVE-2022-34655

    Vulnerable Component: BIG-IP ASM,LTM,APM

    Affected Versions:
    16.0.0 - 16.0.1
    15.1.0 - 15.1.6
    14.1.0 - 14.1.4

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system while a failover occurs or TMM restarts. There is no control plane exposure; this is a data plane issue only.

    Solution
    For more information about patch details please refer to K93504311
    Patches
    K93504311
  • CVE-2022-34851
    QID: 376794
    Recently Published

    F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Big-ip and Big-iq Icontrol Simple Object Access Protocol (SOAP) Vulnerability cve-2022-34851 (K50310001)

    Severity
    Critical4
    Qualys ID
    376794
    Date Published
    August 18, 2022
    Vendor Reference
    K50310001
    CVE Reference
    CVE-2022-34851
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    An authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests.CVE-2022-34851

    Vulnerable Component: BIG-IP ASM,LTM,APM

    Affected Versions:
    17.0.0
    16.1.0 - 16.1.3
    15.1.0 - 15.1.6
    14.1.0 - 14.1.5
    13.1.0 - 13.1.5

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    This vulnerability allows a remote authenticated attacker with at least guest role privileges to send undisclosed requests to iControl SOAP, causing it to become unavailable. There is no data plane exposure; this is a control plane issue only.

    Solution
    For more information about patch details please refer to K50310001
    Patches
    K50310001
  • CVE-2022-29901+
    QID: 376775
    Recently Published

    F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Retbleed cpu vulnerability cve-2022-29901 (K83713003)

    Severity
    Serious3
    Qualys ID
    376775
    Date Published
    August 18, 2022
    Vendor Reference
    K83713003
    CVE Reference
    CVE-2022-29901, CVE-2022-29900
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.K57185580: RetBleed CPU vulnerability CVE-2022-29900

    Vulnerable Component: BIG-IP ASM,LTM,APM

    Affected Versions:
    15.1.4 - 15.1.6
    14.1.4.1 - 14.1.5

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    A local authenticated attacker can exploit the Intel vulnerability to allow information disclosure. Only the VELOS BX110 platform is vulnerable.

    Solution
    For more information about patch details please refer to K83713003
    Patches
    K83713003
  • CVE-2021-33643
    QID: 902734
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libtar (10542)

    Severity
    Urgent5
    Qualys ID
    902734
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10542
    CVE Reference
    CVE-2021-33643
    CVSS Scores
    Base 9.1 / Temporal 8.3
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for libtar to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-33643
    QID: 902725
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libtar (10524)

    Severity
    Urgent5
    Qualys ID
    902725
    Date Published
    August 17, 2022
    Vendor Reference
    10524
    CVE Reference
    CVE-2021-33643
    CVSS Scores
    Base 9.1 / Temporal 8.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for libtar to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2016-3709+
    QID: 502486
    Recently Published

    Alpine Linux Security Update for libxml2

    Severity
    Critical4
    Qualys ID
    502486
    Date Published
    August 17, 2022
    Vendor Reference
    libxml2
    CVE Reference
    CVE-2016-3709, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.15
    Alpine Linux 3.16


    Affected Package versions prior to 2.9.11-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory libxml2 for updates and patch information.
    Patches
    Alpine Linux libxml2-2.9.11-r0
  • CVE-2021-33644
    QID: 902736
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libtar (10543)

    Severity
    Critical4
    Qualys ID
    902736
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10543
    CVE Reference
    CVE-2021-33644
    CVSS Scores
    Base 8.1 / Temporal 7.4
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for libtar to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-33644
    QID: 902716
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libtar (10525)

    Severity
    Critical4
    Qualys ID
    902716
    Date Published
    August 17, 2022
    Vendor Reference
    10525
    CVE Reference
    CVE-2021-33644
    CVSS Scores
    Base 8.1 / Temporal 7.4
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for libtar to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1158
    QID: 902743
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10540)

    Severity
    Critical4
    Qualys ID
    902743
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10540
    CVE Reference
    CVE-2022-1158
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30580
    QID: 902729
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10532)

    Severity
    Critical4
    Qualys ID
    902729
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10532
    CVE Reference
    CVE-2022-30580
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1158
    QID: 902726
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10522)

    Severity
    Critical4
    Qualys ID
    902726
    Date Published
    August 17, 2022
    Vendor Reference
    10522
    CVE Reference
    CVE-2022-1158
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30580
    QID: 902714
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10514)

    Severity
    Critical4
    Qualys ID
    902714
    Date Published
    August 17, 2022
    Vendor Reference
    10514
    CVE Reference
    CVE-2022-30580
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-2006+
    QID: 590987
    In Development

    AutomationDirect C-More EA9 HMI Multiple Vulnerabilities (ICSA-22-167-01)

    Severity
    Critical4
    Qualys ID
    590987
    Vendor Reference
    ICSA-22-167-01
    CVE Reference
    CVE-2022-2006, CVE-2022-2005
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    AFFECTED PRODUCTS
    The following versions of C-more EA9, an industrial touch screen HMI, are affected:
    C-more EA9-PGMSW all versions prior to 6.73.

    QID Detection Logic (Authenticated)
    QID checks for the Vulnerable version using windows registry keys.

    Consequence
    Successful exploitation of these vulnerabilities could cause a loss of sensitive information and the ability to run code execution with elevated privileges.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-22-167-01 for affected packages and patching details.

    Patches
    ICSA-22-167-01
  • CVE-2019-5084+
    QID: 376827
    In Development

    LeadTools Multiple Vulnerabilities

    Severity
    Critical4
    Qualys ID
    376827
    Vendor Reference
    CVE-2019-5084, CVE-2019-5099, CVE-2019-5125
    CVE Reference
    CVE-2019-5084, CVE-2019-5099, CVE-2019-5125
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Leadtools is a collection of comprehensive toolkits to integrate Recognition, Document, Medical, Imaging, and Multimedia technologies into desktop, server, tablet, and mobile applications.

    Leadtools is affected by remote code execution vulnerability.

    Affected Version:
    All the versions of Leadtools:20.0.2019.3.15 are affected
    QID Detection Logic:
    This QID checks for vulnerable versions of Leadtools.

    Consequence
    It highly impacts the confidentiality, availability and integrity.

    Solution
    Customers are advised to install the latest versions ofLEADTOOLS to remediate this vulnerability.
    Patches
    LeadTools
  • CVE-2022-30631
    QID: 902741
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10534)

    Severity
    Critical4
    Qualys ID
    902741
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10534
    CVE Reference
    CVE-2022-30631
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30632
    QID: 902740
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10535)

    Severity
    Critical4
    Qualys ID
    902740
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10535
    CVE Reference
    CVE-2022-30632
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-33646
    QID: 902739
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libtar (10545)

    Severity
    Critical4
    Qualys ID
    902739
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10545
    CVE Reference
    CVE-2021-33646
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for libtar to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-28131
    QID: 902738
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10531)

    Severity
    Critical4
    Qualys ID
    902738
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10531
    CVE Reference
    CVE-2022-28131
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30633
    QID: 902737
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10536)

    Severity
    Critical4
    Qualys ID
    902737
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10536
    CVE Reference
    CVE-2022-30633
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-33645
    QID: 902733
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libtar (10544)

    Severity
    Critical4
    Qualys ID
    902733
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10544
    CVE Reference
    CVE-2021-33645
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for libtar to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-32189
    QID: 902731
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10539)

    Severity
    Critical4
    Qualys ID
    902731
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10539
    CVE Reference
    CVE-2022-32189
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30630
    QID: 902728
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10533)

    Severity
    Critical4
    Qualys ID
    902728
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10533
    CVE Reference
    CVE-2022-30630
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30635
    QID: 902727
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10537)

    Severity
    Critical4
    Qualys ID
    902727
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10537
    CVE Reference
    CVE-2022-30635
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30635
    QID: 902724
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10519)

    Severity
    Critical4
    Qualys ID
    902724
    Date Published
    August 17, 2022
    Vendor Reference
    10519
    CVE Reference
    CVE-2022-30635
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30632
    QID: 902722
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10517)

    Severity
    Critical4
    Qualys ID
    902722
    Date Published
    August 17, 2022
    Vendor Reference
    10517
    CVE Reference
    CVE-2022-30632
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-28131
    QID: 902719
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10513)

    Severity
    Critical4
    Qualys ID
    902719
    Date Published
    August 17, 2022
    Vendor Reference
    10513
    CVE Reference
    CVE-2022-28131
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-33646
    QID: 902717
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libtar (10527)

    Severity
    Critical4
    Qualys ID
    902717
    Date Published
    August 17, 2022
    Vendor Reference
    10527
    CVE Reference
    CVE-2021-33646
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for libtar to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-33645
    QID: 902715
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libtar (10526)

    Severity
    Critical4
    Qualys ID
    902715
    Date Published
    August 17, 2022
    Vendor Reference
    10526
    CVE Reference
    CVE-2021-33645
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for libtar to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-32189
    QID: 902712
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10521)

    Severity
    Critical4
    Qualys ID
    902712
    Date Published
    August 17, 2022
    Vendor Reference
    10521
    CVE Reference
    CVE-2022-32189
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30630
    QID: 902711
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10515)

    Severity
    Critical4
    Qualys ID
    902711
    Date Published
    August 17, 2022
    Vendor Reference
    10515
    CVE Reference
    CVE-2022-30630
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30631
    QID: 902710
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10516)

    Severity
    Critical4
    Qualys ID
    902710
    Date Published
    August 17, 2022
    Vendor Reference
    10516
    CVE Reference
    CVE-2022-30631
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-30633
    QID: 902709
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10518)

    Severity
    Critical4
    Qualys ID
    902709
    Date Published
    August 17, 2022
    Vendor Reference
    10518
    CVE Reference
    CVE-2022-30633
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-20866
    QID: 317215
    In Development

    Cisco Adaptive Security Appliance (ASA) Software Rivest Shamir Adleman (RSA) Private Key Leak Vulnerability (cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz)

    Severity
    Critical4
    Qualys ID
    317215
    Vendor Reference
    cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
    CVE Reference
    CVE-2022-20866
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.

    Affected Products
    Cisco products if they were running a vulnerable release of Cisco ASA Software which perform hardware-based cryptographic functions

    QID Detection Logic (Authenticated):
    The check matches Cisco ASA OS version retrieved via Unix Auth using "version" command.

    Consequence
    A successful exploit could allow the attacker to retrieve the RSA private key.
    Solution

    Customers are advised to refer to cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz for more information.

    Patches
    cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
  • CVE-2022-1973
    QID: 902730
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10541)

    Severity
    Critical4
    Qualys ID
    902730
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10541
    CVE Reference
    CVE-2022-1973
    CVSS Scores
    Base 7.1 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1973
    QID: 902713
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10523)

    Severity
    Critical4
    Qualys ID
    902713
    Date Published
    August 17, 2022
    Vendor Reference
    10523
    CVE Reference
    CVE-2022-1973
    CVSS Scores
    Base 7.1 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-29611
    QID: 87499
    Recently Published

    SAP NetWeaver AS ABAP and ABAP Platform Privilege Escalation Vulnerability

    Severity
    Serious3
    Qualys ID
    87499
    Date Published
    August 17, 2022
    Vendor Reference
    SAP Advisory
    CVE Reference
    CVE-2022-29611
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description

    The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, 788 do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

    Affected Versions:
    SAP NetWeaver AS for ABAP, Versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, 788

    QID Detection Logic(s):
    Scan initiates HTTP request on Web Server and determines version based on the Server Header.

    Consequence
    Successful exploitation of this vulnerability may allow a low privileged attacker to escalate itself to high privileges.
    Solution
    Customers are advised to follow the SAP Security Advisory for remediation instructions.
    Patches
    SAP Advisory
  • CVE-2022-0656
    QID: 730597
    Recently Published

    WordPress uDraw Plugin File Read Vulnerability

    Severity
    Serious3
    Qualys ID
    730597
    Date Published
    August 17, 2022
    Vendor Reference
    CVE-2022-0656
    CVE Reference
    CVE-2022-0656
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc)

    Affected versions:
    uDraw versions prior to version 3.3.3

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable uDraw plugin by sending a crafted payload to the webserver.

    Consequence
    Successful exploitation of the vulnerability may allow an attacker to read sensitive files on the webserver.

    Solution
    The vulnerability has been fixed in version 3.3.3 but the plugin has been discontinued after that. For more information please refer to CVE-2022-0656

    Patches
    CVE-2022-0656
  • CVE-2022-24910
    QID: 590988
    In Development

    InHand Networks InRouter302 Vulnerability (TALOS-2022-1471)

    Severity
    Serious3
    Qualys ID
    590988
    Vendor Reference
    TALOS-2022-1471
    CVE Reference
    CVE-2022-24910
    CVSS Scores
    Base 6.7 / Temporal 5.8
    Description

    AFFECTED PRODUCTS
    InHand Networks InRouter302 V3.5.4

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of using passive scanning

    Consequence
    A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section TALOS-2022-1471 for affected packages and patching details.

    Patches
    TALOS-2022-1471
  • CVE-2022-1705
    QID: 902742
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10529)

    Severity
    Serious3
    Qualys ID
    902742
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10529
    CVE Reference
    CVE-2022-1705
    CVSS Scores
    Base 6.5 / Temporal 6
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-32148
    QID: 902732
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10538)

    Severity
    Serious3
    Qualys ID
    902732
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10538
    CVE Reference
    CVE-2022-32148
    CVSS Scores
    Base 6.5 / Temporal 6
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1705
    QID: 902723
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10511)

    Severity
    Serious3
    Qualys ID
    902723
    Date Published
    August 17, 2022
    Vendor Reference
    10511
    CVE Reference
    CVE-2022-1705
    CVSS Scores
    Base 6.5 / Temporal 6
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-32148
    QID: 902721
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10520)

    Severity
    Serious3
    Qualys ID
    902721
    Date Published
    August 17, 2022
    Vendor Reference
    10520
    CVE Reference
    CVE-2022-32148
    CVSS Scores
    Base 6.5 / Temporal 6
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-34716
    QID: 902718
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for powershell (10528)

    Severity
    Serious3
    Qualys ID
    902718
    Date Published
    August 17, 2022
    Vendor Reference
    10528
    CVE Reference
    CVE-2022-34716
    CVSS Scores
    Base 5.9 / Temporal 5.4
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for powershell to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1962
    QID: 902735
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10530)

    Severity
    Serious3
    Qualys ID
    902735
    Date Published
    August 17, 2022
    Vendor Reference
    Mariner_2.0_10530
    CVE Reference
    CVE-2022-1962
    CVSS Scores
    Base 5.5 / Temporal 5.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1962
    QID: 902720
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (10512)

    Severity
    Serious3
    Qualys ID
    902720
    Date Published
    August 17, 2022
    Vendor Reference
    10512
    CVE Reference
    CVE-2022-1962
    CVSS Scores
    Base 5.5 / Temporal 5.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-29610
    QID: 87502
    Recently Published

    SAP NetWeaver AS ABAP Cross-Site Scripting (XSS) Vulnerability

    Severity
    Serious3
    Qualys ID
    87502
    Date Published
    August 17, 2022
    Vendor Reference
    SAP Advisory
    CVE Reference
    CVE-2022-29610
    CVSS Scores
    Base 5.4 / Temporal 4.7
    Description

    The software logistics system of SAP NetWeaver AS ABAP versions - 753, 754, 755, 756 allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.

    Affected Versions:
    SAP NetWeaver AS for ABAP, Versions - 753, 754, 755, 756

    QID Detection Logic(s):
    Scan initiates HTTP request on Web Server and determines version based on the Server Header.

    Consequence
    Successful exploitation of this vulnerability may allow an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.
    Solution
    Customers are advised to follow the SAP Security Advisory for remediation instructions.
    Patches
    SAP Advisory
  • CVE-2022-0594
    QID: 730596
    Recently Published

    WordPress Shareaholic Plugin Information Disclosure Vulnerability

    Severity
    Serious3
    Qualys ID
    730596
    Date Published
    August 17, 2022
    Vendor Reference
    CVE-2022-0594
    CVE Reference
    CVE-2022-0594
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    The Professional Social Sharing Buttons, Icons and Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in versions prior to 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.

    Affected Versions:
    Shareaholic Plugin prior to version 9.7.6

    QID Detection Logic (Unauthenticated) :
    This QID checks for vulnerable Shareaholic plugin by sending a crafted payload to the webserver.

    Consequence
    Successful exploitation of the vulnerability may allow Information Disclosure.

    Solution
    The issue has been fixed in version 9.7.6. For more information please refer to CVE-2022-0594

    Patches
    CVE-2022-0594
  • CVE-2022-28215
    QID: 87501
    Recently Published

    SAP NetWeaver AS ABAP and ABAP Platform Information Disclosure Vulnerability

    Severity
    Serious3
    Qualys ID
    87501
    Date Published
    August 17, 2022
    Vendor Reference
    SAP Advisory
    CVE Reference
    CVE-2022-28215
    CVSS Scores
    Base 4.7 / Temporal 4.1
    Description

    The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 740, 750, 787 allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

    Affected Versions:
    SAP NetWeaver AS for ABAP, Versions - 740, 750, 787

    QID Detection Logic(s):
    Scan initiates HTTP request on Web Server and determines version based on the Server Header.

    Consequence
    Successful exploitation of this vulnerability may allow an unauthenticated attacker to disclose personal information.
    Solution
    Customers are advised to follow the SAP Security Advisory for remediation instructions.
    Patches
    SAP Advisory
  • CVE-2021-42067
    QID: 87500
    Recently Published

    SAP NetWeaver AS ABAP and ABAP Platform Improper Authorization Vulnerability

    Severity
    Serious3
    Qualys ID
    87500
    Date Published
    August 17, 2022
    Vendor Reference
    SAP Advisory
    CVE Reference
    CVE-2021-42067
    CVSS Scores
    Base 4.3 / Temporal 3.8
    Description

    The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786 allows an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see.

    Affected Versions:
    SAP NetWeaver AS for ABAP, Versions - 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786

    QID Detection Logic(s):
    Scan initiates HTTP request on Web Server and determines version based on the Server Header.

    Consequence
    Successful exploitation of this vulnerability may allow an authenticated attacker used services that not to be allowed to see as normally.
    Solution
    Customers are advised to connect with vendors for further patch details.
    Patches
    SAP Advisory
  • CVE-2022-1706+
    QID: 770161
    Recently Published

    Red Hat OpenShift Container Platform 4.1 Security Update (RHSA-2022:5068)

    Severity
    Urgent5
    Qualys ID
    770161
    Date Published
    August 17, 2022
    Vendor Reference
    RHSA-2022:5068
    CVE Reference
    CVE-2022-1706, CVE-2022-21698, CVE-2022-23772, CVE-2022-23773, CVE-2022-23806, CVE-2022-24675, CVE-2022-24921, CVE-2022-27191, CVE-2022-28327, CVE-2022-29162
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description

    Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.

    Security Fix(es):
    • ignition: configs are accessible from unprivileged containers in vms running on vmware products (cve-2022-1706)
    • prometheus/client_golang: denial of service using instrumenthandlercounter (cve-2022-21698)
    • golang: math/big: uncontrolled memory consumption due to an unhandled overflow via rat.
      Setstring (cve-2022-23772)
    • golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (cve-2022-23773)
    • golang: crypto/elliptic: isoncurve returns true for invalid field elements (cve-2022-23806)
    • golang: encoding/pem: fix stack overflow in decode (cve-2022-24675)
    • golang: regexp: stack exhaustion via a deeply nested expression (cve-2022-24921)
    • golang: crash in a golang.org/x/crypto/ssh server (cve-2022-27191)
    • golang: crypto/elliptic: panic caused by oversized scalar (cve-2022-28327)
    • runc: incorrect handling of inheritable capabilities (cve-2022-29162)

    Affected Products:

    • Red Hat openshift container platform 4.11 for rhel 8 x86_64
    • Red Hat openshift container platform for power 4.11 for rhel 8 ppc64le
    • Red Hat openshift container platform for ibm z and linuxone 4.11 for rhel 8 s390x
    • Red Hat openshift container platform for arm 64 4.11 aarch64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:5068 for updates and patch information.
    Patches
    Red Hat Enterprise Linux CoreOS RHSA-2022:5068
  • CVE-2022-20715
    QID: 317178
    Recently Published

    Cisco Adaptive Security Appliance Software (ASA) Remote Access SSL VPN Denial of Service (DoS) Vulnerability (cisco-sa-asa-dos-tL4uA4AA)

    Severity
    Serious3
    Qualys ID
    317178
    Date Published
    August 17, 2022
    Vendor Reference
    cisco-sa-asa-dos-tL4uA4AA
    CVE Reference
    CVE-2022-20715
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software
    could allow an unauthenticated,
    remote attacker to cause a denial of service (DoS) condition on an affected device.

    Affected Products
    Cisco products if they are running a vulnerable release of ASA Software
    and have a vulnerable AnyConnect or WebVPN configuration.
    Cisco

    QID Detection Logic (Authenticated):
    The check matches Cisco ASA OS version retrieved via Unix Auth using "version" command.

    Consequence
    A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition.
    Solution

    Customers are advised to refer to cisco-sa-asa-dos-tL4uA4AA for more information.

    Patches
    cisco-sa-asa-dos-tL4uA4AA
  • CVE-2022-1927+
    QID: 960163
    Recently Published

    Rocky Linux Security Update for vim (RLSA-2022:5813)

    Severity
    Urgent5
    Qualys ID
    960163
    Date Published
    August 16, 2022
    Vendor Reference
    RLSA-2022:5813
    CVE Reference
    CVE-2022-1927, CVE-2022-1785, CVE-2022-1897
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:5813 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:5813
  • CVE-2022-2477+
    QID: 502485
    Recently Published

    Alpine Linux Security Update for qt5-qtwebengine

    Severity
    Urgent5
    Qualys ID
    502485
    Date Published
    August 16, 2022
    Vendor Reference
    qt5-qtwebengine
    CVE Reference
    CVE-2022-2477, CVE-2022-2610, CVE-2022-27404, CVE-2022-27405, CVE-2022-27406
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Alpine Linux has released a security update for qt5-qtwebengine to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.16


    Affected Package versions prior to 5.15.3_git20220505-r3.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory qt5-qtwebengine for updates and patch information.
    Patches
    Alpine Linux qt5-qtwebengine-5.15.3_git20220505-r3
  • CVE-2022-21540+
    QID: 502484
    Recently Published

    Alpine Linux Security Update for openjdk13

    Severity
    Urgent5
    Qualys ID
    502484
    Date Published
    August 16, 2022
    Vendor Reference
    openjdk13
    CVE Reference
    CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-25647, CVE-2022-34169
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Alpine Linux has released a security update for openjdk13 to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.16


    Affected Package versions prior to 13.0.12_p4-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory openjdk13 for updates and patch information.
    Patches
    Alpine Linux openjdk13-13.0.12_p4-r0
  • CVE-2022-2296+
    QID: 752466
    Recently Published

    OpenSUSE Security Update for opera (openSUSE-SU-2022:10087-1)

    Severity
    Critical4
    Qualys ID
    752466
    Date Published
    August 16, 2022
    Vendor Reference
    openSUSE-SU-2022:10087-1
    CVE Reference
    CVE-2022-2296, CVE-2022-2163, CVE-2022-2480, CVE-2022-2477, CVE-2022-2295, CVE-2022-2478, CVE-2022-2479, CVE-2022-2481, CVE-2022-2294
    CVSS Scores
    Base 8.8 / Temporal 8.2
    Description
    OpenSUSE has released a security update for opera to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3:NonFree

    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:10087-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:10087-1
  • CVE-2022-2296+
    QID: 752465
    Recently Published

    OpenSUSE Security Update for opera (openSUSE-SU-2022:10088-1)

    Severity
    Critical4
    Qualys ID
    752465
    Date Published
    August 16, 2022
    Vendor Reference
    openSUSE-SU-2022:10088-1
    CVE Reference
    CVE-2022-2296, CVE-2022-2163, CVE-2022-2480, CVE-2022-2477, CVE-2022-2295, CVE-2022-2478, CVE-2022-2479, CVE-2022-2481, CVE-2022-2294
    CVSS Scores
    Base 8.8 / Temporal 8.2
    Description
    OpenSUSE has released a security update for opera to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.4:NonFree

    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:10088-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:10088-1
  • CVE-2022-32816+
    QID: 198901
    Recently Published

    Ubuntu Security Notification for WebKitGTK Vulnerabilities (USN-5568-1)

    Severity
    Critical4
    Qualys ID
    198901
    Date Published
    August 16, 2022
    Vendor Reference
    USN-5568-1
    CVE Reference
    CVE-2022-32816, CVE-2022-2294, CVE-2022-32792
    CVSS Scores
    Base 8.8 / Temporal 8.2
    Description
    Ubuntu has released a security update for webkitgtk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5568-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5568-1
  • QID: 690922
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for dendrite (d658042c-1c98-11ed-95f8-901b0e9408dc)

    Severity
    Critical4
    Qualys ID
    690922
    Date Published
    August 16, 2022
    Vendor Reference
    d658042c-1c98-11ed-95f8-901b0e9408dc
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    FreeBSD has released a security update for dendrite to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory d658042c-1c98-11ed-95f8-901b0e9408dc for updates and patch information.
    Patches
    "FreeBSD" d658042c-1c98-11ed-95f8-901b0e9408dc
  • CVE-2022-32816+
    QID: 283047
    Recently Published

    Fedora Security Update for webkit2gtk3 (FEDORA-2022-513f28a4be)

    Severity
    Critical4
    Qualys ID
    283047
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-513f28a4be
    CVE Reference
    CVE-2022-32816, CVE-2022-32792
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for webkit2gtk3 to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-513f28a4be
  • CVE-2022-1679+
    QID: 752463
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2809-1)

    Severity
    Critical4
    Qualys ID
    752463
    Date Published
    August 16, 2022
    Vendor Reference
    SUSE-SU-2022:2809-1
    CVE Reference
    CVE-2022-1679, CVE-2022-33741, CVE-2022-29900, CVE-2022-1116, CVE-2022-36946, CVE-2020-36558, CVE-2022-2318, CVE-2022-20132, CVE-2021-4157, CVE-2021-26341, CVE-2022-1462, CVE-2022-21505, CVE-2022-26365, CVE-2022-33742, CVE-2022-29901, CVE-2021-33656, CVE-2022-20141, CVE-2022-33740, CVE-2022-33981, CVE-2021-33655, CVE-2020-36557, CVE-2022-20154
    CVSS Scores
    Base 8 / Temporal 7
    Description
    SUSE has released a security update for kernel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2809-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2809-1
  • CVE-2022-32250
    QID: 960164
    Recently Published

    Rocky Linux Security Update for kernel (RLSA-2022:5819)

    Severity
    Critical4
    Qualys ID
    960164
    Date Published
    August 16, 2022
    Vendor Reference
    RLSA-2022:5819
    CVE Reference
    CVE-2022-32250
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:5819 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:5819
  • CVE-2022-32250
    QID: 960162
    Recently Published

    Rocky Linux Security Update for kernel-rt (RLSA-2022:5834)

    Severity
    Critical4
    Qualys ID
    960162
    Date Published
    August 16, 2022
    Vendor Reference
    RLSA-2022:5834
    CVE Reference
    CVE-2022-32250
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for kernel-rt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:5834 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:5834
  • CVE-2021-26341+
    QID: 752464
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2808-1)

    Severity
    Critical4
    Qualys ID
    752464
    Date Published
    August 16, 2022
    Vendor Reference
    SUSE-SU-2022:2808-1
    CVE Reference
    CVE-2021-26341, CVE-2021-33655, CVE-2021-33656, CVE-2022-1462
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released a security update for kernel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2808-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2808-1
  • CVE-2022-2585+
    QID: 180938
    Recently Published

    Debian Security Update for linux (DSA 5207-1)

    Severity
    Critical4
    Qualys ID
    180938
    Date Published
    August 16, 2022
    Vendor Reference
    DSA 5207-1
    CVE Reference
    CVE-2022-2585, CVE-2022-29900, CVE-2022-2588, CVE-2022-29901, CVE-2022-26373, CVE-2022-36946, CVE-2022-36879, CVE-2022-2586
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5207-1 for updates and patch information.
    Patches
    Debian DSA 5207-1
  • CVE-2022-29901+
    QID: 160045
    Recently Published

    Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9710)

    Severity
    Serious3
    Qualys ID
    160045
    Date Published
    August 16, 2022
    Vendor Reference
    ELSA-2022-9710
    CVE Reference
    CVE-2022-29901, CVE-2022-2588, CVE-2022-23816, CVE-2022-21505, CVE-2022-2153
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Oracle Enterprise Linux has released a security update for unbreakable enterprise kernel-container to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9710
    Patches
    Oracle Linux ELSA-2022-9710
  • CVE-2022-29901+
    QID: 160043
    Recently Published

    Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9709)

    Severity
    Serious3
    Qualys ID
    160043
    Date Published
    August 16, 2022
    Vendor Reference
    ELSA-2022-9709
    CVE Reference
    CVE-2022-29901, CVE-2022-2588, CVE-2022-23816, CVE-2022-21505, CVE-2022-2153
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Oracle Enterprise Linux has released a security update for unbreakable enterprise kernel to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9709
    Patches
    Oracle Linux ELSA-2022-9709
  • QID: 376825
    Recently Published

    Foxit PhantomPDF Prior to 7.3.11 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376825
    Date Published
    August 16, 2022
    Vendor Reference
    Foxit PhantomPDF 7.3.11
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Foxit PhantomPDF enables users to convert multiple file formats to PDF and vice versa.

    Foxit PhantomPDF is vulnerable to multiple vulnerabilities

    Affected Version:
    Foxit PhantomPDF versions 7.3.9.816 and earlier

    QID Detection logic:
    This QID checks for vulnerable file version of Foxit PhantomPDF Software

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or crash the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit PhantomPDF 7.3.11
    Patches
    Foxit PhantomPDF 7.3.11
  • QID: 376824
    Recently Published

    Foxit PhantomPDF Prior to 7.3.13 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376824
    Date Published
    August 16, 2022
    Vendor Reference
    Foxit PhantomPDF 7.3.13
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Foxit PhantomPDF enables users to convert multiple file formats to PDF and vice versa.

    Foxit PhantomPDF is vulnerable to multiple vulnerabilities

    Affected Version:
    Foxit PhantomPDF versions 7.3.11.1122 and earlier

    QID Detection logic:
    This QID checks for vulnerable file version of Foxit PhantomPDF Software

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or crash the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit PhantomPDF 7.3.13
    Patches
    Foxit PhantomPDF 7.3.13
  • QID: 376823
    Recently Published

    Foxit PhantomPDF Prior to 7.3.15 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376823
    Date Published
    August 16, 2022
    Vendor Reference
    Foxit PhantomPDF 7.3.15
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Foxit PhantomPDF enables users to convert multiple file formats to PDF and vice versa.

    Foxit PhantomPDF is vulnerable to multiple vulnerabilities

    Affected Version:
    Foxit PhantomPDF versions 7.3.13.421 and earlier

    QID Detection logic:
    This QID checks for vulnerable file version of Foxit PhantomPDF Software

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or crash the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit PhantomPDF 7.3.15
    Patches
    Foxit PhantomPDF 7.3.15
  • CVE-2022-34716
    QID: 160044
    Recently Published

    Oracle Enterprise Linux Security Update for .net core 3.1 (ELSA-2022-6057)

    Severity
    Serious3
    Qualys ID
    160044
    Date Published
    August 16, 2022
    Vendor Reference
    ELSA-2022-6057
    CVE Reference
    CVE-2022-34716
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Oracle Enterprise Linux has released a security update for .net core 3.1 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-6057
    Patches
    Oracle Linux ELSA-2022-6057
  • CVE-2022-34716
    QID: 160042
    Recently Published

    Oracle Enterprise Linux Security Update for .net 6.0 (ELSA-2022-6058)

    Severity
    Serious3
    Qualys ID
    160042
    Date Published
    August 16, 2022
    Vendor Reference
    ELSA-2022-6058
    CVE Reference
    CVE-2022-34716
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Oracle Enterprise Linux has released a security update for .net 6.0 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-6058
    Patches
    Oracle Linux ELSA-2022-6058
  • CVE-2022-21123+
    QID: 257189
    Recently Published

    CentOS Security Update for kernel (CESA-2022:5937)

    Severity
    Serious3
    Qualys ID
    257189
    Date Published
    August 16, 2022
    Vendor Reference
    CESA-2022:5937
    CVE Reference
    CVE-2022-21123, CVE-2022-21125, CVE-2022-21166
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CentOS has released a security update for kernel security update to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to CentOS security advisory CESA-2022:5937 for updates and patch information.
    Patches
    centos 7 CESA-2022:5937
  • CVE-2022-21505
    QID: 180939
    Recently Published

    Debian Security Update for linux (CVE-2022-21505)

    Severity
    Serious3
    Qualys ID
    180939
    Date Published
    August 16, 2022
    Vendor Reference
    CVE-2022-21505
    CVE Reference
    CVE-2022-21505
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    Debian has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory CVE-2022-21505 for updates and patch information.
    Patches
    Debian CVE-2022-21505
  • CVE-2022-22545
    QID: 87498
    In Development

    SAP NetWeaver AS ABAP and ABAP Platforms Information Disclosure Vulnerability

    Severity
    Serious3
    Qualys ID
    87498
    Vendor Reference
    SAP Advisory
    CVE Reference
    CVE-2022-22545
    CVSS Scores
    Base 4.9 / Temporal 4.3
    Description

    The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 allows a high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls.

    Affected Versions:
    SAP NetWeaver AS for ABAP, Versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756

    QID Detection Logic(s):
    Scan initiates HTTP request on Web Server and determines version based on the Server Header.

    Consequence
    Successful exploitation of this vulnerability may allows a high privileged user to read connection details.
    Solution
    Customers are advised to connect with vendor for patch details.
    Patches
    SAP Advisory
  • QID: 150535
    Under Investigation

    Content-Type application/octet-stream

    Severity
    Minimal1
    Qualys ID
    150535
    CVSS Scores
    Base / Temporal
    Description
    Results section lists application links highlighting content type as application/octet-stream during crawling and test phase.
    Consequence
    This might be serious vulnerability if the user is not aware as there might be sensitive content which can be downloaded and readable to any user on web.
    Solution
    For more information regarding content-type application/octet-stream HTTP header please refer. Application/Octet-stream
  • CVE-2021-38604+
    QID: 710605
    Recently Published

    Gentoo Linux GNU C Library Multiple Vulnerabilities (GLSA 202208-24)

    Severity
    Urgent5
    Qualys ID
    710605
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-24
    CVE Reference
    CVE-2021-38604, CVE-2022-23218, CVE-2022-23219, CVE-2021-35942, CVE-2021-3999, CVE-2021-3998
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo has released a security update for gnu c library to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-24 for updates and patch information.
    Patches
    Gentoo GLSA 202208-24
  • CVE-2021-3498+
    QID: 710603
    Recently Published

    Gentoo Linux GStreamer, GStreamer Plugins Multiple Vulnerabilities (GLSA 202208-31)

    Severity
    Urgent5
    Qualys ID
    710603
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-31
    CVE Reference
    CVE-2021-3498, CVE-2021-3522, CVE-2021-3185, CVE-2021-3497
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Gentoo has released a security update for gstreamer, gstreamer plugins to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-31 for updates and patch information.
    Patches
    Gentoo GLSA 202208-31
  • CVE-2022-1307+
    QID: 710602
    Recently Published

    Gentoo Linux Chromium, Google Chrome, Microsoft Edge, QtWebEngine Multiple Vulnerabilities (GLSA 202208-25)

    Severity
    Urgent5
    Qualys ID
    710602
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-25
    CVE Reference
    CVE-2022-1307, CVE-2022-26909, CVE-2022-1306, CVE-2022-1869, CVE-2022-1132, CVE-2022-1483, CVE-2022-1309, CVE-2022-1136, CVE-2022-1871, CVE-2022-0971, CVE-2022-1129, CVE-2022-0808, CVE-2022-1139, CVE-2022-1313, CVE-2022-26912, CVE-2022-2162, CVE-2022-0803, CVE-2022-1125, CVE-2022-1855, CVE-2021-4079, CVE-2022-26891, CVE-2022-0807, CVE-2022-1487, CVE-2022-0794, CVE-2022-1127, CVE-2021-4054, CVE-2022-0806, CVE-2022-0789, CVE-2022-0975, CVE-2022-1860, CVE-2022-0979, CVE-2022-1636, CVE-2022-1142, CVE-2022-1143, CVE-2022-1141, CVE-2021-4056, CVE-2022-0801, CVE-2022-29146, CVE-2022-2011, CVE-2021-4059, CVE-2022-1875, CVE-2022-1497, CVE-2022-2158, CVE-2022-2156, CVE-2022-0790, CVE-2021-4066, CVE-2022-1874, CVE-2022-1873, CVE-2022-2160, CVE-2022-1868, CVE-2022-2157, CVE-2022-1495, CVE-2021-4078, CVE-2022-1857, CVE-2021-4063, CVE-2022-0799, CVE-2022-1477, CVE-2022-1096, CVE-2021-4067, CVE-2022-0797, CVE-2022-0977, CVE-2022-1484, CVE-2022-2163, CVE-2022-26908, CVE-2022-33639, CVE-2022-1481, CVE-2022-0791, CVE-2022-26900, CVE-2021-4053, CVE-2022-0800, CVE-2022-1138, CVE-2022-1311, CVE-2022-30192, CVE-2022-0980, CVE-2022-1854, CVE-2022-2165, CVE-2022-0978, CVE-2022-2010, CVE-2022-1130, CVE-2022-1314, CVE-2022-1867, CVE-2022-1128, CVE-2022-1866, CVE-2021-4057, CVE-2022-0802, CVE-2022-1870, CVE-2022-0796, CVE-2022-1310, CVE-2021-4055, CVE-2021-4065, CVE-2022-29144, CVE-2022-1478, CVE-2022-1305, CVE-2022-1859, CVE-2022-0972, CVE-2022-22021, CVE-2021-4058, CVE-2022-1486, CVE-2022-1482, CVE-2022-1864, CVE-2022-1480, CVE-2022-1634, CVE-2022-0793, CVE-2022-1635, CVE-2022-1865, CVE-2022-1485, CVE-2022-0974, CVE-2021-4061, CVE-2022-0805, CVE-2022-1308, CVE-2022-2007, CVE-2022-1133, CVE-2021-4068, CVE-2022-0798, CVE-2022-1232, CVE-2022-1637, CVE-2021-4062, CVE-2022-1490, CVE-2022-1499, CVE-2022-1862, CVE-2021-4064, CVE-2022-1640, CVE-2022-1872, CVE-2022-1146, CVE-2022-30128, CVE-2022-1364, CVE-2022-0795, CVE-2022-1491, CVE-2022-1496, CVE-2022-1493, CVE-2022-1479, CVE-2022-1137, CVE-2022-1498, CVE-2022-1135, CVE-2022-1312, CVE-2022-30127, CVE-2022-0804, CVE-2022-1144, CVE-2022-1858, CVE-2022-1863, CVE-2022-24523, CVE-2022-26895, CVE-2022-1639, CVE-2022-1856, CVE-2022-1641, CVE-2022-1488, CVE-2022-1492, CVE-2022-1500, CVE-2021-4052, CVE-2022-1134, CVE-2022-1633, CVE-2022-1861, CVE-2022-0792, CVE-2022-1501, CVE-2021-30551, CVE-2022-33638, CVE-2022-26894, CVE-2022-1853, CVE-2022-2161, CVE-2022-0809, CVE-2022-29147, CVE-2022-1489, CVE-2022-1145, CVE-2022-2164, CVE-2022-26905, CVE-2022-0976, CVE-2022-1131, CVE-2022-1494, CVE-2022-24475, CVE-2022-1876, CVE-2022-0973
    CVSS Scores
    Base 9.6 / Temporal 8.9
    Description
    Gentoo has released a security update for chromium, google chrome, microsoft edge, qtwebengine to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-25 for updates and patch information.
    Patches
    Gentoo GLSA 202208-25
  • CVE-2022-26280+
    QID: 710601
    Recently Published

    Gentoo Linux libarchive Multiple Vulnerabilities (GLSA 202208-26)

    Severity
    Urgent5
    Qualys ID
    710601
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-26
    CVE Reference
    CVE-2022-26280, CVE-2022-28066, CVE-2021-31566, CVE-2021-36976
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    Gentoo has released a security update for libarchive to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-26 for updates and patch information.
    Patches
    Gentoo GLSA 202208-26
  • CVE-2020-15863+
    QID: 710604
    Recently Published

    Gentoo Linux QEMU Multiple Vulnerabilities (GLSA 202208-27)

    Severity
    Critical4
    Qualys ID
    710604
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-27
    CVE Reference
    CVE-2020-15863, CVE-2021-4145, CVE-2020-35517, CVE-2021-4206, CVE-2021-3545, CVE-2021-3409, CVE-2021-3607, CVE-2021-3416, CVE-2021-3582, CVE-2021-4158, CVE-2021-3947, CVE-2021-3544, CVE-2020-35505, CVE-2021-20203, CVE-2021-3608, CVE-2021-4207, CVE-2021-3527, CVE-2021-3929, CVE-2020-16092, CVE-2021-20263, CVE-2021-3713, CVE-2022-26354, CVE-2021-3930, CVE-2021-3546, CVE-2020-35506, CVE-2020-35504, CVE-2021-20257, CVE-2021-3611, CVE-2022-26353, CVE-2020-15859, CVE-2022-0358, CVE-2021-3750, CVE-2021-3748, CVE-2021-3682
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Gentoo has released a security update for qemu to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-27 for updates and patch information.
    Patches
    Gentoo GLSA 202208-27
  • CVE-2021-28710+
    QID: 710600
    Recently Published

    Gentoo Linux Xen Multiple Vulnerabilities (GLSA 202208-23)

    Severity
    Critical4
    Qualys ID
    710600
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-23
    CVE Reference
    CVE-2021-28710, CVE-2021-28697, CVE-2021-28696, CVE-2021-28695, CVE-2022-26362, CVE-2021-28700, CVE-2022-23034, CVE-2021-28702, CVE-2021-28694, CVE-2021-28701, CVE-2021-28699, CVE-2022-26364, CVE-2022-23035, CVE-2022-21166, CVE-2022-21123, CVE-2021-28698, CVE-2022-21125, CVE-2022-26363, CVE-2022-23033
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Gentoo has released a security update for xen to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-23 for updates and patch information.
    Patches
    Gentoo GLSA 202208-23
  • CVE-2022-0028
    QID: 730595
    Recently Published

    Palo Alto Networks (PAN-OS) Reflected Amplification Denial of Service (DoS) Vulnerability (PAN-192999)

    Severity
    Critical4
    Qualys ID
    730595
    Date Published
    August 16, 2022
    Vendor Reference
    PAN-192999
    CVE Reference
    CVE-2022-0028
    CVSS Scores
    Base 8.6 / Temporal 8
    Description
    PAN OS is the software that runs all Palo Alto Networks next-generation firewalls.

    A URL filtering policy misconfiguration vulnerability exists in Palo Alto Networks PAN-OS, this could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

    Affected Versions:
    PAN-OS 10.2 versions earlier than PAN-OS 10.2.2-h2
    PAN-OS 10.1 versions earlier than PAN-OS 10.1.6-h6
    PAN-OS 10.0 versions earlier than PAN-OS 10.0.11-h1
    PAN-OS 9.1 versions earlier than PAN-OS 9.1.14-h4
    PAN-OS 9.0 versions earlier than PAN-OS 9.0.16-h3
    PAN-OS 8.1 versions earlier than PAN-OS 8.1.23-h1

    QID Detection Logic (Authenticated):

    This QID looks for the vulnerable version of PAN-OS

    Consequence
    If this vulnerability is exploited, the resulting Denial-of-Service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack.
    Solution
    Customer are advised to refer to PAN-192999 for more information about this vulnerability.

    Patches
    PAN-192999
  • CVE-2022-2625
    QID: 502483
    Recently Published

    Alpine Linux Security Update for postgresql12

    Severity
    Critical4
    Qualys ID
    502483
    Date Published
    August 16, 2022
    Vendor Reference
    postgresql12
    CVE Reference
    CVE-2022-2625
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Alpine Linux has released a security update for postgresql12 to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.16


    Affected Package versions prior to 12.12-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory postgresql12 for updates and patch information.
    Patches
    Alpine Linux postgresql12-12.12-r0
  • CVE-2022-2625
    QID: 502481
    Recently Published

    Alpine Linux Security Update for postgresql14

    Severity
    Critical4
    Qualys ID
    502481
    Date Published
    August 16, 2022
    Vendor Reference
    postgresql14
    CVE Reference
    CVE-2022-2625
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Alpine Linux has released a security update for postgresql14 to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.16


    Affected Package versions prior to 14.5-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory postgresql14 for updates and patch information.
    Patches
    Alpine Linux postgresql14-14.5-r0
  • CVE-2022-2625
    QID: 502480
    Recently Published

    Alpine Linux Security Update for postgresql13

    Severity
    Critical4
    Qualys ID
    502480
    Date Published
    August 16, 2022
    Vendor Reference
    postgresql13
    CVE Reference
    CVE-2022-2625
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Alpine Linux has released a security update for postgresql13 to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.16


    Affected Package versions prior to 13.8-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory postgresql13 for updates and patch information.
    Patches
    Alpine Linux postgresql13-13.8-r0
  • CVE-2022-2625
    QID: 502479
    Recently Published

    Alpine Linux Security Update for postgresql

    Severity
    Critical4
    Qualys ID
    502479
    Date Published
    August 16, 2022
    Vendor Reference
    postgresql
    CVE Reference
    CVE-2022-2625
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Alpine Linux has released a security update for postgresql to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.13
    Alpine Linux 3.14


    Affected Package versions prior to 13.8-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory postgresql for updates and patch information.
    Patches
    Alpine Linux postgresql-13.8-r0
  • CVE-2022-29181+
    QID: 710597
    Recently Published

    Gentoo Linux Nokogiri Multiple Vulnerabilities (GLSA 202208-29)

    Severity
    Critical4
    Qualys ID
    710597
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-29
    CVE Reference
    CVE-2022-29181, CVE-2022-24836, CVE-2020-26247
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description
    Gentoo has released a security update for nokogiri to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-29 for updates and patch information.
    Patches
    Gentoo GLSA 202208-29
  • CVE-2021-20284+
    QID: 710599
    Recently Published

    Gentoo Linux GNU Binutils Multiple Vulnerabilities (GLSA 202208-30)

    Severity
    Critical4
    Qualys ID
    710599
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-30
    CVE Reference
    CVE-2021-20284, CVE-2021-3487, CVE-2021-45078, CVE-2021-3549, CVE-2021-3530, CVE-2021-20197, CVE-2021-20294
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Gentoo has released a security update for gnu binutils to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-30 for updates and patch information.
    Patches
    Gentoo GLSA 202208-30
  • CVE-2021-29509+
    QID: 710598
    Recently Published

    Gentoo Linux Puma Multiple Vulnerabilities (GLSA 202208-28)

    Severity
    Critical4
    Qualys ID
    710598
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-28
    CVE Reference
    CVE-2021-29509, CVE-2021-41136, CVE-2022-23634, CVE-2022-24790
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Gentoo has released a security update for puma to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-28 for updates and patch information.
    Patches
    Gentoo GLSA 202208-28
  • CVE-2022-34170+
    QID: 502482
    Recently Published

    Alpine Linux Security Update for jenkins

    Severity
    Critical4
    Qualys ID
    502482
    Date Published
    August 16, 2022
    Vendor Reference
    jenkins
    CVE Reference
    CVE-2022-34170, CVE-2022-34171, CVE-2022-34172, CVE-2022-34173, CVE-2022-34174
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Alpine Linux has released a security update for jenkins to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.16


    Affected Package versions prior to 2.346.2-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory jenkins for updates and patch information.
    Patches
    Alpine Linux jenkins-2.346.2-r0
  • CVE-2022-35922
    QID: 283046
    Recently Published

    Fedora Security Update for rust (FEDORA-2022-dfa24fa7d4)

    Severity
    Critical4
    Qualys ID
    283046
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-dfa24fa7d4
    CVE Reference
    CVE-2022-35922
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for rust to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-dfa24fa7d4
  • CVE-2022-35922
    QID: 283045
    Recently Published

    Fedora Security Update for rust (FEDORA-2022-163bcf190f)

    Severity
    Critical4
    Qualys ID
    283045
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-163bcf190f
    CVE Reference
    CVE-2022-35922
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for rust to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-163bcf190f
  • CVE-2022-21698+
    QID: 240614
    Recently Published

    Red Hat Update for OpenStack Platform 16.2 (RHSA-2022:6061)

    Severity
    Critical4
    Qualys ID
    240614
    Date Published
    August 16, 2022
    Vendor Reference
    RHSA-2022:6061
    CVE Reference
    CVE-2022-21698, CVE-2022-30631
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    the etcd packages provide a highly available key-value store for shared configuration.

    Security Fix(es):
    • golang: compress/gzip: stack exhaustion in reader.
      Read (cve-2022-30631)
    • prometheus/client_golang: denial of service using instrumenthandlercounter (cve-2022-21698)

    Affected Products:

    • Red Hat openstack 16.2 x86_64
    • Red Hat openstack for ibm power 16.2 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:6061 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:6061
  • CVE-2022-30631
    QID: 240613
    Recently Published

    Red Hat Update for OpenStack Platform 16.1 (RHSA-2022:6065)

    Severity
    Critical4
    Qualys ID
    240613
    Date Published
    August 16, 2022
    Vendor Reference
    RHSA-2022:6065
    CVE Reference
    CVE-2022-30631
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    collectd plugin for gathering resource usage statistics from containers created with the libpod library.

    Security Fix(es):
    • golang: compress/gzip: stack exhaustion in reader.
      Read (cve-2022-30631)

    Affected Products:

    • Red Hat openstack 16.1 x86_64
    • Red Hat openstack for ibm power 16.1 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:6065 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:6065
  • CVE-2022-21698+
    QID: 240610
    Recently Published

    Red Hat Update for OpenStack Platform 16.1 (RHSA-2022:6066)

    Severity
    Critical4
    Qualys ID
    240610
    Date Published
    August 16, 2022
    Vendor Reference
    RHSA-2022:6066
    CVE Reference
    CVE-2022-21698, CVE-2022-30631
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    the etcd packages provide a highly available key-value store for shared configuration.

    Security Fix(es):
    • golang: compress/gzip: stack exhaustion in reader.
      Read (cve-2022-30631)
    • prometheus/client_golang: denial of service using instrumenthandlercounter (cve-2022-21698)

    Affected Products:

    • Red Hat openstack 16.1 x86_64
    • Red Hat openstack for ibm power 16.1 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:6066 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:6066
  • CVE-2022-30631
    QID: 240609
    Recently Published

    Red Hat Update for OpenStack Platform 16.2 (RHSA-2022:6062)

    Severity
    Critical4
    Qualys ID
    240609
    Date Published
    August 16, 2022
    Vendor Reference
    RHSA-2022:6062
    CVE Reference
    CVE-2022-30631
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    collectd plugin for gathering resource usage statistics from containers created with the libpod library.

    Security Fix(es):
    • golang: compress/gzip: stack exhaustion in reader.
      Read (cve-2022-30631)

    Affected Products:

    • Red Hat openstack 16.2 x86_64
    • Red Hat openstack for ibm power 16.2 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:6062 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:6062
  • CVE-2022-34305
    QID: 690921
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for tomcat (e2e7faf9-1b51-11ed-ae46-002b67dfc673)

    Severity
    Serious3
    Qualys ID
    690921
    Date Published
    August 16, 2022
    Vendor Reference
    e2e7faf9-1b51-11ed-ae46-002b67dfc673
    CVE Reference
    CVE-2022-34305
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    FreeBSD has released a security update for tomcat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory e2e7faf9-1b51-11ed-ae46-002b67dfc673 for updates and patch information.
    Patches
    "FreeBSD" e2e7faf9-1b51-11ed-ae46-002b67dfc673
  • CVE-2022-34716
    QID: 240612
    Recently Published

    Red Hat Update for .net 6.0 security (RHSA-2022:6058)

    Severity
    Serious3
    Qualys ID
    240612
    Date Published
    August 16, 2022
    Vendor Reference
    RHSA-2022:6058
    CVE Reference
    CVE-2022-34716
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description

    .net is a managed-software framework.
    It implements a subset of the .net framework apis and several new apis, and it includes a clr implementation.

    Security Fix(es):
    • dotnet: external entity injection during xml signature verification (cve-2022-34716)

    Affected Products:

    • Red Hat enterprise linux for x86_64 8 x86_64
    • Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64
    • Red Hat enterprise linux server - aus 8.6 x86_64
    • Red Hat enterprise linux for ibm z systems 8 s390x
    • Red Hat enterprise linux for ibm z systems - extended update support 8.6 s390x
    • Red Hat enterprise linux server - tus 8.6 x86_64
    • Red Hat enterprise linux for arm 64 8 aarch64
    • Red Hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64
    • Red Hat codeready linux builder for x86_64 8 x86_64
    • Red Hat codeready linux builder for arm 64 8 aarch64
    • Red Hat codeready linux builder for ibm z systems 8 s390x
    • Red Hat enterprise linux for arm 64 - extended update support 8.6 aarch64
    • Red Hat codeready linux builder for x86_64 - extended update support 8.6 x86_64
    • Red Hat codeready linux builder for ibm z systems - extended update support 8.6 s390x
    • Red Hat codeready linux builder for arm 64 - extended update support 8.6 aarch64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:6058 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:6058
  • CVE-2022-34716
    QID: 240611
    Recently Published

    Red Hat Update for .net core 3.1 security (RHSA-2022:6057)

    Severity
    Serious3
    Qualys ID
    240611
    Date Published
    August 16, 2022
    Vendor Reference
    RHSA-2022:6057
    CVE Reference
    CVE-2022-34716
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description

    .net is a managed-software framework.
    It implements a subset of the .net framework apis and several new apis, and it includes a clr implementation.

    Security Fix(es):
    • dotnet: external entity injection during xml signature verification (cve-2022-34716)

    Affected Products:

    • Red Hat enterprise linux for x86_64 8 x86_64
    • Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64
    • Red Hat enterprise linux server - aus 8.6 x86_64
    • Red Hat enterprise linux server - tus 8.6 x86_64
    • Red Hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64
    • Red Hat codeready linux builder for x86_64 8 x86_64
    • Red Hat codeready linux builder for x86_64 - extended update support 8.6 x86_64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:6057 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:6057
  • CVE-2022-30556+
    QID: 710595
    Recently Published

    Gentoo Linux Apache HTTPD Multiple Vulnerabilities (GLSA 202208-20)

    Severity
    Urgent5
    Qualys ID
    710595
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-20
    CVE Reference
    CVE-2022-30556, CVE-2021-44224, CVE-2022-22721, CVE-2021-33193, CVE-2022-28614, CVE-2022-29404, CVE-2021-42013, CVE-2021-41524, CVE-2022-23943, CVE-2022-31813, CVE-2021-36160, CVE-2022-30522, CVE-2021-34798, CVE-2021-41773, CVE-2022-22719, CVE-2021-39275, CVE-2021-40438, CVE-2022-28615, CVE-2022-22720, CVE-2021-44790, CVE-2022-26377
    CVSS Scores
    Base 9.8 / Temporal 9.1
    Description
    Gentoo has released a security update for apache httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-20 for updates and patch information.
    Patches
    Gentoo GLSA 202208-20
  • CVE-2022-32213
    QID: 902701
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (10154-1)

    Severity
    Urgent5
    Qualys ID
    902701
    Date Published
    August 16, 2022
    Vendor Reference
    10154-1
    CVE Reference
    CVE-2022-32213
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for nodejs to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10154-1
  • CVE-2022-32215
    QID: 902688
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (10156-1)

    Severity
    Urgent5
    Qualys ID
    902688
    Date Published
    August 16, 2022
    Vendor Reference
    10156-1
    CVE Reference
    CVE-2022-32215
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for nodejs to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10156-1
  • CVE-2022-32214
    QID: 902684
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (10155-1)

    Severity
    Urgent5
    Qualys ID
    902684
    Date Published
    August 16, 2022
    Vendor Reference
    10155-1
    CVE Reference
    CVE-2022-32214
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for nodejs to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10155-1
  • QID: 283044
    Recently Published

    Fedora Security Update for thunderbird (FEDORA-2022-354e8e835e)

    Severity
    Critical4
    Qualys ID
    283044
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-354e8e835e
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for thunderbird to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-354e8e835e
  • QID: 283039
    Recently Published

    Fedora Security Update for freeciv (FEDORA-2022-1c6cf0103e)

    Severity
    Critical4
    Qualys ID
    283039
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-1c6cf0103e
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for freeciv to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-1c6cf0103e
  • CVE-2022-2588+
    QID: 283035
    Recently Published

    Fedora Security Update for kernel (FEDORA-2022-484e226872)

    Severity
    Critical4
    Qualys ID
    283035
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-484e226872
    CVE Reference
    CVE-2022-2588, CVE-2022-2585, CVE-2022-2586
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for kernel to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-484e226872
  • CVE-2022-2588+
    QID: 283034
    Recently Published

    Fedora Security Update for kernel (FEDORA-2022-9bbb1d9b7b)

    Severity
    Critical4
    Qualys ID
    283034
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-9bbb1d9b7b
    CVE Reference
    CVE-2022-2588, CVE-2022-2585, CVE-2022-2586
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for kernel to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-9bbb1d9b7b
  • CVE-2022-32212
    QID: 902706
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (10152-1)

    Severity
    Critical4
    Qualys ID
    902706
    Date Published
    August 16, 2022
    Vendor Reference
    10152-1
    CVE Reference
    CVE-2022-32212
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for nodejs to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10152-1
  • CVE-2022-2343
    QID: 902708
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10136-1)

    Severity
    Critical4
    Qualys ID
    902708
    Date Published
    August 16, 2022
    Vendor Reference
    10136-1
    CVE Reference
    CVE-2022-2343
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10136-1
  • CVE-2022-32981
    QID: 902702
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9945-1)

    Severity
    Critical4
    Qualys ID
    902702
    Date Published
    August 16, 2022
    Vendor Reference
    9945-1
    CVE Reference
    CVE-2022-32981
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 9945-1
  • CVE-2021-33656
    QID: 902699
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10370-1)

    Severity
    Critical4
    Qualys ID
    902699
    Date Published
    August 16, 2022
    Vendor Reference
    10370-1
    CVE Reference
    CVE-2021-33656
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10370-1
  • CVE-2021-20194
    QID: 902698
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3908-1)

    Severity
    Critical4
    Qualys ID
    902698
    Date Published
    August 16, 2022
    Vendor Reference
    3908-1
    CVE Reference
    CVE-2021-20194
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 3908-1
  • CVE-2022-2285
    QID: 902694
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10035-1)

    Severity
    Critical4
    Qualys ID
    902694
    Date Published
    August 16, 2022
    Vendor Reference
    10035-1
    CVE Reference
    CVE-2022-2285
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10035-1
  • CVE-2022-2304
    QID: 902693
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10053-1)

    Severity
    Critical4
    Qualys ID
    902693
    Date Published
    August 16, 2022
    Vendor Reference
    10053-1
    CVE Reference
    CVE-2022-2304
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10053-1
  • CVE-2022-2288
    QID: 902691
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10051-1)

    Severity
    Critical4
    Qualys ID
    902691
    Date Published
    August 16, 2022
    Vendor Reference
    10051-1
    CVE Reference
    CVE-2022-2288
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10051-1
  • CVE-2022-1652
    QID: 902689
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9869-1)

    Severity
    Critical4
    Qualys ID
    902689
    Date Published
    August 16, 2022
    Vendor Reference
    9869-1
    CVE Reference
    CVE-2022-1652
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 9869-1
  • CVE-2022-2264
    QID: 902687
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10000-1)

    Severity
    Critical4
    Qualys ID
    902687
    Date Published
    August 16, 2022
    Vendor Reference
    10000-1
    CVE Reference
    CVE-2022-2264
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10000-1
  • CVE-2022-1786
    QID: 902686
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9886-1)

    Severity
    Critical4
    Qualys ID
    902686
    Date Published
    August 16, 2022
    Vendor Reference
    9886-1
    CVE Reference
    CVE-2022-1786
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 9886-1
  • CVE-2022-2257
    QID: 902683
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10033-1)

    Severity
    Critical4
    Qualys ID
    902683
    Date Published
    August 16, 2022
    Vendor Reference
    10033-1
    CVE Reference
    CVE-2022-2257
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10033-1
  • CVE-2022-2286
    QID: 902682
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10036-1)

    Severity
    Critical4
    Qualys ID
    902682
    Date Published
    August 16, 2022
    Vendor Reference
    10036-1
    CVE Reference
    CVE-2022-2286
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10036-1
  • CVE-2022-2289
    QID: 902681
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10052-1)

    Severity
    Critical4
    Qualys ID
    902681
    Date Published
    August 16, 2022
    Vendor Reference
    10052-1
    CVE Reference
    CVE-2022-2289
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10052-1
  • CVE-2022-2344
    QID: 902679
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10124-1)

    Severity
    Critical4
    Qualys ID
    902679
    Date Published
    August 16, 2022
    Vendor Reference
    10124-1
    CVE Reference
    CVE-2022-2344
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10124-1
  • CVE-2022-34918
    QID: 902678
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10078-1)

    Severity
    Critical4
    Qualys ID
    902678
    Date Published
    August 16, 2022
    Vendor Reference
    10078-1
    CVE Reference
    CVE-2022-34918
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10078-1
  • CVE-2022-2345
    QID: 902675
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10125-1)

    Severity
    Critical4
    Qualys ID
    902675
    Date Published
    August 16, 2022
    Vendor Reference
    10125-1
    CVE Reference
    CVE-2022-2345
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10125-1
  • CVE-2022-2284
    QID: 902674
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10034-1)

    Severity
    Critical4
    Qualys ID
    902674
    Date Published
    August 16, 2022
    Vendor Reference
    10034-1
    CVE Reference
    CVE-2022-2284
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10034-1
  • CVE-2021-44537
    QID: 283041
    Recently Published

    Fedora Security Update for owncloud (FEDORA-2022-d6faaa50eb)

    Severity
    Critical4
    Qualys ID
    283041
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-d6faaa50eb
    CVE Reference
    CVE-2021-44537
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for owncloud to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-d6faaa50eb
  • CVE-2021-46829
    QID: 283040
    Recently Published

    Fedora Security Update for mingw (FEDORA-2022-7254ec5e96)

    Severity
    Critical4
    Qualys ID
    283040
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-7254ec5e96
    CVE Reference
    CVE-2021-46829
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for mingw to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-7254ec5e96
  • CVE-2022-2509
    QID: 283043
    Recently Published

    Fedora Security Update for gnutls (FEDORA-2022-5470992bfc)

    Severity
    Critical4
    Qualys ID
    283043
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-5470992bfc
    CVE Reference
    CVE-2022-2509
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for gnutls to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-5470992bfc
  • CVE-2018-25032
    QID: 283036
    Recently Published

    Fedora Security Update for zlib (FEDORA-2022-3a92250fd5)

    Severity
    Critical4
    Qualys ID
    283036
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-3a92250fd5
    CVE Reference
    CVE-2018-25032
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for zlib to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-3a92250fd5
  • CVE-2022-32742+
    QID: 283042
    Recently Published

    Fedora Security Update for libldb (FEDORA-2022-1479911a38)

    Severity
    Critical4
    Qualys ID
    283042
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-1479911a38
    CVE Reference
    CVE-2022-32742, CVE-2022-32744, CVE-2020-17049, CVE-2022-32746, CVE-2022-32745
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    Fedora has released a security update for libldb to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-1479911a38
  • CVE-2022-2287
    QID: 902703
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10037-1)

    Severity
    Critical4
    Qualys ID
    902703
    Date Published
    August 16, 2022
    Vendor Reference
    10037-1
    CVE Reference
    CVE-2022-2287
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10037-1
  • CVE-2021-32078
    QID: 902697
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (4372-1)

    Severity
    Critical4
    Qualys ID
    902697
    Date Published
    August 16, 2022
    Vendor Reference
    4372-1
    CVE Reference
    CVE-2021-32078
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 4372-1
  • CVE-2021-3677
    QID: 902692
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for postgresql (8884-1)

    Severity
    Serious3
    Qualys ID
    902692
    Date Published
    August 16, 2022
    Vendor Reference
    8884-1
    CVE Reference
    CVE-2021-3677
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for postgresql to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 8884-1
  • CVE-2022-2056
    QID: 902685
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libtiff (10025-1)

    Severity
    Serious3
    Qualys ID
    902685
    Date Published
    August 16, 2022
    Vendor Reference
    10025-1
    CVE Reference
    CVE-2022-2056
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libtiff to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10025-1
  • CVE-2021-3733
    QID: 902673
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (9820-1)

    Severity
    Serious3
    Qualys ID
    902673
    Date Published
    August 16, 2022
    Vendor Reference
    9820-1
    CVE Reference
    CVE-2021-3733
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for python2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 9820-1
  • CVE-2021-3405
    QID: 710596
    Recently Published

    Gentoo Linux libebml Heap buffer overflow Vulnerability (GLSA 202208-21)

    Severity
    Serious3
    Qualys ID
    710596
    Date Published
    August 16, 2022
    Vendor Reference
    GLSA 202208-21
    CVE Reference
    CVE-2021-3405
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Gentoo has released a security update for libebml to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202208-21 for updates and patch information.
    Patches
    Gentoo GLSA 202208-21
  • CVE-2021-37159
    QID: 902700
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (4639-1)

    Severity
    Serious3
    Qualys ID
    902700
    Date Published
    August 16, 2022
    Vendor Reference
    4639-1
    CVE Reference
    CVE-2021-37159
    CVSS Scores
    Base 6.4 / Temporal 5.6
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 4639-1
  • CVE-2022-32209
    QID: 283038
    Recently Published

    Fedora Security Update for rubygem (FEDORA-2022-974fffb418)

    Severity
    Serious3
    Qualys ID
    283038
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-974fffb418
    CVE Reference
    CVE-2022-32209
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    Fedora has released a security update for rubygem to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-974fffb418
  • CVE-2022-32209
    QID: 283037
    Recently Published

    Fedora Security Update for rubygem (FEDORA-2022-ce4719993c)

    Severity
    Serious3
    Qualys ID
    283037
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-ce4719993c
    CVE Reference
    CVE-2022-32209
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    Fedora has released a security update for rubygem to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-ce4719993c
  • CVE-2022-2318
    QID: 902705
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10119-1)

    Severity
    Serious3
    Qualys ID
    902705
    Date Published
    August 16, 2022
    Vendor Reference
    10119-1
    CVE Reference
    CVE-2022-2318
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10119-1
  • CVE-2022-2078
    QID: 902696
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10024-1)

    Severity
    Serious3
    Qualys ID
    902696
    Date Published
    August 16, 2022
    Vendor Reference
    10024-1
    CVE Reference
    CVE-2022-2078
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10024-1
  • CVE-2022-34495
    QID: 902695
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9996-1)

    Severity
    Serious3
    Qualys ID
    902695
    Date Published
    August 16, 2022
    Vendor Reference
    9996-1
    CVE Reference
    CVE-2022-34495
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 9996-1
  • CVE-2022-0854
    QID: 902690
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9139-1)

    Severity
    Serious3
    Qualys ID
    902690
    Date Published
    August 16, 2022
    Vendor Reference
    9139-1
    CVE Reference
    CVE-2022-0854
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 9139-1
  • CVE-2022-1852
    QID: 902680
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10023-1)

    Severity
    Serious3
    Qualys ID
    902680
    Date Published
    August 16, 2022
    Vendor Reference
    10023-1
    CVE Reference
    CVE-2022-1852
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 10023-1
  • CVE-2022-34494
    QID: 902676
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9995-1)

    Severity
    Serious3
    Qualys ID
    902676
    Date Published
    August 16, 2022
    Vendor Reference
    9995-1
    CVE Reference
    CVE-2022-34494
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 9995-1
  • CVE-2020-28493
    QID: 902677
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for python-jinja2 (9857-1)

    Severity
    Serious3
    Qualys ID
    902677
    Date Published
    August 16, 2022
    Vendor Reference
    9857-1
    CVE Reference
    CVE-2020-28493
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for python-jinja2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 9857-1
  • CVE-2022-33981
    QID: 902707
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9955-1)

    Severity
    Medium2
    Qualys ID
    902707
    Date Published
    August 16, 2022
    Vendor Reference
    9955-1
    CVE Reference
    CVE-2022-33981
    CVSS Scores
    Base 3.3 / Temporal 2.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 9955-1
  • CVE-2022-32296
    QID: 902704
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9896-1)

    Severity
    Medium2
    Qualys ID
    902704
    Date Published
    August 16, 2022
    Vendor Reference
    9896-1
    CVE Reference
    CVE-2022-32296
    CVSS Scores
    Base 3.3 / Temporal 2.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 9896-1
  • CVE-2022-26373+
    QID: 752461
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2803-1)

    Severity
    Critical4
    Qualys ID
    752461
    Date Published
    August 16, 2022
    Vendor Reference
    SUSE-SU-2022:2803-1
    CVE Reference
    CVE-2022-26373, CVE-2022-29581, CVE-2021-33655, CVE-2022-21505, CVE-2022-2585
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released a security update for kernel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2803-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2803-1
  • CVE-2020-24330
    QID: 752459
    Recently Published

    SUSE Enterprise Linux Security Update for trousers (SUSE-SU-2022:2798-1)

    Severity
    Critical4
    Qualys ID
    752459
    Date Published
    August 16, 2022
    Vendor Reference
    SUSE-SU-2022:2798-1
    CVE Reference
    CVE-2020-24330
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released a security update for trousers to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2798-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2798-1
  • CVE-2021-44537
    QID: 283033
    Recently Published

    Fedora Security Update for owncloud (FEDORA-2022-8d623b4c3f)

    Severity
    Critical4
    Qualys ID
    283033
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-8d623b4c3f
    CVE Reference
    CVE-2021-44537
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for owncloud to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-8d623b4c3f
  • CVE-2022-28129+
    QID: 180937
    Recently Published

    Debian Security Update for trafficserver (DSA 5206-1)

    Severity
    Critical4
    Qualys ID
    180937
    Date Published
    August 16, 2022
    Vendor Reference
    DSA 5206-1
    CVE Reference
    CVE-2022-28129, CVE-2022-31779, CVE-2022-25763, CVE-2022-31780, CVE-2022-31778, CVE-2021-37150
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for trafficserver to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5206-1 for updates and patch information.
    Patches
    Debian DSA 5206-1
  • CVE-2022-29869
    QID: 752462
    Recently Published

    SUSE Enterprise Linux Security Update for cifs-utils (SUSE-SU-2022:2801-1)

    Severity
    Serious3
    Qualys ID
    752462
    Date Published
    August 16, 2022
    Vendor Reference
    SUSE-SU-2022:2801-1
    CVE Reference
    CVE-2022-29869
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    SUSE has released a security update for cifs-utils to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2801-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2801-1
  • CVE-2022-29869
    QID: 752460
    Recently Published

    SUSE Enterprise Linux Security Update for cifs-utils (SUSE-SU-2022:2802-1)

    Severity
    Serious3
    Qualys ID
    752460
    Date Published
    August 16, 2022
    Vendor Reference
    SUSE-SU-2022:2802-1
    CVE Reference
    CVE-2022-29869
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    SUSE has released a security update for cifs-utils to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:2802-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:2802-1
  • CVE-2022-37434
    QID: 902672
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (10470)

    Severity
    Urgent5
    Qualys ID
    902672
    Date Published
    August 16, 2022
    Vendor Reference
    Mariner_2.0_10470
    CVE Reference
    CVE-2022-37434
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for zlib to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-37434
    QID: 902669
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (10473)

    Severity
    Urgent5
    Qualys ID
    902669
    Date Published
    August 16, 2022
    Vendor Reference
    10473
    CVE Reference
    CVE-2022-37434
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for zlib to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1012
    QID: 902671
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10468)

    Severity
    Urgent5
    Qualys ID
    902671
    Date Published
    August 16, 2022
    Vendor Reference
    Mariner_2.0_10468
    CVE Reference
    CVE-2022-1012
    CVSS Scores
    Base 9.1 / Temporal 8.3
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1012
    QID: 902670
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10472)

    Severity
    Urgent5
    Qualys ID
    902670
    Date Published
    August 16, 2022
    Vendor Reference
    10472
    CVE Reference
    CVE-2022-1012
    CVSS Scores
    Base 9.1 / Temporal 8.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-0670
    QID: 502478
    Recently Published

    Alpine Linux Security Update for ceph

    Severity
    Urgent5
    Qualys ID
    502478
    Date Published
    August 16, 2022
    Vendor Reference
    ceph
    CVE Reference
    CVE-2022-0670
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    Alpine Linux has released a security update for ceph to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.13


    Affected Package versions prior to 15.2.17-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory ceph for updates and patch information.
    Patches
    Alpine Linux ceph-15.2.17-r0
  • CVE-2022-23825+
    QID: 283032
    Recently Published

    Fedora Security Update for xen (FEDORA-2022-a0d7a5eaf2)

    Severity
    Critical4
    Qualys ID
    283032
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-a0d7a5eaf2
    CVE Reference
    CVE-2022-23825, CVE-2022-23816, CVE-2022-33745, CVE-2022-29900
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Fedora has released a security update for xen to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could be used this vulnerability to change partial contents or configuration on the system and information disclosure.Denial of service may appear in some cases too.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-a0d7a5eaf2
  • QID: 690920
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for xfce tumbler (75c073cc-1a1d-11ed-bea0-48ee0c739857)

    Severity
    Critical4
    Qualys ID
    690920
    Date Published
    August 16, 2022
    Vendor Reference
    75c073cc-1a1d-11ed-bea0-48ee0c739857
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    FreeBSD has released a security update for xfce tumbler to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory 75c073cc-1a1d-11ed-bea0-48ee0c739857 for updates and patch information.
    Patches
    "FreeBSD" 75c073cc-1a1d-11ed-bea0-48ee0c739857
  • QID: 283030
    Recently Published

    Fedora Security Update for wpebackend (FEDORA-2022-f98ab9f311)

    Severity
    Critical4
    Qualys ID
    283030
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-f98ab9f311
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for wpebackend to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-f98ab9f311
  • CVE-2022-21233
    QID: 283028
    Recently Published

    Fedora Security Update for microcode_ctl (FEDORA-2022-d4e9b48c48)

    Severity
    Critical4
    Qualys ID
    283028
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-d4e9b48c48
    CVE Reference
    CVE-2022-21233
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for microcode_ctl to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-d4e9b48c48
  • CVE-2022-2625
    QID: 180935
    Recently Published

    Debian Security Update for postgresql-11 (DLA 3072-1)

    Severity
    Critical4
    Qualys ID
    180935
    Date Published
    August 16, 2022
    Vendor Reference
    DLA 3072-1
    CVE Reference
    CVE-2022-2625
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for postgresql-11 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3072-1 for updates and patch information.
    Patches
    Debian DLA 3072-1
  • CVE-2022-2031+
    QID: 180933
    Recently Published

    Debian Security Update for samba (DSA 5205-1)

    Severity
    Critical4
    Qualys ID
    180933
    Date Published
    August 16, 2022
    Vendor Reference
    DSA 5205-1
    CVE Reference
    CVE-2022-2031, CVE-2022-32742, CVE-2022-32746, CVE-2022-32744, CVE-2022-32745
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for samba to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5205-1 for updates and patch information.
    Patches
    Debian DSA 5205-1
  • CVE-2022-28702+
    QID: 590985
    In Development

    ABB e-Design Multiple Vulnerabilities (ICSA-22-179-01)

    Severity
    Critical4
    Qualys ID
    590985
    Vendor Reference
    ICSA-22-179-01
    CVE Reference
    CVE-2022-28702, CVE-2022-29483
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    AFFECTED PRODUCTS
    The following versions of e-Design engineering software are affected:
    e-Design: All versions prior to 1.12.2.0006

    QID Detection Logic (Authenticated)
    QID checks for the Vulnerable version using windows registry keys

    Consequence
    Exploitation of these vulnerabilities could allow privilege escalation or a denial-of service condition.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-22-179-01 for affected packages and patching details.

    Patches
    ICSA-22-179-01
  • CVE-2022-32189
    QID: 283031
    Recently Published

    Fedora Security Update for golang (FEDORA-2022-1f829990f0)

    Severity
    Critical4
    Qualys ID
    283031
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-1f829990f0
    CVE Reference
    CVE-2022-32189
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for golang to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-1f829990f0
  • CVE-2022-2509+
    QID: 180936
    Recently Published

    Debian Security Update for gnutls28 (DLA 3070-1)

    Severity
    Critical4
    Qualys ID
    180936
    Date Published
    August 16, 2022
    Vendor Reference
    DLA 3070-1
    CVE Reference
    CVE-2022-2509, CVE-2021-4209
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for gnutls28 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3070-1 for updates and patch information.
    Patches
    Debian DLA 3070-1
  • CVE-2021-46828
    QID: 180934
    Recently Published

    Debian Security Update for libtirpc (DLA 3071-1)

    Severity
    Critical4
    Qualys ID
    180934
    Date Published
    August 16, 2022
    Vendor Reference
    DLA 3071-1
    CVE Reference
    CVE-2021-46828
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for libtirpc to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3071-1 for updates and patch information.
    Patches
    Debian DLA 3071-1
  • CVE-2022-30699+
    QID: 283029
    Recently Published

    Fedora Security Update for unbound (FEDORA-2022-f89beb0640)

    Severity
    Serious3
    Qualys ID
    283029
    Date Published
    August 16, 2022
    Vendor Reference
    FEDORA-2022-f89beb0640
    CVE Reference
    CVE-2022-30699, CVE-2022-30698
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Fedora has released a security update for unbound to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-f89beb0640
  • CVE-2022-2553
    QID: 198900
    Recently Published

    Ubuntu Security Notification for Booth Vulnerability (USN-5556-1)

    Severity
    Serious3
    Qualys ID
    198900
    Date Published
    August 16, 2022
    Vendor Reference
    USN-5556-1
    CVE Reference
    CVE-2022-2553
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Ubuntu has released a security update for booth to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5556-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5556-1
  • CVE-2022-21125+
    QID: 160041
    Recently Published

    Oracle Enterprise Linux Security Update for kernel (ELSA-2022-5937)

    Severity
    Serious3
    Qualys ID
    160041
    Date Published
    August 16, 2022
    Vendor Reference
    ELSA-2022-5937
    CVE Reference
    CVE-2022-21125, CVE-2022-21123, CVE-2022-21166
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    Oracle Enterprise Linux has released a security update for kernel security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-5937
    Patches
    Oracle Linux ELSA-2022-5937
  • QID: 376820
    Recently Published

    Foxit Reader and Foxit PhantomPDF Prior to 8.2 Multiple Security Vulnerabilities

    Severity
    Critical4
    Qualys ID
    376820
    Date Published
    August 16, 2022
    Vendor Reference
    Foxit Reader 8.2 and Foxit PhantomPDF 8.2
    CVSS Scores
    Base 8.4 / Temporal 7.3
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 8.1.4.1208 and earlier
    Foxit PhantomPDF version 8.1.1.1115 and earlier
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to either execute arbitrary code or information disclosure of the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader 8.2 and Foxit PhantomPDF 8.2
    Patches
    Foxit Reader 8.2 and Foxit PhantomPDF 8.2
  • CVE-2022-29030+
    QID: 590983
    Recently Published

    Siemens JT2GO Multiple Vulnerabilities (ICSA-22-132-09)

    Severity
    Critical4
    Qualys ID
    590983
    Date Published
    August 16, 2022
    Vendor Reference
    ICSA-22-132-09
    CVE Reference
    CVE-2022-29030, CVE-2022-29029, CVE-2022-29033, CVE-2022-29032, CVE-2022-29028, CVE-2022-29031
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    AFFECTED PRODUCTS
    The following Siemens products are affected:
    JT2GO: All versions prior to v13.3.0.3
    Teamcenter Visualization v13.3: All versions prior to v13.3.0.3
    Teamcenter Visualization v14.0: All versions prior to v14.0.0.1

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of Siemens using registry "HKLM\SOFTWARE\Siemens"

    Consequence
    Successful exploitation of these vulnerabilities could allow an attacker to trick a user to open a malicious file (crafted as CGM, TIFF or TG4) with any of the affected products, which could lead the application to crash or to arbitrary code execution.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-22-132-09 for affected packages and patching details.

    Patches
    ICSA-22-132-09
  • CVE-2022-35737
    QID: 902668
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for sqlite (10467)

    Severity
    Critical4
    Qualys ID
    902668
    Date Published
    August 16, 2022
    Vendor Reference
    Mariner_2.0_10467
    CVE Reference
    CVE-2022-35737
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for sqlite to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-35737
    QID: 902667
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for sqlite (10466)

    Severity
    Critical4
    Qualys ID
    902667
    Date Published
    August 16, 2022
    Vendor Reference
    10466
    CVE Reference
    CVE-2022-35737
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for sqlite to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • QID: 376821
    Recently Published

    Foxit Reader and Foxit PhantomPDF Prior to 8.2.1 Multiple Security Vulnerabilities

    Severity
    Critical4
    Qualys ID
    376821
    Date Published
    August 16, 2022
    Vendor Reference
    Foxit Reader 8.2.1 and Foxit PhantomPDF 8.2.1
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 8.2.0.2051 and earlier
    Foxit PhantomPDF version 8.2.0.2192 and earlier
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to either execute arbitrary code or crash the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader 8.2.1 and Foxit PhantomPDF 8.2.1
    Patches
    Foxit Reader 8.2.1 and Foxit PhantomPDF 8.2.1
  • CVE-2019-0117+
    QID: 390265
    Recently Published

    Oracle Managed Virtualization (VM) Server for x86 Security Update for microcode_ctl (OVMSA-2022-0020)

    Severity
    Serious3
    Qualys ID
    390265
    Date Published
    August 16, 2022
    Vendor Reference
    OVMSA-2022-0020
    CVE Reference
    CVE-2019-0117, CVE-2019-11135, CVE-2019-11139, CVE-2020-0548, CVE-2020-8698, CVE-2017-5715, CVE-2020-0549, CVE-2020-8695, CVE-2020-8694, CVE-2020-8696, CVE-2020-0543
    CVSS Scores
    Base 6.5 / Temporal 5.9
    Description
    Oracle VM Server for x86 has released a security update for microcode_ctl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Oracle VM Server security advisory OVMSA-2022-0020 for updates and patch information.
    Patches
    Oracle VM Server OVMSA-2022-0020
  • QID: 376822
    Recently Published

    Foxit Reader and Foxit PhantomPDF Prior to 8.3 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376822
    Date Published
    August 16, 2022
    Vendor Reference
    Foxit Reader 8.3 and Foxit PhantomPDF 8.3
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 8.2.1.6871 and earlier
    Foxit PhantomPDF version 8.2.1.6871 and earlier
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to either execute arbitrary code or crash the target system.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader 8.3 and Foxit PhantomPDF 8.3
    Patches
    Foxit Reader 8.3 and Foxit PhantomPDF 8.3
  • QID: 376819
    Recently Published

    Foxit Reader and Foxit PhantomPDF Prior to 8.1.1 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376819
    Date Published
    August 16, 2022
    Vendor Reference
    Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Foxit Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files.
    Foxit PhantomPDF Suite is a business ready PDF toolkit, used to create professional PDF documents.

    Affected versions:
    Foxit Reader version 8.1.0.1013 and earlier
    Foxit PhantomPDF version 8.1.0.1013 and earlier
    QID detection logic:(Authenticated)
    This QID checks Windows Registry to get Foxit Reader and Foxit PhantomPDF installation path and then reads corresponding executable((FoxitReader.exe/FoxitPhantomPDF.exe)) to see if it's running a vulnerable version.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to either execute arbitrary code or steal sensitive information.
    Solution
    The vendor has issued a fix. For more information please visit Security updates available in Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1
    Patches
    Foxit Reader 8.1.1 and Foxit PhantomPDF 8.1.1
  • QID: 376818
    Recently Published

    Foxit Reader and Foxit PhantomPDF Prior to 8.1 Multiple Security Vulnerabilities

    Severity
    Serious3
    Qualys ID
    376818
    Date Published
    August 16, 2022