Vulnerability Detection Pipeline

Upcoming and New QIDs

Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for all severities.

Detection Status

  • Under investigation: We are researching a detection and will publish one if it is feasible.
  • In development: We are coding a detection and will typically publish it within a few days.
  • Recently published: We have published the detection on the date indicated, and it will typically be available in the KnowledgeBase on shared platforms within a day.

Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.

463 results
CVE
Title
Severity
  • CVE-2021-28877+
    In Development

    Rocky Linux Security Update for rust-toolset:rhel8 (RLSA-2021:3063)

    Severity
    Urgent5
    Qualys ID
    960098
    Vendor Reference
    RLSA-2021:3063
    CVE Reference
    CVE-2021-28877, CVE-2021-28879, CVE-2021-28878, CVE-2020-36323, CVE-2021-31162, CVE-2021-28876, CVE-2021-28875
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for rust-toolset:rhel8 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3063 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3063
  • CVE-2021-20317+
    In Development

    Rocky Linux Security Update for kernel (RLSA-2021:4647)

    Severity
    Urgent5
    Qualys ID
    960094
    Vendor Reference
    RLSA-2021:4647
    CVE Reference
    CVE-2021-20317, CVE-2021-43267
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4647 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4647
  • CVE-2021-3520
    In Development

    Rocky Linux Security Update for lz4 (RLSA-2021:2575)

    Severity
    Urgent5
    Qualys ID
    960088
    Vendor Reference
    RLSA-2021:2575
    CVE Reference
    CVE-2021-3520
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for lz4 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2575 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2575
  • CVE-2021-34552
    In Development

    Rocky Linux Security Update for python-pillow (RLSA-2021:4149)

    Severity
    Urgent5
    Qualys ID
    960087
    Vendor Reference
    RLSA-2021:4149
    CVE Reference
    CVE-2021-34552
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for python-pillow to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4149 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4149
  • CVE-2020-14343
    In Development

    Rocky Linux Security Update for python38:3.8 and python38-devel:3.8 (RLSA-2021:2583)

    Severity
    Urgent5
    Qualys ID
    960084
    Vendor Reference
    RLSA-2021:2583
    CVE Reference
    CVE-2020-14343
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for python38:3.8 and python38-devel:3.8 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2583 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2583
  • CVE-2021-38498+
    In Development

    Rocky Linux Security Update for firefox (RLSA-2021:3755)

    Severity
    Urgent5
    Qualys ID
    960080
    Vendor Reference
    RLSA-2021:3755
    CVE Reference
    CVE-2021-38498, CVE-2021-38496, CVE-2021-38500, CVE-2021-32810, CVE-2021-38501, CVE-2021-38497
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for firefox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3755 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3755
  • CVE-2018-25011+
    In Development

    Rocky Linux Security Update for libwebp (RLSA-2021:2354)

    Severity
    Urgent5
    Qualys ID
    960059
    Vendor Reference
    RLSA-2021:2354
    CVE Reference
    CVE-2018-25011, CVE-2020-36328, CVE-2020-36329
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for libwebp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2354 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2354
  • CVE-2021-23343+
    In Development

    Rocky Linux Security Update for nodejs:14 (RLSA-2021:3666)

    Severity
    Urgent5
    Qualys ID
    960050
    Vendor Reference
    RLSA-2021:3666
    CVE Reference
    CVE-2021-23343, CVE-2021-22931
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for nodejs:14 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3666 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3666
  • CVE-2021-44224+
    In Development

    Amazon Linux Security Advisory for httpd24 : ALAS-2022-1560

    Severity
    Urgent5
    Qualys ID
    353114
    Vendor Reference
    ALAS-2022-1560
    CVE Reference
    CVE-2021-44224, CVE-2021-44790
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    There's a null pointer dereference and server-side request forgery flaw in httpd's mod_proxy module, when it is configured to be used as a forward proxy.
    A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially ssrf via misdirected unix domain socket requests.
    In the worst case, this could cause a denial of service or compromise to confidentiality of data. (
    ( CVE-2021-44224) a buffer overflow flaw in httpd's lua module could allow an out-of-bounds write.
    An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability. (
    ( CVE-2021-44790)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS-2022-1560 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux ALAS-2022-1560
  • CVE-2021-4104+
    In Development

    Amazon Linux Security Advisory for log4j : ALAS-2022-1562

    Severity
    Urgent5
    Qualys ID
    353112
    Vendor Reference
    ALAS-2022-1562
    CVE Reference
    CVE-2021-4104, CVE-2019-17571, CVE-2017-5645
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via tcp or udp.
    An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (
    ( CVE-2017-5645) a flaw was discovered in log4j, where a vulnerable socketserver class may lead to the deserialization of untrusted data.
    This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget. (
    ( CVE-2019-17571) a flaw was found in the java logging library apache log4j in version 1.x.
    Jmsappender in log4j 1.x is vulnerable to deserialization of untrusted data.
    This allows a remote attacker to execute code on the server if the deployed application is configured to use jmsappender and to the attacker's jndi ldap endpoint. (
    ( CVE-2021-4104)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS-2022-1562 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux ALAS-2022-1562
  • CVE-2021-23017
    In Development

    Rocky Linux Security Update for nginx:1.16 (RLSA-2021:2290)

    Severity
    Urgent5
    Qualys ID
    960097
    Vendor Reference
    RLSA-2021:2290
    CVE Reference
    CVE-2021-23017
    CVSS Scores
    Base 9.4 / Temporal 8.2
    Description
    Rocky Linux has released a security update for nginx:1.16 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2290 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2290
  • CVE-2021-4155+
    In Development

    Rocky Linux Security Update for kernel-rt (RLSA-2022:176)

    Severity
    Urgent5
    Qualys ID
    960100
    Vendor Reference
    RLSA-2022:176
    CVE Reference
    CVE-2021-4155, CVE-2022-0185
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Rocky Linux has released a security update for kernel-rt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:176 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:176
  • CVE-2021-4155+
    In Development

    Rocky Linux Security Update for kernel (RLSA-2022:188)

    Severity
    Urgent5
    Qualys ID
    960076
    Vendor Reference
    RLSA-2022:188
    CVE Reference
    CVE-2021-4155, CVE-2022-0185
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Rocky Linux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:188 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:188
  • CVE-2021-43565
    In Development

    SUSE Enterprise Linux Security Update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container (SUSE-SU-2022:0130-1)

    Severity
    Urgent5
    Qualys ID
    751621
    Vendor Reference
    SUSE-SU-2022:0130-1
    CVE Reference
    CVE-2021-43565
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    SUSE has released a security update for kubevirt to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0130-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0130-1
  • CVE-2021-3975+
    In Development

    SUSE Enterprise Linux Security Update for libvirt (SUSE-SU-2022:0128-1)

    Severity
    Urgent5
    Qualys ID
    751620
    Vendor Reference
    SUSE-SU-2022:0128-1
    CVE Reference
    CVE-2021-3975, CVE-2021-4147
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    SUSE has released a security update for libvirt to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0128-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0128-1
  • CVE-2022-0185
    In Development

    Ubuntu Security Notification for Linux kernel Vulnerability (USN-5240-1)

    Severity
    Urgent5
    Qualys ID
    198638
    Vendor Reference
    USN-5240-1
    CVE Reference
    CVE-2022-0185
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    The file system contextfunctionality in the linux kernel contained an integer underflowvulnerability, leading to an out-of-bounds write.
    Consequence
    A local attacker coulduse this to cause a denial of service (system crash) or execute arbitrarycode.
    Solution
    Refer to Ubuntu security advisory USN-5240-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5240-1
  • CVE-2021-38503+
    In Development

    Rocky Linux Security Update for firefox (RLSA-2021:4123)

    Severity
    Urgent5
    Qualys ID
    960054
    Vendor Reference
    RLSA-2021:4123
    CVE Reference
    CVE-2021-38503, CVE-2021-38506, CVE-2021-38508, CVE-2021-38504, CVE-2021-38509, CVE-2021-38507
    CVSS Scores
    Base 10 / Temporal 8.7
    Description
    Rocky Linux has released a security update for firefox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4123 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4123
  • CVE-2021-44228+
    In Development

    Tableau Server and Desktop Multiple Vulnerabilities (Log4Shell)

    Severity
    Urgent5
    Qualys ID
    376267
    Vendor Reference
    Log4shell
    CVE Reference
    CVE-2021-44228, CVE-2021-45046
    CVSS Scores
    Base 10 / Temporal 9
    Description
    Tableau Server, by Tableau Software, is an online solution for sharing, distributing, and collaborating on content created in Tableau. Tableau was affected by CVE-2021-44228 and CVE-2021-45046.

    Affected Versions:
    Tableau Server on windows 2021.4 to 2021.4.1
    Tableau Server on windows 2021.3.4 to 2021.3.5
    Tableau Server on windows 2021.2.5 to 2021.2.6
    Tableau Server on windows 2021.1.8 to 2021.1.9
    Tableau Server on windows 2020.4.11 to 2020.4.12
    Tableau Server on windows Other Versions-2020.3.14, 2020.2.19, 2020.1.22, 2019.4.25, 2019.3.26, 2019.2.29, 2019.1.29, 2018.3.29 and prior.

    Tableau Desktop on windows 2021.4 to 2021.4.1
    Tableau Desktop on windows 2021.3.4 to 2021.3.5
    Tableau Desktop on windows 2021.2.5 to 2021.2.6
    Tableau Desktop on windows 2021.1.8 to 2021.1.9
    Tableau Desktop on windows 2020.4.11 to 2020.4.12
    Tableau Desktop on windows Other Versions-2020.3.14, 2020.2.19, 2020.1.22, 2019.4.25, 2019.3.26, 2019.2.29, 2019.1.29, 2018.3.29 and prior.

    Tableau Server on Linux 2021.4 to 2021.4.1
    Tableau Server on Linux 2021.3.4 to 2021.3.5
    Tableau Server on Linux 2021.2.5 to 2021.2.6
    Tableau Server on Linux 2021.1.8 to 2021.1.9
    Tableau Server on Linux 2020.4.11 to 2020.4.12
    Tableau Server on Linux Other Versions-2020.3.14, 2020.2.19, 2020.1.22, 2019.4.25, 2019.3.26, 2019.2.29, 2019.1.29, 2018.3.29 and prior.

    Tableau Desktop on Linux 2021.4 to 2021.4.1
    Tableau Desktop on Linux 2021.3.4 to 2021.3.5
    Tableau Desktop on Linux 2021.2.5 to 2021.2.6
    Tableau Desktop on Linux 2021.1.8 to 2021.1.9
    Tableau Desktop on Linux 2020.4.11 to 2020.4.12
    Tableau Desktop on Linux Other Versions-2020.3.14, 2020.2.19, 2020.1.22, 2019.4.25, 2019.3.26, 2019.2.29, 2019.1.29, 2018.3.29 and prior.

    QID Detection Logic (Authenticated)
    This QID checks for the vulnerable versions for Tableau Server. NOTE: We are not checking the workaround given in advisory, A python script is required to run and needs to modify administrator services, window PowerShell corresponding to each version.

    Consequence
    Allow for remote code execution in products that use the Log4j Apache library
    Solution

    Customers are advised to refer to Log4shell for information pertaining to remediating this vulnerability.

    Patches
    Log4shell
  • CVE-2021-44228+
    In Development

    VMware vRealize Orchestrator, VMware vRealize Automation and VMware vRealize Lifecycle Manager Log4j Remote Code Execution (RCE) Vulnerability (VMSA-2021-0028) (Log4Shell)

    Severity
    Urgent5
    Qualys ID
    376261
    Vendor Reference
    VMSA-2021-0028
    CVE Reference
    CVE-2021-44228, CVE-2021-45046
    CVSS Scores
    Base 10 / Temporal 9
    Description
    VMware vRealize Orchestrator is a modern workflow automation platform that simplifies and automates complex data center infrastructure tasks for increased extensibility and agility.

    Affected Versions:
    VMware vRealize Orchestrator 8.x up to 8.6.1

    VMware vRealize Automation is part of the VMware vRealize Suite. Also referred to as vRA, it allows you to create and manage your private cloud without the need for complex manual processes. It's an automation tool for the private cloud.

    Affected Versions:
    VMware vRealize Automation 8.x up to 8.6.1
    VMware vRealize Automation 7.x up to 7.6

    VMware vRealize Suite Lifecycle Manager delivers complete lifecycle and content management capabilities for vRealize Suite products. It helps customers accelerate time to value by automating deployment, upgrades, and configuration, while bringing DevOps principles to the management of vRealize Suite content.

    Affected Versions:
    VMware vRealize Suite Lifecycle Manager 8.x up to 8.6.1

    QID Detection Logic:(Authenticated)
    It reads /opt/vmware/etc/appliance-manifest.xml file to check the vulnerable version of the product.

    Consequence
    A malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system.
    Solution
    The vendor has released patches which can be found VMSA-2021-0028
    Patches
    VMSA-2021-0028
  • CVE-2021-32028+
    In Development

    Rocky Linux Security Update for postgresql:10 (RLSA-2021:2361)

    Severity
    Critical4
    Qualys ID
    960101
    Vendor Reference
    RLSA-2021:2361
    CVE Reference
    CVE-2021-32028, CVE-2021-32027
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for postgresql:10 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2361 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2361
  • CVE-2021-1817+
    In Development

    Rocky Linux Security Update for GNOME (RLSA-2021:1586)

    Severity
    Critical4
    Qualys ID
    960096
    Vendor Reference
    RLSA-2021:1586
    CVE Reference
    CVE-2021-1817, CVE-2021-1820, CVE-2021-1826, CVE-2021-1825, CVE-2021-30661
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for GNOME to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:1586 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:1586
  • CVE-2021-3393+
    In Development

    Rocky Linux Security Update for postgresql:12 (RLSA-2021:2372)

    Severity
    Critical4
    Qualys ID
    960093
    Vendor Reference
    RLSA-2021:2372
    CVE Reference
    CVE-2021-3393, CVE-2021-32029, CVE-2021-32028, CVE-2021-32027
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for postgresql:12 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2372 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2372
  • CVE-2021-32029+
    In Development

    Rocky Linux Security Update for postgresql:13 (RLSA-2021:2375)

    Severity
    Critical4
    Qualys ID
    960091
    Vendor Reference
    RLSA-2021:2375
    CVE Reference
    CVE-2021-32029, CVE-2021-32028, CVE-2021-32027
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for postgresql:13 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2375 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2375
  • CVE-2021-29967
    In Development

    Rocky Linux Security Update for firefox (RLSA-2021:2233)

    Severity
    Critical4
    Qualys ID
    960086
    Vendor Reference
    RLSA-2021:2233
    CVE Reference
    CVE-2021-29967
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for firefox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2233 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2233
  • CVE-2021-38493
    In Development

    Rocky Linux Security Update for firefox (RLSA-2021:3497)

    Severity
    Critical4
    Qualys ID
    960083
    Vendor Reference
    RLSA-2021:3497
    CVE Reference
    CVE-2021-38493
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for firefox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3497 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3497
  • CVE-2021-29477
    In Development

    Rocky Linux Security Update for redis:6 (RLSA-2021:2034)

    Severity
    Critical4
    Qualys ID
    960078
    Vendor Reference
    RLSA-2021:2034
    CVE Reference
    CVE-2021-29477
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for redis:6 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2034 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2034
  • CVE-2021-30663+
    In Development

    Rocky Linux Security Update for GNOME (RLSA-2021:4381)

    Severity
    Critical4
    Qualys ID
    960077
    Vendor Reference
    RLSA-2021:4381
    CVE Reference
    CVE-2021-30663, CVE-2021-21775, CVE-2021-30749, CVE-2021-30682, CVE-2021-30795, CVE-2021-21806, CVE-2021-30799, CVE-2021-30720, CVE-2021-30744, CVE-2021-30689, CVE-2021-30734, CVE-2021-30797, CVE-2021-30758, CVE-2021-30665, CVE-2021-21779
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for GNOME to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4381 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4381
  • CVE-2021-3246
    In Development

    Rocky Linux Security Update for libsndfile (RLSA-2021:3253)

    Severity
    Critical4
    Qualys ID
    960071
    Vendor Reference
    RLSA-2021:3253
    CVE Reference
    CVE-2021-3246
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for libsndfile to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3253 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3253
  • CVE-2021-38493
    In Development

    Rocky Linux Security Update for thunderbird (RLSA-2021:3499)

    Severity
    Critical4
    Qualys ID
    960058
    Vendor Reference
    RLSA-2021:3499
    CVE Reference
    CVE-2021-38493
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for thunderbird to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3499 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3499
  • CVE-2021-32028+
    In Development

    Rocky Linux Security Update for postgresql:9.6 (RLSA-2021:2360)

    Severity
    Critical4
    Qualys ID
    960053
    Vendor Reference
    RLSA-2021:2360
    CVE Reference
    CVE-2021-32028, CVE-2021-32027
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for postgresql:9.6 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2360 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2360
  • CVE-2021-30858
    In Development

    Rocky Linux Security Update for webkit2gtk3 (RLSA-2021:4097)

    Severity
    Critical4
    Qualys ID
    960051
    Vendor Reference
    RLSA-2021:4097
    CVE Reference
    CVE-2021-30858
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for webkit2gtk3 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4097 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4097
  • CVE-2021-30465
    In Development

    Rocky Linux Security Update for container-tools:2.0 (RLSA-2021:2291)

    Severity
    Critical4
    Qualys ID
    960089
    Vendor Reference
    RLSA-2021:2291
    CVE Reference
    CVE-2021-30465
    CVSS Scores
    Base 8.5 / Temporal 7.4
    Description
    Rocky Linux has released a security update for container-tools:2.0 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2291 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2291
  • CVE-2021-30465
    In Development

    Rocky Linux Security Update for container-tools:rhel8 (RLSA-2021:2371)

    Severity
    Critical4
    Qualys ID
    960060
    Vendor Reference
    RLSA-2021:2371
    CVE Reference
    CVE-2021-30465
    CVSS Scores
    Base 8.5 / Temporal 7.4
    Description
    Rocky Linux has released a security update for container-tools:rhel8 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2371 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2371
  • CVE-2021-44224
    Under Investigation

    Apache HTTP Server NULL pointer dereference and Server Side Request Forgery (SSRF) Vulnerability (CVE-2021-44224)

    Severity
    Critical4
    Qualys ID
    150456
    Vendor Reference
    Apache HTTP Server Security Advisory
    CVE Reference
    CVE-2021-44224
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description
    The Apache HTTP Server, colloquially called Apache, is a free and open-source cross-platform web server software.

    On affected versions of Apache HTTP Server, NULL pointer dereference or SSRF vulnerability exists in forward proxy configurations.

    Affected Versions:
    Apache HTTP Server from 2.4.7 to 2.4.51

    QID Detection Logic (Unauthenticated):
    This QID sends a HTTP GET request and checks the response headers to confirm if the host is running vulnerable version of Apache HTTP Server.

    Consequence
    Successful exploitation of this vulnerability could allow a remote attacker to send specially crafted HTTP requests and trick the web server to initiate requests to arbitrary systems or cause NULL pointer dereference error and crash the web server.

    Solution
    Customers are advised to upgrade to Apache HTTP Server 2.4.52 or later to remediate this vulnerability. For more information related to this vulnerability please refer Apache Security advisory
    Patches
    Apache HTTP Server Security Advisory
  • CVE-2021-38575
    In Development

    Rocky Linux Security Update for edk2 (RLSA-2021:3066)

    Severity
    Critical4
    Qualys ID
    960067
    Vendor Reference
    RLSA-2021:3066
    CVE Reference
    CVE-2021-38575
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Rocky Linux has released a security update for edk2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3066 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3066
  • CVE-2019-16254+
    In Development

    Rocky Linux Security Update for ruby:2.5 (RLSA-2021:2587)

    Severity
    Critical4
    Qualys ID
    960064
    Vendor Reference
    RLSA-2021:2587
    CVE Reference
    CVE-2019-16254, CVE-2020-25613, CVE-2020-10933, CVE-2020-10663, CVE-2021-28965, CVE-2019-16201, CVE-2019-16255, CVE-2019-15845
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Rocky Linux has released a security update for ruby:2.5 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2587 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2587
  • CVE-2021-3973+
    In Development

    Amazon Linux Security Advisory for vim : ALAS-2022-1557

    Severity
    Critical4
    Qualys ID
    353117
    Vendor Reference
    ALAS-2022-1557
    CVE Reference
    CVE-2021-3973, CVE-2021-3984, CVE-2021-4069, CVE-2021-4136, CVE-2021-3928, CVE-2021-3968, CVE-2021-4019, CVE-2021-4166, CVE-2021-3903, CVE-2021-4187, CVE-2021-3927, CVE-2021-3974, CVE-2021-4173
    CVSS Scores
    Base 8 / Temporal 7
    Description

    vim is vulnerable to heap-based buffer overflow (cve-2021-3903) a flaw was found in vim.
    A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.
    The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (
    ( CVE-2021-3927) a flaw was found in vim.
    A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.
    ( CVE-2021-3928) a flaw was found in vim.
    A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.
    The highest threat from this vulnerability is to system availability. (
    ( CVE-2021-3968) a flaw was found in vim.
    ( CVE-2021-3973) a flaw was found in vim.
    A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.
    ( CVE-2021-3974) a flaw was found in vim.
    A possible heap-based buffer overflow allows an attacker to input a specially crafted file, leading to a crash or code execution.
    The highest threat from this vulnerability is confidentiality, integrity, and system availability. (
    ( CVE-2021-3984) a flaw was found in vim.
    A possible heap-based buffer overflow vulnerability allows an attacker to input a specially crafted file, leading to a crash or code execution.
    The highest threat from this vulnerability is system availability. (
    ( CVE-2021-4019) vim is vulnerable to use after free (cve-2021-4069) a flaw was found in vim.
    ( CVE-2021-4136) a flaw was found in vim.
    ( CVE-2021-4187)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS-2022-1557 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux ALAS-2022-1557
  • CVE-2021-3796+
    In Development

    Rocky Linux Security Update for vim (RLSA-2021:4517)

    Severity
    Critical4
    Qualys ID
    960081
    Vendor Reference
    RLSA-2021:4517
    CVE Reference
    CVE-2021-3796, CVE-2021-3778
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4517 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4517
  • CVE-2021-22543+
    In Development

    Rocky Linux Security Update for kernel (RLSA-2021:3057)

    Severity
    Critical4
    Qualys ID
    960074
    Vendor Reference
    RLSA-2021:3057
    CVE Reference
    CVE-2021-22543, CVE-2021-3609, CVE-2021-22555
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3057 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3057
  • CVE-2021-32399+
    In Development

    Rocky Linux Security Update for kernel (RLSA-2021:2714)

    Severity
    Critical4
    Qualys ID
    960070
    Vendor Reference
    RLSA-2021:2714
    CVE Reference
    CVE-2021-32399, CVE-2021-33909
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2714 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2714
  • CVE-2021-0512+
    In Development

    Rocky Linux Security Update for kernel (RLSA-2021:4056)

    Severity
    Critical4
    Qualys ID
    960061
    Vendor Reference
    RLSA-2021:4056
    CVE Reference
    CVE-2021-0512, CVE-2020-36385, CVE-2021-3656
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4056 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4056
  • CVE-2021-33034+
    In Development

    Rocky Linux Security Update for kernel (RLSA-2021:2570)

    Severity
    Critical4
    Qualys ID
    960056
    Vendor Reference
    RLSA-2021:2570
    CVE Reference
    CVE-2021-33034, CVE-2020-26541
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2570 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2570
  • CVE-2021-45463
    In Development

    Red Hat Update for gegl04 (RHSA-2022:0184)

    Severity
    Critical4
    Qualys ID
    240011
    Vendor Reference
    RHSA-2022:0184
    CVE Reference
    CVE-2021-45463
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    gegl (generic graphics library) is a graph-based image processing framework.

    Security Fix(es):
    • gegl: shell expansion via a crafted pathname (cve-2021-45463)

    Affected Products:

    • Red Hat enterprise linux for x86_64 - extended update support 8.2 x86_64
    • Red Hat enterprise linux server - aus 8.2 x86_64
    • Red Hat enterprise linux for power, little endian - extended update support 8.2 ppc64le
    • Red Hat enterprise linux server - tus 8.2 x86_64
    • Red Hat enterprise linux server (for ibm power le) - update services for sap solutions 8.2 ppc64le
    • Red Hat enterprise linux server - update services for sap solutions 8.2 x86_64
    • Red Hat codeready linux builder for x86_64 - extended update support 8.2 x86_64
    • Red Hat codeready linux builder for power, little endian - extended update support 8.2 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0184 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0184
  • CVE-2021-45463
    In Development

    Red Hat Update for gegl04 (RHSA-2022:0178)

    Severity
    Critical4
    Qualys ID
    240009
    Vendor Reference
    RHSA-2022:0178
    CVE Reference
    CVE-2021-45463
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    gegl (generic graphics library) is a graph-based image processing framework.

    Security Fix(es):
    • gegl: shell expansion via a crafted pathname (cve-2021-45463)

    Affected Products:

    • Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64
    • Red Hat enterprise linux server - aus 8.4 x86_64
    • Red Hat enterprise linux for power, little endian - extended update support 8.4 ppc64le
    • Red Hat enterprise linux server - tus 8.4 x86_64
    • Red Hat enterprise linux server (for ibm power le) - update services for sap solutions 8.4 ppc64le
    • Red Hat enterprise linux server - update services for sap solutions 8.4 x86_64
    • Red Hat codeready linux builder for x86_64 - extended update support 8.4 x86_64
    • Red Hat codeready linux builder for power, little endian - extended update support 8.4 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0178 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0178
  • CVE-2021-28091
    In Development

    Rocky Linux Security Update for lasso (RLSA-2021:4325)

    Severity
    Critical4
    Qualys ID
    960099
    Vendor Reference
    RLSA-2021:4325
    CVE Reference
    CVE-2021-28091
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for lasso to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4325 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4325
  • CVE-2021-27219
    In Development

    Rocky Linux Security Update for glib2 (RLSA-2021:2170)

    Severity
    Critical4
    Qualys ID
    960092
    Vendor Reference
    RLSA-2021:2170
    CVE Reference
    CVE-2021-27219
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for glib2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2170 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2170
  • CVE-2021-28965+
    In Development

    Rocky Linux Security Update for ruby:2.7 (RLSA-2021:2584)

    Severity
    Critical4
    Qualys ID
    960085
    Vendor Reference
    RLSA-2021:2584
    CVE Reference
    CVE-2021-28965, CVE-2020-25613
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for ruby:2.7 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2584 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2584
  • CVE-2021-27290+
    In Development

    Rocky Linux Security Update for nodejs:12 (RLSA-2021:3073)

    Severity
    Critical4
    Qualys ID
    960082
    Vendor Reference
    RLSA-2021:3073
    CVE Reference
    CVE-2021-27290, CVE-2021-23362
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for nodejs:12 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3073 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3073
  • CVE-2021-33560
    In Development

    Rocky Linux Security Update for libgcrypt (RLSA-2021:4409)

    Severity
    Critical4
    Qualys ID
    960079
    Vendor Reference
    RLSA-2021:4409
    CVE Reference
    CVE-2021-33560
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for libgcrypt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4409 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4409
  • CVE-2021-31957
    In Development

    Rocky Linux Security Update for .NET (RLSA-2021:2352)

    Severity
    Critical4
    Qualys ID
    960069
    Vendor Reference
    RLSA-2021:2352
    CVE Reference
    CVE-2021-31957
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2352 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2352
  • CVE-2021-27290+
    In Development

    Rocky Linux Security Update for nodejs:14 (RLSA-2021:3074)

    Severity
    Critical4
    Qualys ID
    960063
    Vendor Reference
    RLSA-2021:3074
    CVE Reference
    CVE-2021-27290, CVE-2021-23362
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for nodejs:14 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3074 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3074
  • CVE-2021-22946+
    In Development

    Rocky Linux Security Update for curl (RLSA-2021:4059)

    Severity
    Critical4
    Qualys ID
    960062
    Vendor Reference
    RLSA-2021:4059
    CVE Reference
    CVE-2021-22946, CVE-2021-22947
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for curl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4059 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4059
  • CVE-2021-2341+
    In Development

    Rocky Linux Security Update for java-1.8.0-openjdk (RLSA-2021:2776)

    Severity
    Critical4
    Qualys ID
    960052
    Vendor Reference
    RLSA-2021:2776
    CVE Reference
    CVE-2021-2341, CVE-2021-2388, CVE-2021-2369
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for java-1.8.0-openjdk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2776 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2776
  • CVE-2021-39241+
    In Development

    Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2022:0114)

    Severity
    Critical4
    Qualys ID
    770132
    Vendor Reference
    RHSA-2022:0114
    CVE Reference
    CVE-2021-39241, CVE-2021-40346
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.

    Security Fix(es):
    • haproxy: an http method name may contain a space followed by the name of

    Affected Products:

    • Red Hat openshift container platform 4.7 for rhel 8 x86_64
    • Red Hat openshift container platform 4.7 for rhel 7 x86_64
    • Red Hat openshift container platform for power 4.7 for rhel 8 ppc64le
    • Red Hat openshift container platform for ibm z and linuxone 4.7 for rhel 8 s390x



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0114 for updates and patch information.
    Patches
    Red Hat Enterprise Linux CoreOS RHSA-2022:0114
  • CVE-2021-28714+
    In Development

    OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0131-1)

    Severity
    Critical4
    Qualys ID
    751622
    Vendor Reference
    openSUSE-SU-2022:0131-1
    CVE Reference
    CVE-2021-28714, CVE-2021-28713, CVE-2021-28711, CVE-2021-4002, CVE-2021-45485, CVE-2021-4001, CVE-2020-27820, CVE-2021-28712, CVE-2020-24504, CVE-2021-28715, CVE-2021-43976, CVE-2021-43975, CVE-2021-45486
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    OpenSUSE has released a security update for the Linux Kernel to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    Malicious users could also use this vulnerability to change partial contents or configuration on the system and information disclosure.Denial of service can appear in some cases too.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0131-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0131-1
  • CVE-2021-33582
    In Development

    Amazon Linux Security Advisory for cyrus-imapd : ALAS-2022-1559

    Severity
    Critical4
    Qualys ID
    353115
    Vendor Reference
    ALAS-2022-1559
    CVE Reference
    CVE-2021-33582
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    A flaw was found in cyrus-imapd.
    A bad string hashing algorithm used in internal hash tables allows user inputs to be stored in predictable buckets.
    A user may cause a cpu denial of service by maliciously directing many inputs to a single bucket.
    The highest threat from this vulnerability is to system availability. (
    ( CVE-2021-33582)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS-2022-1559 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux ALAS-2022-1559
  • CVE-2021-4190+
    In Development

    Fedora Security Update for wireshark (FEDORA-2022-1daf93c51d)

    Severity
    Critical4
    Qualys ID
    282259
    Vendor Reference
    FEDORA-2022-1daf93c51d
    CVE Reference
    CVE-2021-4190, CVE-2021-4184, CVE-2021-4186, CVE-2021-4181, CVE-2021-4185, CVE-2021-4182, CVE-2021-4183
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for wireshark to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-1daf93c51d
  • CVE-2021-39241+
    In Development

    Red Hat OpenShift Container Platform 4.7 Security Update (RHSA-2022:0114)

    Severity
    Critical4
    Qualys ID
    240017
    Vendor Reference
    RHSA-2022:0114
    CVE Reference
    CVE-2021-39241, CVE-2021-40346
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.

    Security Fix(es):
    • haproxy: an http method name may contain a space followed by the name of

    Affected Products:

    • Red Hat openshift container platform 4.7 for rhel 8 x86_64
    • Red Hat openshift container platform 4.7 for rhel 7 x86_64
    • Red Hat openshift container platform for power 4.7 for rhel 8 ppc64le
    • Red Hat openshift container platform for ibm z and linuxone 4.7 for rhel 8 s390x



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0114 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0114
  • CVE-2021-3712
    In Development

    Rocky Linux Security Update for openssl (RLSA-2021:5226)

    Severity
    Critical4
    Qualys ID
    960090
    Vendor Reference
    RLSA-2021:5226
    CVE Reference
    CVE-2021-3712
    CVSS Scores
    Base 7.4 / Temporal 6.4
    Description
    Rocky Linux has released a security update for openssl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:5226 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:5226
  • CVE-2021-42385+
    In Development

    Amazon Linux Security Advisory for busybox : ALAS-2022-1558

    Severity
    Critical4
    Qualys ID
    353116
    Vendor Reference
    ALAS-2022-1558
    CVE Reference
    CVE-2021-42385, CVE-2021-42376, CVE-2021-42378, CVE-2021-42384, CVE-2021-42379, CVE-2021-42386
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description

    A flaw was found in busybox, where it did not properly sanitize while processing a crafted shell command, leading to a denial of service.
    The highest threat from this vulnerability is to system availability. (
    ( CVE-2021-42376) a flaw was found in busybox, where it did not properly sanitize while processing a crafted awk pattern, leading to possible code execution.
    The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (
    ( CVE-2021-42378) a flaw was found in busybox, where it did not properly sanitize while processing a crafted awk pattern in the next_input_file function, leading to possible code execution.
    ( CVE-2021-42379) a flaw was found in busybox, where it did not properly sanitize while processing a crafted awk pattern in the handle_special function, leading to possible code execution.
    ( CVE-2021-42384) a flaw was found in busybox, where it did not properly sanitize while processing a crafted awk pattern in the evaluate function, leading to possible code execution.
    ( CVE-2021-42385) a flaw was found in busybox, where it did not properly sanitize while processing a crafted awk pattern in the nvalloc function, leading to possible code execution.
    ( CVE-2021-42386)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS-2022-1558 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux ALAS-2022-1558
  • CVE-2021-3571
    In Development

    Rocky Linux Security Update for linuxptp (RLSA-2021:4321)

    Severity
    Critical4
    Qualys ID
    960095
    Vendor Reference
    RLSA-2021:4321
    CVE Reference
    CVE-2021-3571
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    Rocky Linux has released a security update for linuxptp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4321 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4321
  • CVE-2021-3501+
    In Development

    Rocky Linux Security Update for kernel (RLSA-2021:2168)

    Severity
    Critical4
    Qualys ID
    960066
    Vendor Reference
    RLSA-2021:2168
    CVE Reference
    CVE-2021-3501, CVE-2021-3543
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    Rocky Linux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2168 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2168
  • CVE-2021-20271+
    In Development

    Rocky Linux Security Update for rpm (RLSA-2021:2574)

    Severity
    Critical4
    Qualys ID
    960068
    Vendor Reference
    RLSA-2021:2574
    CVE Reference
    CVE-2021-20271, CVE-2021-3421
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    Rocky Linux has released a security update for rpm to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2574 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2574
  • CVE-2021-43527
    Recently Published

    Rocky Linux Security Update for nss (RLSA-2021:4903)

    Severity
    Urgent5
    Qualys ID
    960047
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:4903
    CVE Reference
    CVE-2021-43527
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for nss to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4903 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4903
  • CVE-2021-22931+
    Recently Published

    Rocky Linux Security Update for nodejs:12 (RLSA-2021:3623)

    Severity
    Urgent5
    Qualys ID
    960018
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3623
    CVE Reference
    CVE-2021-22931, CVE-2021-23343
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for nodejs:12 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3623 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3623
  • CVE-2021-43267+
    Recently Published

    Rocky Linux Security Update for kernel-rt (RLSA-2021:4646)

    Severity
    Urgent5
    Qualys ID
    960003
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:4646
    CVE Reference
    CVE-2021-43267, CVE-2021-20317
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for kernel-rt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4646 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4646
  • CVE-2021-30275+
    In Development

    Google Android January 2022 Security Patch Missing for Samsung

    Severity
    Urgent5
    Qualys ID
    610391
    Vendor Reference
    SMR-January-2022
    CVE Reference
    CVE-2021-30275, CVE-2021-30276, CVE-2021-30270, CVE-2021-30279, CVE-2021-30278, CVE-2021-30269, CVE-2021-30283, CVE-2021-1918, CVE-2021-30274, CVE-2021-30272, CVE-2021-30282, CVE-2021-30271, CVE-2021-1894, CVE-2020-11263, CVE-2021-33909, CVE-2021-30337, CVE-2021-30335, CVE-2021-30262, CVE-2021-30267, CVE-2021-30293, CVE-2021-30273, CVE-2021-30289, CVE-2021-30268, CVE-2021-30336, CVE-2021-30303, CVE-2020-0368, CVE-2021-0971, CVE-2021-39630, CVE-2021-39632, CVE-2020-0338, CVE-2021-39623, CVE-2021-39620, CVE-2021-39626, CVE-2021-39629, CVE-2021-0643, CVE-2021-39628, CVE-2021-39659, CVE-2021-0961, CVE-2021-0661, CVE-2021-0662, CVE-2021-0663, CVE-2021-0673
    CVSS Scores
    Base 9.8 / Temporal 7.8
    Description
    Android is a mobile operating system based on a modified version of the Linux kernel and other open source software, designed primarily for touchscreen mobile devices such as smartphones and tablets.

    Following security issues were discovered:
    CVE-2021-30275, CVE-2021-30276,CVE-2021-30270, CVE-2021-30279, CVE-2021-30278, CVE-2021-30269, CVE-2021-30283, CVE-2021-1918, CVE-2021-30274, CVE-2021-30272, CVE-2021-30282, CVE-2021-30271, CVE-2021-1894, CVE-2020-11263, CVE-2021-33909, CVE-2021-30337, CVE-2021-30335, CVE-2021-30262, CVE-2021-30267, CVE-2021-30293, CVE-2021-30273, CVE-2021-30289, CVE-2021-30268, CVE-2021-30336, CVE-2021-30303, CVE-2020-0368, CVE-2021-0971, CVE-2021-39630, CVE-2021-39632, CVE-2020-0338, CVE-2021-39623, CVE-2021-39620, CVE-2021-39626, CVE-2021-39629, CVE-2021-0643, CVE-2021-39628, CVE-2021-39659,CVE-2021-0961, CVE-2021-0661, CVE-2021-0662, CVE-2021-0663, CVE-2021-0673

    Affected Products :
    G series (G5, G6, G7, G8), V series(V10, V20, V30, V35, V40, V50) , Q Series(Q6, Q8) , X Series(X300, X400, X500, X cam), CV Series(CV1, CV3, CV5, CV7, CV1S, CV7AS), MH(K40, K50, Q60, Q70)

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to Samsung Security advisory SMR-January-2022 to address this issue and obtain more information.
    Patches
    Android SMR-January-2022
  • CVE-2021-23017
    Recently Published

    Rocky Linux Security Update for nginx:1.18 (RLSA-2021:2259)

    Severity
    Urgent5
    Qualys ID
    960037
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2259
    CVE Reference
    CVE-2021-23017
    CVSS Scores
    Base 9.4 / Temporal 8.2
    Description
    Rocky Linux has released a security update for nginx:1.18 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2259 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2259
  • CVE-2021-35942
    Recently Published

    Rocky Linux Security Update for glibc (RLSA-2021:4358)

    Severity
    Urgent5
    Qualys ID
    960043
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:4358
    CVE Reference
    CVE-2021-35942
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    Rocky Linux has released a security update for glibc to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4358 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4358
  • CVE-2021-30960+
    In Development

    Apple iOS 15.2 and iPadOS 15.2 Security Update Missing

    Severity
    Urgent5
    Qualys ID
    610393
    Vendor Reference
    HT212976
    CVE Reference
    CVE-2021-30960, CVE-2021-30966, CVE-2021-30926, CVE-2021-30942, CVE-2021-30957, CVE-2021-30958, CVE-2021-30945, CVE-2021-30992, CVE-2021-30939, CVE-2021-30996, CVE-2021-30983, CVE-2021-30985, CVE-2021-30991, CVE-2021-30937, CVE-2021-30927, CVE-2021-30980, CVE-2021-30949, CVE-2021-30993, CVE-2021-30955, CVE-2021-30971, CVE-2021-30973, CVE-2021-30929, CVE-2021-30979, CVE-2021-30940, CVE-2021-30941, CVE-2021-30967, CVE-2021-30988, CVE-2021-30932, CVE-2021-30948, CVE-2021-30995, CVE-2021-30968, CVE-2021-30946, CVE-2021-30947, CVE-2021-30767, CVE-2021-30964, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30984, CVE-2021-30953, CVE-2021-30954
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    iOS is a mobile operating system created and developed by Apple Inc.

    Following security issues are observed :
    A buffer overflow issue was addressed with improved memory handling. CVE-2021-30960
    A logic issue was addressed with improved state management. CVE-2021-30966
    A buffer overflow issue was addressed with improved memory handling. CVE-2021-30957
    An out-of-bounds read was addressed with improved input validation. CVE-2021-30958
    This issue was addressed with improved checks. CVE-2021-30945
    This issue was addressed with improved handling of file metadata. CVE-2021-30992
    An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30939
    A race condition was addressed with improved state handling. CVE-2021-30996
    A buffer overflow issue was addressed with improved memory handling. CVE-2021-30983
    An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30985
    An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30991
    A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937
    A use after free issue was addressed with improved memory management. CVE-2021-30927
    A memory corruption issue was addressed with improved state management. CVE-2021-30949
    A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993
    A race condition was addressed with improved state handling. CVE-2021-30955
    An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30971
    An out-of-bounds read was addressed with improved input validation. CVE-2021-30973
    An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30929
    A buffer overflow issue was addressed with improved memory handling. CVE-2021-30979
    A buffer overflow issue was addressed with improved memory handling. CVE-2021-30940
    The issue was addressed with improved permissions logic. CVE-2021-30932
    An inconsistent user interface issue was addressed with improved state management. CVE-2021-30948
    A race condition was addressed with improved state handling. CVE-2021-30995
    A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968
    A logic issue was addressed with improved restrictions. CVE-2021-30946
    An access issue was addressed with additional sandbox restrictions. CVE-2021-30947
    A logic issue was addressed with improved state management. CVE-2021-30767
    An inherited permissions issue was addressed with additional restrictions. CVE-2021-30964
    A buffer overflow issue was addressed with improved memory handling. CVE-2021-30934
    A use after free issue was addressed with improved memory management. CVE-2021-30936
    An integer overflow was addressed with improved input validation. CVE-2021-30952
    A race condition was addressed with improved state handling. CVE-2021-30984
    An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30953
    A type confusion issue was addressed with improved memory handling. CVE-2021-30954

    Affected Devices
    iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to Apple advisory HT212976 for patching details.
    Patches
    iOS HT212976
  • CVE-2021-0967+
    In Development

    Google Android January 2022 Security Patch Missing for Huawei EMUI

    Severity
    Urgent5
    Qualys ID
    610392
    Vendor Reference
    Jan 2022
    CVE Reference
    CVE-2021-0967, CVE-2021-0968, CVE-2021-0704, CVE-2021-0952, CVE-2021-0954, CVE-2021-0955, CVE-2021-0963, CVE-2021-0964, CVE-2021-0965, CVE-2021-0966, CVE-2021-0970, CVE-2021-0971, CVE-2021-33909, CVE-2021-38204, CVE-2021-0726, CVE-2021-0849, CVE-2021-0731, CVE-2021-0738, CVE-2021-0761, CVE-2021-0765, CVE-2021-0768, CVE-2021-0770, CVE-2021-0772, CVE-2021-0789, CVE-2021-0803, CVE-2021-0866, CVE-2021-0716, CVE-2021-0855, CVE-2021-0560, CVE-2021-0805, CVE-2021-0779, CVE-2021-0791, CVE-2021-0795, CVE-2021-0838, CVE-2021-0840, CVE-2021-0844, CVE-2021-0797, CVE-2021-0798, CVE-2021-0804, CVE-2021-0822, CVE-2021-0824, CVE-2021-0886, CVE-2021-0969, CVE-2021-0976, CVE-2021-0992, CVE-2021-0998, CVE-2021-1007, CVE-2021-1009, CVE-2021-1010, CVE-2021-1011, CVE-2021-1012, CVE-2021-1022, CVE-2021-1024, CVE-2020-25668, CVE-2021-39636, CVE-2021-39648, CVE-2021-39656, CVE-2021-23134
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Android is a mobile operating system based on a modified version of the Linux kernel and other open source software, designed primarily for touchscreen mobile devices such as smartphones and tablets.

    Following security issues were discovered:
    CVE-2021-0967, CVE-2021-0968,CVE-2021-0704, CVE-2021-0952, CVE-2021-0954, CVE-2021-0955, CVE-2021-0963, CVE-2021-0964, CVE-2021-0965, CVE-2021-0966, CVE-2021-0970, CVE-2021-0971, CVE-2021-33909, CVE-2021-38204,CVE-2021-0726, CVE-2021-0849, CVE-2021-0731, CVE-2021-0738, CVE-2021-0761, CVE-2021-0765, CVE-2021-0768, CVE-2021-0770, CVE-2021-0772, CVE-2021-0789, CVE-2021-0803, CVE-2021-0866, CVE-2021-0716, CVE-2021-0855, CVE-2021-0560, CVE-2021-0805, CVE-2021-0779, CVE-2021-0791, CVE-2021-0795, CVE-2021-0838, CVE-2021-0840, CVE-2021-0844, CVE-2021-0797, CVE-2021-0798, CVE-2021-0804, CVE-2021-0822, CVE-2021-0824, CVE-2021-0886, CVE-2021-0969, CVE-2021-0976, CVE-2021-0992, CVE-2021-0998, CVE-2021-1007, CVE-2021-1009, CVE-2021-1010, CVE-2021-1011, CVE-2021-1012, CVE-2021-1022, CVE-2021-1024, CVE-2020-25668, CVE-2021-39636, CVE-2021-39648, CVE-2021-39656, CVE-2021-23134

    Affected Devices :
    HUAWEI P series: P30 Pro, P30, P20 Pro, P20
    HUAWEI Mate series: Mate 20 X, Mate 20 Pro, Mate 20, Mate 20 RS, Mate 10 Pro, Mate 10, PORSCHE DESIGN HUAWEI Mate RS

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to HUAWEI Security advisory January 2022 to address this issue and obtain more information.
    Patches
    Android January 2022
  • CVE-2021-31291
    Recently Published

    Rocky Linux Security Update for exiv2 (RLSA-2021:3152)

    Severity
    Urgent5
    Qualys ID
    960026
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3152
    CVE Reference
    CVE-2021-31291
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Rocky Linux has released a security update for exiv2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3152 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3152
  • CVE-2021-31291
    Recently Published

    Rocky Linux Security Update for compat-exiv2-026 (RLSA-2021:3153)

    Severity
    Urgent5
    Qualys ID
    960008
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3153
    CVE Reference
    CVE-2021-31291
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Rocky Linux has released a security update for compat-exiv2-026 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3153 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3153
  • CVE-2021-39683+
    In Development

    Google Pixel Android January 2022 Security Patch Missing

    Severity
    Urgent5
    Qualys ID
    610389
    Vendor Reference
    Pixel Update Bulletin January2022
    CVE Reference
    CVE-2021-39683, CVE-2021-39682, CVE-2021-39681, CVE-2021-39680, CVE-2021-30313, CVE-2021-39678, CVE-2021-39684, CVE-2021-39679, CVE-2021-30314, CVE-2021-40490
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Android is a mobile operating system based on a modified version of the Linux kernel and other open source software, designed primarily for touchscreen mobile devices such as smartphones and tablets.

    Following security issues were discovered:
    CVE-2021-39683,CVE-2021-39682,CVE-2021-39681,CVE-2021-39680,CVE-2021-30313,CVE-2021-39678,CVE-2021-39684,CVE-2021-39679,CVE-2021-30314,CVE-2021-40490

    Affected Products :
    Pixel 4 XL, Pixel 4, Pixel 3a XL, Pixel 3a, Pixel 3 XL, Pixel 3, Pixel 2 XL, Pixel 2

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to Google Pixel advisory Google Pixel Android January2022 to address this issue and obtain more information.
    Patches
    Android January 2022
  • CVE-2022-22588
    In Development

    Apple iOS 15.2.1 and iPadOS 15.2.1 Security Update Missing

    Severity
    Urgent5
    Qualys ID
    610394
    Vendor Reference
    HT213043
    CVE Reference
    CVE-2022-22588
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    iOS is a mobile operating system created and developed by Apple Inc.

    Following security issues are observed :
    A resource exhaustion issue was addressed with improved input validation. CVE-2022-22588

    Affected Devices
    iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to Apple advisory HT213043 for patching details.
    Patches
    iOS HT213043
  • CVE-2021-3429
    Recently Published

    Rocky Linux Security Update for cloud-init (RLSA-2021:3081)

    Severity
    Urgent5
    Qualys ID
    960046
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3081
    CVE Reference
    CVE-2021-3429
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Rocky Linux has released a security update for cloud-init to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3081 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3081
  • CVE-2021-3551
    Recently Published

    Rocky Linux Security Update for pki-core:10.6 (RLSA-2021:2235)

    Severity
    Urgent5
    Qualys ID
    960030
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2235
    CVE Reference
    CVE-2021-3551
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Rocky Linux has released a security update for pki-core:10.6 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2235 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2235
  • CVE-2021-3560
    Recently Published

    Rocky Linux Security Update for polkit (RLSA-2021:2238)

    Severity
    Urgent5
    Qualys ID
    960004
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2238
    CVE Reference
    CVE-2021-3560
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Rocky Linux has released a security update for polkit to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2238 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2238
  • CVE-2021-39621+
    In Development

    Google Android Devices January 2022 Security Patch Missing

    Severity
    Critical4
    Qualys ID
    610390
    Vendor Reference
    Android Security Bulletin January2022
    CVE Reference
    CVE-2021-39621, CVE-2021-39620, CVE-2021-39623, CVE-2021-39622, CVE-2021-39625, CVE-2021-39627, CVE-2021-39626, CVE-2021-39629, CVE-2021-39628, CVE-2021-31889, CVE-2021-30353, CVE-2021-39633, CVE-2021-31890, CVE-2021-30311, CVE-2021-30319, CVE-2021-39618, CVE-2021-31345, CVE-2021-31346, CVE-2021-39632, CVE-2021-39659, CVE-2021-39630, CVE-2021-39634, CVE-2021-0959, CVE-2021-30285, CVE-2021-30287, CVE-2021-0643, CVE-2021-30307, CVE-2021-30301, CVE-2021-30300, CVE-2021-1049, CVE-2021-40148, CVE-2021-30308, CVE-2020-0338
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Android is a mobile operating system based on a modified version of the Linux kernel and other open source software, designed primarily for touchscreen mobile devices such as smartphones and tablets.

    Following security issues were discovered:
    CVE-2021-39621,CVE-2021-39620,CVE-2021-39623,CVE-2021-39622,CVE-2021-39625,CVE-2021-39627,CVE-2021-39626,CVE-2021-39629,CVE-2021-39628,CVE-2021-31889,CVE-2021-30353,CVE-2021-39633,CVE-2021-31890,CVE-2021-30311,CVE-2021-30319,CVE-2021-39618,CVE-2021-31345,CVE-2021-31346,CVE-2021-39632,CVE-2021-39659,CVE-2021-39630,CVE-2021-39634,CVE-2021-0959,CVE-2021-30285,CVE-2021-30287,CVE-2021-0643,CVE-2021-30307,CVE-2021-30301,CVE-2021-30300,CVE-2021-1049,CVE-2021-40148,CVE-2021-30308,CVE-2020-0338

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to Google advisory Google Android January2022 to address this issue and obtain more information.
    Patches
    Android January 2022
  • CVE-2021-29967+
    Recently Published

    Rocky Linux Security Update for thunderbird (RLSA-2021:2264)

    Severity
    Critical4
    Qualys ID
    960045
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2264
    CVE Reference
    CVE-2021-29967, CVE-2021-29956, CVE-2021-29957
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for thunderbird to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2264 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2264
  • CVE-2021-3570
    Recently Published

    Rocky Linux Security Update for linuxptp (RLSA-2021:2660)

    Severity
    Critical4
    Qualys ID
    960038
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2660
    CVE Reference
    CVE-2021-3570
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for linuxptp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2660 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2660
  • CVE-2021-29986+
    Recently Published

    Rocky Linux Security Update for thunderbird (RLSA-2021:3155)

    Severity
    Critical4
    Qualys ID
    960029
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3155
    CVE Reference
    CVE-2021-29986, CVE-2021-29988, CVE-2021-29989, CVE-2021-29984, CVE-2021-29985, CVE-2021-29980
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for thunderbird to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3155 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3155
  • CVE-2021-3621
    Recently Published

    Rocky Linux Security Update for sssd (RLSA-2021:3151)

    Severity
    Critical4
    Qualys ID
    960027
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3151
    CVE Reference
    CVE-2021-3621
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for sssd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3151 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3151
  • CVE-2021-3518+
    Recently Published

    Rocky Linux Security Update for libxml2 (RLSA-2021:2569)

    Severity
    Critical4
    Qualys ID
    960016
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2569
    CVE Reference
    CVE-2021-3518, CVE-2021-3517, CVE-2021-3537, CVE-2021-3516, CVE-2021-3541
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for libxml2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2569 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2569
  • CVE-2021-29986+
    Recently Published

    Rocky Linux Security Update for firefox (RLSA-2021:3157)

    Severity
    Critical4
    Qualys ID
    960015
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3157
    CVE Reference
    CVE-2021-29986, CVE-2021-29988, CVE-2021-29989, CVE-2021-29984, CVE-2021-29985, CVE-2021-29980
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for firefox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3157 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3157
  • CVE-2021-41159+
    Recently Published

    Rocky Linux Security Update for freerdp (RLSA-2021:4622)

    Severity
    Critical4
    Qualys ID
    960007
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:4622
    CVE Reference
    CVE-2021-41159, CVE-2021-41160
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for freerdp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4622 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4622
  • CVE-2020-24511+
    Recently Published

    Rocky Linux Security Update for microcode_ctl (RLSA-2021:2308)

    Severity
    Critical4
    Qualys ID
    960001
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2308
    CVE Reference
    CVE-2020-24511, CVE-2020-24513, CVE-2020-24489, CVE-2020-24512
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for microcode_ctl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2308 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2308
  • CVE-2020-25097
    Recently Published

    Rocky Linux Security Update for squid:4 (RLSA-2021:1979)

    Severity
    Critical4
    Qualys ID
    960012
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:1979
    CVE Reference
    CVE-2020-25097
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Rocky Linux has released a security update for squid:4 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:1979 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:1979
  • CVE-2021-30465
    Recently Published

    Rocky Linux Security Update for container-tools:3.0 (RLSA-2021:2370)

    Severity
    Critical4
    Qualys ID
    960017
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2370
    CVE Reference
    CVE-2021-30465
    CVSS Scores
    Base 8.5 / Temporal 7.4
    Description
    Rocky Linux has released a security update for container-tools:3.0 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2370 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2370
  • CVE-2019-3881+
    Recently Published

    Rocky Linux Security Update for ruby:2.6 (RLSA-2021:2588)

    Severity
    Critical4
    Qualys ID
    960022
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2588
    CVE Reference
    CVE-2019-3881, CVE-2019-16255, CVE-2020-10933, CVE-2020-10663, CVE-2019-16201, CVE-2021-28965, CVE-2019-15845, CVE-2019-16254, CVE-2020-25613
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Rocky Linux has released a security update for ruby:2.6 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2588 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2588
  • CVE-2021-33516
    Recently Published

    Rocky Linux Security Update for gupnp (RLSA-2021:2363)

    Severity
    Critical4
    Qualys ID
    960021
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2363
    CVE Reference
    CVE-2021-33516
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Rocky Linux has released a security update for gupnp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2363 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2363
  • CVE-2021-37576+
    Recently Published

    Rocky Linux Security Update for kernel (RLSA-2021:3447)

    Severity
    Critical4
    Qualys ID
    960048
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3447
    CVE Reference
    CVE-2021-37576, CVE-2021-38201
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3447 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3447
  • CVE-2021-41133
    Recently Published

    Rocky Linux Security Update for flatpak (RLSA-2021:4042)

    Severity
    Critical4
    Qualys ID
    960040
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:4042
    CVE Reference
    CVE-2021-41133
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for flatpak to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4042 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4042
  • CVE-2020-36385+
    Recently Published

    Rocky Linux Security Update for kernel-rt (RLSA-2021:4088)

    Severity
    Critical4
    Qualys ID
    960019
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:4088
    CVE Reference
    CVE-2020-36385, CVE-2021-0512, CVE-2021-3656
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for kernel-rt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4088 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4088
  • CVE-2021-1529
    Recently Published

    Cisco Internetwork Operating System (IOS) XE SD-WAN Software Command Injection Vulnerability (cisco-sa-sd-wan-rhpbE34A)

    Severity
    Critical4
    Qualys ID
    317127
    Date Published
    January 20, 2022
    Vendor Reference
    cisco-sa-sd-wan-rhpbE34A
    CVE Reference
    CVE-2021-1529
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges.

    Affected Products
    Following Cisco products if they are running a vulnerable release of universal Cisco IOS XE Software in Controller mode or a vulnerable release of
    standalone Cisco IOS XE SD-WAN Software:
    1000 Series Integrated Services Routers (ISRs)
    4000 Series ISRs
    ASR 1000 Series Aggregation Services Routers
    Catalyst 8000 Series Edge Platforms
    Cloud Services Router (CSR) 1000V Series

    QID Detection Logic (Authenticated):
    The authenticated check looks for the installed version of PeopleTools and the corresponding patch.

    Consequence
    A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.
    Solution

    Customers are advised to refer to cisco-sa-sd-wan-rhpbE34A for more information.

    Patches
    cisco-sa-sd-wan-rhpbE34A
  • CVE-2021-25215
    Recently Published

    Rocky Linux Security Update for bind (RLSA-2021:1989)

    Severity
    Critical4
    Qualys ID
    960049
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:1989
    CVE Reference
    CVE-2021-25215
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for bind to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:1989 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:1989
  • CVE-2021-2341+
    Recently Published

    Rocky Linux Security Update for java-11-openjdk (RLSA-2021:2781)

    Severity
    Critical4
    Qualys ID
    960042
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2781
    CVE Reference
    CVE-2021-2341, CVE-2021-2369, CVE-2021-2388
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for java-11-openjdk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2781 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2781
  • CVE-2021-33930+
    Recently Published

    Rocky Linux Security Update for libsolv (RLSA-2021:4060)

    Severity
    Critical4
    Qualys ID
    960041
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:4060
    CVE Reference
    CVE-2021-33930, CVE-2021-33929, CVE-2021-33928, CVE-2021-33938
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for libsolv to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:4060 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:4060
  • CVE-2020-10663
    Recently Published

    Rocky Linux Security Update for pcs (RLSA-2020:2462)

    Severity
    Critical4
    Qualys ID
    960035
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2020:2462
    CVE Reference
    CVE-2020-10663
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for pcs to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2020:2462 for updates and patch information.
    Patches
    RockyLinux RLSA-2020:2462
  • CVE-2021-31957
    Recently Published

    Rocky Linux Security Update for .NET (RLSA-2021:2353)

    Severity
    Critical4
    Qualys ID
    960034
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2353
    CVE Reference
    CVE-2021-31957
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2353 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2353
  • CVE-2021-27218
    Recently Published

    Rocky Linux Security Update for glib2 (RLSA-2021:3058)

    Severity
    Critical4
    Qualys ID
    960031
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3058
    CVE Reference
    CVE-2021-27218
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for glib2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3058 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3058
  • CVE-2021-34485+
    Recently Published

    Rocky Linux Security Update for .NET (RLSA-2021:3148)

    Severity
    Critical4
    Qualys ID
    960028
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3148
    CVE Reference
    CVE-2021-34485, CVE-2021-34532, CVE-2021-26423
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3148 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3148
  • CVE-2021-34485+
    Recently Published

    Rocky Linux Security Update for .NET (RLSA-2021:3142)

    Severity
    Critical4
    Qualys ID
    960025
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3142
    CVE Reference
    CVE-2021-34485, CVE-2021-34532, CVE-2021-26423
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3142 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3142
  • CVE-2020-25648
    Recently Published

    Rocky Linux Security Update for nss and nspr (RLSA-2021:3572)

    Severity
    Critical4
    Qualys ID
    960023
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3572
    CVE Reference
    CVE-2020-25648
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for nss and nspr to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3572 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3572
  • CVE-2021-38201
    Recently Published

    Rocky Linux Security Update for kernel-rt (RLSA-2021:3440)

    Severity
    Critical4
    Qualys ID
    960014
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3440
    CVE Reference
    CVE-2021-38201
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for kernel-rt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3440 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3440
  • CVE-2021-33582
    Recently Published

    Rocky Linux Security Update for cyrus-imapd (RLSA-2021:3492)

    Severity
    Critical4
    Qualys ID
    960013
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3492
    CVE Reference
    CVE-2021-33582
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for cyrus-imapd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3492 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3492
  • CVE-2021-3480
    Recently Published

    Rocky Linux Security Update for idm:DL1 (RLSA-2021:1983)

    Severity
    Critical4
    Qualys ID
    960006
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:1983
    CVE Reference
    CVE-2021-3480
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for idm:DL1 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:1983 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:1983
  • CVE-2021-25122
    Recently Published

    Apache Tomcat h2c request mix-up vulnerability (CVE-2021-25122)

    Severity
    Critical4
    Qualys ID
    150452
    Date Published
    January 20, 2022
    Vendor Reference
    Apache Tomcat v10.0.2, Apache Tomcat v8.5.63, Apache Tomcat v9.0.43
    CVE Reference
    CVE-2021-25122
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation.

    Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when responding to new h2c connection requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to see the request body information from one request to another, and use this information to launch further attacks against the affected system.

    Affected Versions:
    Apache Tomcat 10.0.0-M1 to 10.0.0
    Apache Tomcat 9.0.0.M1 to 9.0.41
    Apache Tomcat 8.5.0 to 8.5.61

    Consequence
    This vulnerability may lead to exposure of sensitive information to an unauthorized actor

    Solution
    Upgrade to the Apache Tomcat 10.0.2, 9.0.43, 8.5.63 versions or to the latest version of Apache Tomcat. Please refer to Apache Tomcat Security Advisory.

    Patches
    Apache Tomcat v10.0.2, Apache Tomcat v8.5.63, Apache Tomcat v9.0.43
  • CVE-2021-25217
    Recently Published

    Rocky Linux Security Update for dhcp (RLSA-2021:2359)

    Severity
    Critical4
    Qualys ID
    960039
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:2359
    CVE Reference
    CVE-2021-25217
    CVSS Scores
    Base 7.4 / Temporal 6.4
    Description
    Rocky Linux has released a security update for dhcp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:2359 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:2359
  • CVE-2021-39226
    Recently Published

    Rocky Linux Security Update for grafana (RLSA-2021:3771)

    Severity
    Critical4
    Qualys ID
    960005
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3771
    CVE Reference
    CVE-2021-39226
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description
    Rocky Linux has released a security update for grafana to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3771 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3771
  • CVE-2020-14794+
    Recently Published

    Rocky Linux Security Update for mysql:8.0 (RLSA-2021:3590)

    Severity
    Critical4
    Qualys ID
    960033
    Date Published
    January 20, 2022
    Vendor Reference
    RLSA-2021:3590
    CVE Reference
    CVE-2020-14794, CVE-2020-14846, CVE-2021-2122, CVE-2021-2217, CVE-2021-2010, CVE-2021-2374, CVE-2021-2424, CVE-2021-2230, CVE-2021-2030, CVE-2021-2178, CVE-2021-2031, CVE-2020-14786, CVE-2020-14891, CVE-2021-2299, CVE-2020-14793, CVE-2020-14836, CVE-2021-2300, CVE-2020-14873, CVE-2021-2385, CVE-2021-2002, CVE-2020-14867, CVE-2021-2356, CVE-2020-14814, CVE-2021-2429, CVE-2021-2172, CVE-2021-2340, CVE-2021-2055, CVE-2020-14785, CVE-2020-14821, CVE-2021-2390, CVE-2021-2196, CVE-2021-2028, CVE-2020-14860, CVE-2020-14839, CVE-2021-2354, CVE-2021-2180, CVE-2021-2352, CVE-2021-2357, CVE-2021-2444, CVE-2021-2232, CVE-2021-2146, CVE-2021-2060, CVE-2021-2370, CVE-2020-14829, CVE-2021-2298, CVE-2021-2171, CVE-2021-2193, CVE-2021-2399, CVE-2020-14773, CVE-2020-14837, CVE-2021-2201, CVE-2021-2367, CVE-2021-2441, CVE-2021-2417, CVE-2020-14844, CVE-2020-14775, CVE-2020-14828, CVE-2020-14790, CVE-2021-2301, CVE-2021-2042, CVE-2020-14672, CVE-2021-2038, CVE-2021-2001, CVE-2020-14845, CVE-2020-14888, CVE-2021-2065, CVE-2020-14848, CVE-2020-14830, CVE-2021-2418, CVE-2020-14893, CVE-2020-14800, CVE-2021-2384, CVE-2021-2048, CVE-2021-2410, CVE-2021-2032, CVE-2021-2169, CVE-2021-2174, CVE-2021-2212, CVE-2021-2387, CVE-2021-2058, CVE-2021-2036, CVE-2021-2046, CVE-2021-2215, CVE-2021-2440, CVE-2021-2226, CVE-2020-14809, CVE-2021-2412, CVE-2021-2021, CVE-2021-2061, CVE-2021-2305, CVE-2021-2402, CVE-2021-2070, CVE-2020-14861, CVE-2021-2426, CVE-2020-14769, CVE-2020-14870, CVE-2021-2024, CVE-2021-2056, CVE-2021-2427, CVE-2020-14777, CVE-2021-2202, CVE-2021-2308, CVE-2021-2342, CVE-2021-2437, CVE-2021-2011, CVE-2021-2304, CVE-2021-2213, CVE-2021-2076, CVE-2021-2422, CVE-2021-2203, CVE-2020-14866, CVE-2021-2339, CVE-2021-2179, CVE-2021-2293, CVE-2020-14791, CVE-2021-2425, CVE-2021-2087, CVE-2021-2208, CVE-2021-2383, CVE-2021-2072, CVE-2021-2088, CVE-2021-2164, CVE-2021-2081, CVE-2020-14852, CVE-2021-2170, CVE-2020-14838, CVE-2021-2278, CVE-2021-2307, CVE-2020-14804, CVE-2020-14868
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    Rocky Linux has released a security update for mysql:8.0 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2021:3590 for updates and patch information.
    Patches
    RockyLinux RLSA-2021:3590
  • CVE-2021-43565
    Recently Published

    OpenSUSE Security Update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container (openSUSE-SU-2022:0040-1)

    Severity
    Critical4
    Qualys ID
    751619
    Date Published
    January 20, 2022
    Vendor Reference
    openSUSE-SU-2022:0040-1
    CVE Reference
    CVE-2021-43565
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    OpenSUSE has released a security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0040-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0040-1
  • CVE-2021-42340
    Recently Published

    Apache Tomcat Denial of Service Vulnerability (CVE-2021-42340)

    Severity
    Critical4
    Qualys ID
    150451
    Date Published
    January 20, 2022
    Vendor Reference
    Apache Tomcat
    CVE Reference
    CVE-2021-42340
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation.

    Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition.

    Versions Affected:
    Apache Tomcat 10.1.0-M1 to 10.1.0-M5
    Apache Tomcat 10.0.0-M10 to 10.0.11
    Apache Tomcat 9.0.40 to 9.0.53
    Apache Tomcat 8.5.60 to 8.5.71

    Consequence
    Successful exploitation of the vulnerability can allow an attacker to trigger a DoS via an OutOfMemoryError.

    Solution
    Upgrade to the Apache Tomcat 10.1.0-M6, 10.0.12, 9.0.54, 8.5.72 versions or to the latest version of Apache Tomcat. Please refer to Apache Tomcat Security Advisory.

    Patches
    CVE-2021-42340, CVE-2021-42340
  • CVE-2021-22931+
    Recently Published

    Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUJAN2022)

    Severity
    Urgent5
    Qualys ID
    376257
    Date Published
    January 19, 2022
    Vendor Reference
    Peoplesoft Enterprise PeopleTools CPUJAN2022
    CVE Reference
    CVE-2021-22931, CVE-2021-2351, CVE-2021-37137, CVE-2021-22946, CVE-2021-3712, CVE-2021-23337, CVE-2022-21345, CVE-2022-21359, CVE-2022-21272, CVE-2022-21369, CVE-2021-37695, CVE-2022-21364, CVE-2021-22939, CVE-2021-22940, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926, CVE-2021-22947, CVE-2020-28500, CVE-2020-8203, CVE-2021-3711, CVE-2021-37136, CVE-2021-32808, CVE-2021-32809
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Oracle's PeopleSoft applications are designed to address the most complex business requirements. PeopleSoft PeopleTools provides a comprehensive development toolset that supports the development and runtime of PeopleSoft applications.

    Affected Versions:
    Oracle PeopleSoft Enterprise PeopleTools 8.57
    Oracle PeopleSoft Enterprise PeopleTools 8.58
    Oracle PeopleSoft Enterprise PeopleTools 8.59

    QID Detection Logic (Authenticated):
    The authenticated check looks for the installed version of PeopleTools and the corresponding patch.

    Consequence
    Successful exploitation of this vulnerability allows remotely exploitation without authentication.
    Solution
    Newer versions are available to download. For more information about this product or to check for new releases, go to the Oracle PeopleSoft Products.
    Patches
    CPUJAN2022
  • CVE-2021-35559+
    Recently Published

    OpenSUSE Security Update for java-1_8_0-ibm (openSUSE-SU-2022:0108-1)

    Severity
    Critical4
    Qualys ID
    751618
    Date Published
    January 19, 2022
    Vendor Reference
    openSUSE-SU-2022:0108-1
    CVE Reference
    CVE-2021-35559, CVE-2021-35556, CVE-2021-2163, CVE-2021-35588, CVE-2021-41035, CVE-2021-2341, CVE-2021-2369, CVE-2021-35560, CVE-2021-35578, CVE-2021-35564, CVE-2021-35586, CVE-2021-35565
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    OpenSUSE has released a security update for java-1_8_0-ibm to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0108-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0108-1
  • CVE-2021-35565+
    Recently Published

    SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:0108-1)

    Severity
    Critical4
    Qualys ID
    751612
    Date Published
    January 19, 2022
    Vendor Reference
    SUSE-SU-2022:0108-1
    CVE Reference
    CVE-2021-35565, CVE-2021-35588, CVE-2021-35578, CVE-2021-2369, CVE-2021-35559, CVE-2021-35560, CVE-2021-35586, CVE-2021-41035, CVE-2021-35556, CVE-2021-35564, CVE-2021-2163, CVE-2021-2341
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for java-1_8_0-ibm to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0108-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0108-1
  • CVE-2021-35565+
    Recently Published

    SUSE Enterprise Linux Security Update for java-1_8_0-ibm (SUSE-SU-2022:0107-1)

    Severity
    Critical4
    Qualys ID
    751608
    Date Published
    January 19, 2022
    Vendor Reference
    SUSE-SU-2022:0107-1
    CVE Reference
    CVE-2021-35565, CVE-2021-35588, CVE-2021-35578, CVE-2021-2369, CVE-2021-35559, CVE-2021-35560, CVE-2021-35586, CVE-2021-41035, CVE-2021-35556, CVE-2021-35564, CVE-2021-2163, CVE-2021-2341
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for java-1_8_0-ibm to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0107-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0107-1
  • CVE-2021-44790+
    Recently Published

    SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2022:0119-1)

    Severity
    Critical4
    Qualys ID
    751606
    Date Published
    January 19, 2022
    Vendor Reference
    SUSE-SU-2022:0119-1
    CVE Reference
    CVE-2021-44790, CVE-2021-44224
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for apache2 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0119-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0119-1
  • CVE-2021-40438
    Recently Published

    Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUJAN2022)

    Severity
    Critical4
    Qualys ID
    376256
    Date Published
    January 19, 2022
    Vendor Reference
    cpujan2022
    CVE Reference
    CVE-2021-40438
    CVSS Scores
    Base 9 / Temporal 7.8
    Description

    Oracle HTTP Server is the Web server component for Oracle Fusion Middleware. It provides a listener for Oracle WebLogic Server and the framework for hosting static pages, dynamic pages, and applications over the Web.

    Affected Versions:
    12.2.1.3.0, 12.2.1.4.0, 12.2.1.5.0

    QID Detection Logic (Authenticated):
    This QID checks the vulnerable version of Oracle HTTP Server from file "inventory.xml" from the Home Directory.

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability of the system

    Solution
    Refer to vendor advisory Oracle HTTP Server JAN 2022
    Patches
    CPUJAN2022
  • CVE-2020-14410+
    Recently Published

    OpenSUSE Security Update for SDL2 (openSUSE-SU-2022:0104-1)

    Severity
    Critical4
    Qualys ID
    751616
    Date Published
    January 19, 2022
    Vendor Reference
    openSUSE-SU-2022:0104-1
    CVE Reference
    CVE-2020-14410, CVE-2020-14409
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    OpenSUSE has released a security update for SDL2 to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0104-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0104-1
  • CVE-2020-14410+
    Recently Published

    SUSE Enterprise Linux Security Update for SDL2 (SUSE-SU-2022:0104-1)

    Severity
    Critical4
    Qualys ID
    751607
    Date Published
    January 19, 2022
    Vendor Reference
    SUSE-SU-2022:0104-1
    CVE Reference
    CVE-2020-14410, CVE-2020-14409
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released a security update for sdl2 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0104-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0104-1
  • CVE-2021-45463
    Recently Published

    CentOS Security Update for gegl (CESA-2022:0162)

    Severity
    Critical4
    Qualys ID
    257145
    Date Published
    January 19, 2022
    Vendor Reference
    CESA-2022:0162
    CVE Reference
    CVE-2021-45463
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CentOS has released a security update for gegl security update to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to CentOS security advisory CESA-2022:0162 for updates and patch information.
    Patches
    centos 7 CESA-2022:0162
  • CVE-2021-45463
    Recently Published

    Red Hat Update for gegl (RHSA-2022:0162)

    Severity
    Critical4
    Qualys ID
    240008
    Date Published
    January 19, 2022
    Vendor Reference
    RHSA-2022:0162
    CVE Reference
    CVE-2021-45463
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    gegl (generic graphics library) is a graph-based image processing framework.

    Security Fix(es):
    • gegl: shell expansion via a crafted pathname (cve-2021-45463)

    Affected Products:

    • Red Hat enterprise linux server 7 x86_64
    • Red Hat enterprise linux workstation 7 x86_64
    • Red Hat enterprise linux desktop 7 x86_64
    • Red Hat enterprise linux for ibm z systems 7 s390x
    • Red Hat enterprise linux for power, big endian 7 ppc64
    • Red Hat enterprise linux for power, little endian 7 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0162 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0162
  • CVE-2021-1076+
    Recently Published

    Debian Security Update for nvidia-graphics-drivers (DLA 2888-1)

    Severity
    Critical4
    Qualys ID
    179010
    Date Published
    January 19, 2022
    Vendor Reference
    DLA 2888-1
    CVE Reference
    CVE-2021-1076, CVE-2021-1095, CVE-2021-1093, CVE-2021-1056, CVE-2021-1094
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Debian has released a security update for nvidia-graphics-drivers to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 2888-1 for updates and patch information.
    Patches
    Debian DLA 2888-1
  • CVE-2022-21653
    Recently Published

    OpenSUSE Security Update for jawn (openSUSE-SU-2022:0106-1)

    Severity
    Critical4
    Qualys ID
    751617
    Date Published
    January 19, 2022
    Vendor Reference
    openSUSE-SU-2022:0106-1
    CVE Reference
    CVE-2022-21653
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    OpenSUSE has released a security update for jawn to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0106-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0106-1
  • CVE-2022-20698
    Recently Published

    Ubuntu Security Notification for ClamAV Vulnerability (USN-5233-1)

    Severity
    Critical4
    Qualys ID
    198636
    Date Published
    January 19, 2022
    Vendor Reference
    USN-5233-1
    CVE Reference
    CVE-2022-20698
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Clamav incorrectly handled memory when thecl_scan_general_collect_metadata scan option was enabled.
    Consequence
    A remote attackercould possibly use this issue to cause clamav to crash, resulting in adenial of service.
    Solution
    Refer to Ubuntu security advisory USN-5233-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5233-1
  • CVE-2021-41819+
    Recently Published

    Ubuntu Security Notification for Ruby Vulnerabilities (USN-5235-1)

    Severity
    Critical4
    Qualys ID
    198635
    Date Published
    January 19, 2022
    Vendor Reference
    USN-5235-1
    CVE Reference
    CVE-2021-41819, CVE-2021-41817, CVE-2021-41816
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ruby incorrectly handled certain html files.
    Ruby incorrectly handled certain regular expressions.
    Ruby incorrectly handled certain cookie names.
    Consequence
    An attacker could possibly use this issue to cause a crash.
    An attacker could possibly use this issue to cause a regular expressiondenial of service.
    An attacker could possibly use this issue to access or exposesensitive information.
    Solution
    Refer to Ubuntu security advisory USN-5235-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5235-1
  • CVE-2022-0175
    Recently Published

    OpenSUSE Security Update for virglrenderer (openSUSE-SU-2022:0111-1)

    Severity
    Critical4
    Qualys ID
    751615
    Date Published
    January 19, 2022
    Vendor Reference
    openSUSE-SU-2022:0111-1
    CVE Reference
    CVE-2022-0175
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    OpenSUSE has released a security update for virglrenderer to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0111-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0111-1
  • CVE-2022-22746+
    Recently Published

    SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:0115-1)

    Severity
    Critical4
    Qualys ID
    751610
    Date Published
    January 19, 2022
    Vendor Reference
    SUSE-SU-2022:0115-1
    CVE Reference
    CVE-2022-22746, CVE-2022-22737, CVE-2022-22739, CVE-2022-22742, CVE-2022-22743, CVE-2022-22747, CVE-2022-22744, CVE-2022-22748, CVE-2022-22738, CVE-2021-4140, CVE-2022-22740, CVE-2022-22745, CVE-2022-22751, CVE-2022-22741
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    SUSE has released a security update for firefox to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0115-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0115-1
  • CVE-2022-0175
    Recently Published

    SUSE Enterprise Linux Security Update for virglrenderer (SUSE-SU-2022:0110-1)

    Severity
    Critical4
    Qualys ID
    751609
    Date Published
    January 19, 2022
    Vendor Reference
    SUSE-SU-2022:0110-1
    CVE Reference
    CVE-2022-0175
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    SUSE has released a security update for virglrenderer to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0110-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0110-1
  • CVE-2022-22737+
    Recently Published

    CentOS Security Update for firefox (CESA-2022:0124)

    Severity
    Critical4
    Qualys ID
    257143
    Date Published
    January 19, 2022
    Vendor Reference
    CESA-2022:0124
    CVE Reference
    CVE-2022-22737, CVE-2022-22739, CVE-2022-22751, CVE-2022-22748, CVE-2022-22743, CVE-2022-22742, CVE-2022-22740, CVE-2021-4140, CVE-2022-22738, CVE-2022-22745, CVE-2022-22741, CVE-2022-22747
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    CentOS has released a security update for firefox security update to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to CentOS security advisory CESA-2022:0124 for updates and patch information.
    Patches
    centos 7 CESA-2022:0124
  • CVE-2022-22737+
    Recently Published

    CentOS Security Update for thunderbird (CESA-2022:0127)

    Severity
    Critical4
    Qualys ID
    257141
    Date Published
    January 19, 2022
    Vendor Reference
    CESA-2022:0127
    CVE Reference
    CVE-2022-22737, CVE-2022-22739, CVE-2022-22751, CVE-2022-22748, CVE-2022-22743, CVE-2022-22742, CVE-2022-22740, CVE-2021-4140, CVE-2022-22738, CVE-2022-22745, CVE-2022-22741, CVE-2022-22747
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    CentOS has released a security update for thunderbird security update to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to CentOS security advisory CESA-2022:0127 for updates and patch information.
    Patches
    centos 7 CESA-2022:0127
  • CVE-2022-22938
    Recently Published

    VMware Workstation and VMware Horizon Client for Windows Denial of Service (DoS) Vulnerability (VMSA-2022-0002)

    Severity
    Critical4
    Qualys ID
    376253
    Date Published
    January 19, 2022
    Vendor Reference
    VMSA-2022-0002
    CVE Reference
    CVE-2022-22938
    CVSS Scores
    Base 3.3 / Temporal 2.9
    Description
    VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems. VMware Horizon is a commercial desktop and app virtualization product developed by VMware.

    VMware Workstation and Horizon Client for Windows contains a denial-of-service vulnerability in the Cortado ThinPrint component.

    Note:
    Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client for Windows.

    Affected Versions
    VMware Workstation Pro 16.x prior to 16.2.2
    VMware Workstation Player 16.x prior to 16.2.2
    VMware Horizon Client for Windows 5.x prior to 5.5.3

    QID Detection Logic (authenticated):
    This QID checks for vulnerable versions of Workstation and Horizon Client for Windows.exe file.

    Consequence
    A malicious actor with access to a virtual machine or remote desktop may exploit this issue to trigger a denial-of-service condition in the Thinprint service running on the host machine where VMware Workstation or Horizon Client for Windows is installed.
    Solution
    VMware has released patch Horizon Client for Windows
    Refer to VMware documents VMware Horizon Client 5.5.3 for more information.

    VMware has released the patch for Workstation Pro.
    Refer to VMware documents VMware Workstation Pro 16.2.2 for more information.

    VMware has released the patch for Workstation Player.
    Refer to VMware documents VMware Workstation Player 16.2.2 for more information.

    Patches
    VMSA-2022-0002
  • CVE-2021-35674+
    Recently Published

    Oracle WebLogic Server Multiple Vulnerabilities (CPUJAN2022)

    Severity
    Urgent5
    Qualys ID
    87478
    Date Published
    January 19, 2022
    Vendor Reference
    CPUJAN2022
    CVE Reference
    CVE-2021-35674, CVE-2021-35679, CVE-2021-35669, CVE-2021-35682, CVE-2021-35680, CVE-2021-29425, CVE-2020-2934, CVE-2021-27568, CVE-2019-10219, CVE-2021-35668, CVE-2019-17195
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Oracle WebLogic Server (formerly known as BEA WebLogic Server) is an application server for building and deploying enterprise applications and services.
    The Oracle WebLogic Server component in Oracle Fusion Middleware for versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0 has fixes for multiple vulnerabilities.

    Affected Versions:
    Oracle WebLogic Server, version(s) 12.1.3.0, 12.2.1.3,12.2.1.4 and 14.1.1.0

    QID Detection Logic (Authenticated):
    Operating System: Linux
    This QID checks to see if Oracle WebLogic Server process is listening on any of the TCP ports. If so, for version 12.x it gets the "Oracle_Home" path, navigates to that directory and reads "registry.xml" and the patch files found in the directory "Oracle_Home"\inventory\patches to check if the installed version is patched.
    QID Detection Logic (Authenticated):
    Operating System: Windows
    For affected 12.x version
    The QID checks the "Oracle_Home" path with help of the registry key "HKLM\Software\Oracle". The QID verifies if the affected WebLogic version is installed on the host and then checks if the corresponding patch is applied or not.

    Patch IDs checked:
    WebLogic Server 14.1.1.0 - Patch 33727619
    WebLogic Server 12.2.1.4 - Patch 33727616
    WebLogic Server 12.2.1.3 - Patch 33699205
    WebLogic Server 12.1.3.0 - Patch 33494824
    QID Detection Logic (Unauthenticated) :
    The qid sends a "GET console/login/LoginForm.jsp" request to retrieve the WebLogic version installed.

    Consequence
    Successful exploitation could allow an attacker to affect the confidentiality, integrity and availability of data on the target system.

    Solution
    The vendor has released patches for these issues. Customers are advised to refer to Oracle CPUJAN2022 for detailed information.

    Patches
    CPUJAN2022
  • CVE-2022-21349+
    Recently Published

    Oracle Database 12.2.0.1 Critical Patch Update - January 2022 (Unauthenticated)

    Severity
    Urgent5
    Qualys ID
    20242
    Date Published
    January 19, 2022
    Vendor Reference
    CPUJAN2022
    CVE Reference
    CVE-2022-21349, CVE-2022-21291, CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21248, CVE-2022-21393, CVE-2022-21247, CVE-2021-45105
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Oracle Database quarterly patches are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule.

    Affected Software:
    Oracle Database 12.2.0.1

    QID Detection Logic (Unauthenticated):
    This QID connects the remote server's Oracle listener and reviews the Oracle banner version.

    Consequence
    Successful exploitation could allow an attacker to compromise the database.

    Solution
    Customers are requested to refer to CPUJan2022 to obtain details about how to deploy the update.

    Patches
    CPUJAN2022
  • CVE-2022-21349+
    Recently Published

    Oracle Database 12.2.0.1 Critical Patch Update - January 2022

    Severity
    Urgent5
    Qualys ID
    20241
    Date Published
    January 19, 2022
    Vendor Reference
    CPUJAN2022
    CVE Reference
    CVE-2022-21349, CVE-2022-21291, CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21248, CVE-2022-21393, CVE-2022-21247, CVE-2021-45105
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Oracle Database quarterly patches are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule.

    Affected Software:
    Oracle Database 12.2.01

    QID Detection Logic (Authenticated):
    Authentication via Oracle Database:
    This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.

    Consequence
    Successful exploitation could allow an attacker to compromise the database.

    Solution
    Customers are requested to refer to CPUJan2022 to obtain details about how to deploy the update.

    Patches
    CPUJAN2022
  • CVE-2022-21247+
    Recently Published

    Oracle Database 19c Critical Patch Update - January 2022

    Severity
    Urgent5
    Qualys ID
    20240
    Date Published
    January 19, 2022
    Vendor Reference
    CPUJAN2022
    CVE Reference
    CVE-2022-21247, CVE-2021-45105, CVE-2022-21393, CVE-2022-21393, CVE-2022-21349, CVE-2022-21291, CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21248
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Oracle Database quarterly patches are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule.

    Affected Software:
    Oracle Database 19c

    QID Detection Logic (Authenticated):
    Authentication via Oracle Database:
    This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.

    Consequence
    Successful exploitation could allow an attacker to compromise the database.

    Solution
    Customers are requested to refer to CPUJan2022 to obtain details about how to deploy the update.

    Patches
    CPUJAN2022
  • CVE-2022-21393+
    Recently Published

    Oracle Database 12.1.0.2 Critical Patch Update - January 2022 (Unauthenticated)

    Severity
    Urgent5
    Qualys ID
    20244
    Date Published
    January 19, 2022
    Vendor Reference
    CPUJAN2022
    CVE Reference
    CVE-2022-21393, CVE-2022-21349, CVE-2022-21291, CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21248
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    Oracle Database quarterly patches are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule.

    Affected Software:
    Oracle Database 12.1.0.2

    QID Detection Logic (Unauthenticated):
    This QID connects the remote server's Oracle listener and reviews the Oracle banner version.

    Consequence
    Successful exploitation could allow an attacker to compromise the database.

    Solution
    Customers are requested to refer to CPUJan2022 to obtain details about how to deploy the update.

    Patches
    CPUJAN2022
  • CVE-2022-21393+
    Recently Published

    Oracle Database 12.1.0.2 Critical Patch Update - January 2022

    Severity
    Urgent5
    Qualys ID
    20243
    Date Published
    January 19, 2022
    Vendor Reference
    CPUJAN2022
    CVE Reference
    CVE-2022-21393, CVE-2022-21349, CVE-2022-21291, CVE-2022-21305, CVE-2022-21360, CVE-2022-21365, CVE-2022-21282, CVE-2022-21296, CVE-2022-21299, CVE-2022-21271, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21248
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    Oracle Database quarterly patches are proactive cumulative patches containing recommended bug fixes that are released on a regular schedule.

    Affected Software:
    Oracle Database 12.1.0.2

    QID Detection Logic (Authenticated):
    Authentication via Oracle Database:
    This QID reviews the Oracle output from the table name DBA_REGISTRY_SQLPATCH for patch information.

    Consequence
    Successful exploitation could allow an attacker to compromise the database.

    Solution
    Customers are requested to refer to CPUJan2022 to obtain details about how to deploy the update.

    Patches
    CPUJAN2022
  • CVE-2021-44757
    In Development

    Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44757)

    Severity
    Critical4
    Qualys ID
    730334
    Vendor Reference
    ManageEngine Desktop Central Advisory
    CVE Reference
    CVE-2021-44757
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Zoho ManageEngine Desktop Central is an integrated desktop and mobile device management software that helps in managing the servers, laptops, desktops, smart phones and tablets from a central point.

    An authentication bypass vulnerability in ManageEngine Desktop Central that could result read unauthorized data or write an arbitrary zip file on the server.

    Affected Versions:
    For Enterprise:
    Builds prior to 10.1.2137.9

    For MSP:
    Builds prior to 10.1.2137.9

    QID Detection Logic:(Unauthenticated)
    This QID sends a GET request to /configurations.do to retrieve the build number of the Desktop Central on the remote target.

    Consequence
    If exploited, this vulnerability may allow an attacker to read unauthorized data or write an arbitrary zip file on the server.
    Solution
    Customers are advised to refer to ManageEngine Desktop Central for information pertaining to this vulnerability.
    Patches
    ManageEngine Desktop Central Advisory
  • CVE-2022-21664
    Recently Published

    WordPress SQL Injection Vulnerability: Security Update 5.8.3 (CVE-2022-21664)

    Severity
    Critical4
    Qualys ID
    150455
    Date Published
    January 19, 2022
    Vendor Reference
    WordPress Security Release
    CVE Reference
    CVE-2022-21664
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.

    On affected versions of WordPress Core, due to lack of proper sanitization in "WP_Meta_Query" class, a potential blind SQL Injection vulnerability exists.

    Affected Versions:
    WordPress versions from 4.1 to 5.8.2

    QID Detection Logic:
    This QID sends a HTTP GET request and checks for vulnerable version of WordPress running on the target application.

    Consequence
    Successful exploitation of this vulnerability could allow an remote attacker to execute arbitrary SQL queries on the target system.
    Solution
    Customers are advised to upgrade to the WordPress version 5.8.3 or later to remediate these vulnerabilities. For more information please visit WordPress Blog
    Patches
    WordPress 5.8.3
  • CVE-2022-21661+
    Recently Published

    WordPress Multiple Vulnerabilities : Security Update 5.8.3 (CVE-2022-21661,CVE-2022-21662,CVE-2022-21663)

    Severity
    Critical4
    Qualys ID
    150448
    Date Published
    January 19, 2022
    Vendor Reference
    WordPress Security Release
    CVE Reference
    CVE-2022-21661, CVE-2022-21662, CVE-2022-21663
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.

    Affected versions of WordPress Core have multiple vulnerabilities such as SQL Injection (CVE-2022-21661), Cross Site Scripting (XSS) (CVE-2022-21662) and Object Injection (CVE-2022-21663).

    Affected Versions:
    WordPress versions prior to 5.8.3

    QID Detection Logic:
    This QID sends a HTTP GET request and checks for vulnerable version of WordPress running on the target application.

    Consequence
    Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary SQL queries, JavaScript code or perform Object Injection to bypass explicit hardening on the target application.
    Solution
    Customers are advised to upgrade to the WordPress version 5.8.3 or later to remediate these vulnerabilities. For more information please visit WordPress Blog
    Patches
    WordPress 5.8.3
  • CVE-2021-40367+
    In Development

    Siemens Healthineers syngo fastView Multiple Vulnerabilities (ICSA-21-350-16)

    Severity
    Critical4
    Qualys ID
    590661
    Vendor Reference
    ICSA-21-350-16
    CVE Reference
    CVE-2021-40367, CVE-2021-42028
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description

    AFFECTED PRODUCTS
    The following versions of syngo fastView, a software for digital imaging and communications, are affected:
    Syngo fastView: All versions

    QID Detection Logic (Authenticated):
    QID checks for the Vulnerable version of Siemens using registry "HKLM\SOFTWARE\Siemens"

    Consequence
    Successful exploitation of these vulnerabilities could lead to a crash of the application or arbitrary code execution.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-21-350-16 for affected packages and patching details.

    Patches
    ICSA-21-350-16
  • CVE-2022-20698
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for clamav (2a6106c6-73e5-11ec-8fa2-0800270512f4)

    Severity
    Urgent5
    Qualys ID
    690771
    Date Published
    January 19, 2022
    Vendor Reference
    2a6106c6-73e5-11ec-8fa2-0800270512f4
    CVE Reference
    CVE-2022-20698
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    FreeBSD has released a security update for clamav to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory 2a6106c6-73e5-11ec-8fa2-0800270512f4 for updates and patch information.
    Patches
    "FreeBSD" 2a6106c6-73e5-11ec-8fa2-0800270512f4
  • CVE-2022-0154+
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for gitlab (43f84437-73ab-11ec-a587-001b217b3468)

    Severity
    Urgent5
    Qualys ID
    690770
    Date Published
    January 19, 2022
    Vendor Reference
    43f84437-73ab-11ec-a587-001b217b3468
    CVE Reference
    CVE-2022-0154, CVE-2021-39946, CVE-2021-39942, CVE-2022-0152, CVE-2022-0124, CVE-2022-0090, CVE-2022-0172, CVE-2022-0093, CVE-2022-0151, CVE-2021-39927, CVE-2022-0125
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    FreeBSD has released a security update for gitlab to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory 43f84437-73ab-11ec-a587-001b217b3468 for updates and patch information.
    Patches
    "FreeBSD" 43f84437-73ab-11ec-a587-001b217b3468
  • CVE-2021-44228
    Recently Published

    Ping Identity PingAccess Affected By Apache Log4j Vulnerability (Log4Shell)

    Severity
    Urgent5
    Qualys ID
    376246
    Date Published
    January 19, 2022
    Vendor Reference
    Ping Identity Security Advisory
    CVE Reference
    CVE-2021-44228
    CVSS Scores
    Base 10 / Temporal 9
    Description
    PingAccess is a centralized access security solution with a comprehensive policy engine. It provides secure access to applications and APIs down to the URL level, and ensures that only authorized users access the resources they need.

    Affected Versions:
    All versions of PingAccess prior to version 7.0.1 are potentially vulnerable to Log4Shell vulnerability

    QID Detection Logic (Authenticated):
    This QID checks for vulnerable versions of PingAccess by checking the version from Windows registry.

    Consequence
    Successful exploitation of the vulnerability may allow remote code execution and complete system compromise.

    Solution
    Customers are advised to update to PingAccess version 7.0.1 or later. For more info please refer to Ping Identity Security Advisory

    Workaround:
    Download the zip file attached to the advisory: "pingaccess-log4j2-2.12.3-update.zip".
    Unzip this package and follow the instructions in the included README.txt to apply this update to your PingAccess systems.
    A service restart is required after applying this update.

    Patches
    NA
  • CVE-2021-31589
    Recently Published

    BeyondTrust Secure Remote Access Base Software Cross-Site Scripting (XSS) Vulnerability

    Severity
    Urgent5
    Qualys ID
    730326
    Date Published
    January 19, 2022
    CVE Reference
    CVE-2021-31589
    CVSS Scores
    Base 9.6 / Temporal 8.6
    Description
    BeyondTrust Secure Remote Access Base Software has across-site scripting (XSS) vulnerability. Versions through 6.0.1 allow unauthenticated remote attackers to inject arbitrary web script or HTML. The Remote attackers could achieve full admin access to the appliance, by tricking the administrator into creating a new admin account through an XSS/CSRF attack involving a crafted request to the /appliance/users?action=edit endpoint.

    Affected Versions:
    BeyondTrust Secure Remote Access Base Software prior to 6.0.1

    Consequence
    A remote attacker could exploit this vulnerability to execute arbitrary code on the system.

    Solution
    A fix has been released by the vendor in version 6.1. It's recommended to update the vulnerable appliance base version to the latest version.

    Patches
    N/A
  • CVE-2019-9800+
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla Multiple Vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)

    Severity
    Critical4
    Qualys ID
    371854
    Date Published
    January 19, 2022
    Vendor Reference
    44b6dfbf-4ef7-4d52-ad52-2b1b05d81272
    CVE Reference
    CVE-2019-9800, CVE-2019-11698, CVE-2019-9815, CVE-2019-9814, CVE-2019-11691, CVE-2019-11693, CVE-2019-11695, CVE-2019-11700, CVE-2019-11696, CVE-2019-9818, CVE-2019-11694, CVE-2019-11697, CVE-2019-9819, CVE-2019-9820, CVE-2019-11699, CVE-2019-11692, CVE-2019-9817, CVE-2019-9816, CVE-2019-9821, CVE-2019-11701, CVE-2019-7317
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.

    FreeBSD has released a security update.
    Affected versions:
    firefox prior to 67.0,1
    waterfox prior to 56.2.10
    linux-seamonkey prior to 2.49.5
    seamonkey prior to 2.49.5
    firefox-esr prior to 60.7.0,1
    linux-firefox prior to 60.7.0,2
    libxul prior to 60.7.0
    linux-thunderbird prior to 60.7.0
    thunderbird prior to 60.7.0

    QID Detection Logic:(Authenticated)
    It checks for versions of the packages to check for the vulnerable packages.

    Consequence
    Successful exploitation of this vulnerability allows disruption of service.
    Solution
    Please refer to FreeBSD security advisory 44b6dfbf-4ef7-4d52-ad52-2b1b05d81272 to address this issue and obtain further details.
    Patches
    44b6dfbf-4ef7-4d52-ad52-2b1b05d81272
  • CVE-2020-12693+
    Recently Published

    Debian Security Update for slurm-llnl (DLA 2886-1)

    Severity
    Urgent5
    Qualys ID
    179008
    Date Published
    January 18, 2022
    Vendor Reference
    DLA 2886-1
    CVE Reference
    CVE-2020-12693, CVE-2021-31215, CVE-2019-12838, CVE-2020-27745
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released a security update for slurm-llnl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 2886-1 for updates and patch information.
    Patches
    Debian DLA 2886-1
  • CVE-2021-44790+
    Recently Published

    OpenSUSE Security Update for apache2 (openSUSE-SU-2022:0091-1)

    Severity
    Critical4
    Qualys ID
    751604
    Date Published
    January 18, 2022
    Vendor Reference
    openSUSE-SU-2022:0091-1
    CVE Reference
    CVE-2021-44790, CVE-2021-44224
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    OpenSUSE has released a security update for apache2 to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0091-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0091-1
  • CVE-2021-26691+
    Recently Published

    Red Hat Update for httpd (RHSA-2022:0143)

    Severity
    Critical4
    Qualys ID
    240007
    Date Published
    January 18, 2022
    Vendor Reference
    RHSA-2022:0143
    CVE Reference
    CVE-2021-26691, CVE-2021-34798, CVE-2021-39275, CVE-2021-44790
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    the httpd packages provide the apache http server, a powerful, efficient, and extensible web server.

    Security Fix(es):
    • httpd: mod_lua: possible buffer overflow when parsing multipart content (cve-2021-44790)
    • httpd: mod_session: heap overflow via a crafted sessionheader value (cve-2021-26691)
    • httpd: null pointer dereference via malformed requests (cve-2021-34798)
    • httpd: out-of-bounds write in ap_escape_quotes() via malicious input (cve-2021-39275)

    Affected Products:

    • Red Hat enterprise linux server 7 x86_64
    • Red Hat enterprise linux workstation 7 x86_64
    • Red Hat enterprise linux desktop 7 x86_64
    • Red Hat enterprise linux for ibm z systems 7 s390x
    • Red Hat enterprise linux for power, big endian 7 ppc64
    • Red Hat enterprise linux for scientific computing 7 x86_64
    • Red Hat enterprise linux for power, little endian 7 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0143 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0143
  • CVE-2021-43860+
    Recently Published

    Fedora Security Update for flatpak (FEDORA-2022-825ca6bf2b)

    Severity
    Critical4
    Qualys ID
    282251
    Date Published
    January 18, 2022
    Vendor Reference
    FEDORA-2022-825ca6bf2b
    CVE Reference
    CVE-2021-43860, CVE-2022-21682
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description
    Fedora has released a security update for flatpak to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-825ca6bf2b
  • CVE-2022-21664
    Recently Published

    WordPress Prior to 4.1.34 and 5.8.3 SQL Injection Vulnerability

    Severity
    Critical4
    Qualys ID
    730333
    Date Published
    January 18, 2022
    Vendor Reference
    WordPress 5.8.3
    CVE Reference
    CVE-2022-21664
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    WordPress is software designed for everyone, emphasizing accessibility, performance, security, and ease of use.

    CVE-2022-21664: Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed.

    Affected Versions:
    WordPress versions from 4.1.x prior to 4.1.34
    WordPress versions from 5.0.0 prior to 5.8.3

    QID Detection Logic:
    The QID checks for the version via the meta generator tag.

    Consequence
    Successful exploitation of this vulnerability may allow an unauthenticated remote attacker to execute arbitrary SQL queries on the target system.
    Solution
    Customers are advised to upgrade to the fixed versions 5.8.3 to remediate these vulnerabilities:
    For more Information Please visit WordPress site
    Patches
    WordPress 5.8.3
  • CVE-2021-37971+
    Recently Published

    Debian Security Update for chromium (DSA 5046-1)

    Severity
    Urgent5
    Qualys ID
    179000
    Date Published
    January 18, 2022
    Vendor Reference
    DSA 5046-1
    CVE Reference
    CVE-2021-37971, CVE-2021-38009, CVE-2021-38011, CVE-2021-37982, CVE-2021-4079, CVE-2021-37986, CVE-2021-4055, CVE-2021-37987, CVE-2021-38001, CVE-2021-38010, CVE-2022-0108, CVE-2021-37972, CVE-2021-37976, CVE-2021-38012, CVE-2022-0103, CVE-2021-4068, CVE-2021-37983, CVE-2022-0111, CVE-2021-4052, CVE-2021-4057, CVE-2021-4059, CVE-2021-38018, CVE-2022-0115, CVE-2022-0110, CVE-2022-0098, CVE-2021-38017, CVE-2021-37966, CVE-2021-37977, CVE-2021-38007, CVE-2021-37995, CVE-2021-4102, CVE-2021-38013, CVE-2022-0101, CVE-2021-4098, CVE-2021-4053, CVE-2021-38021, CVE-2021-37994, CVE-2021-37959, CVE-2021-37956, CVE-2021-37975, CVE-2021-4062, CVE-2021-37963, CVE-2021-4100, CVE-2021-37961, CVE-2022-0117, CVE-2021-37965, CVE-2021-38014, CVE-2021-37989, CVE-2022-0097, CVE-2022-0104, CVE-2021-38016, CVE-2021-37991, CVE-2021-4058, CVE-2021-4054, CVE-2021-37973, CVE-2021-37985, CVE-2021-37967, CVE-2021-4061, CVE-2021-4066, CVE-2022-0116, CVE-2021-37998, CVE-2021-38015, CVE-2022-0102, CVE-2021-37979, CVE-2021-37990, CVE-2022-0105, CVE-2021-37968, CVE-2022-0118, CVE-2022-0114, CVE-2021-38002, CVE-2021-4056, CVE-2022-0113, CVE-2022-0096, CVE-2021-4067, CVE-2021-37997, CVE-2022-0107, CVE-2021-37992, CVE-2021-38022, CVE-2021-37962, CVE-2021-4063, CVE-2021-37970, CVE-2021-37999, CVE-2021-4065, CVE-2021-37974, CVE-2021-38003, CVE-2021-4078, CVE-2021-38006, CVE-2021-38019, CVE-2022-0112, CVE-2021-38000, CVE-2021-38004, CVE-2021-37957, CVE-2021-37981, CVE-2021-37993, CVE-2021-37980, CVE-2021-37988, CVE-2021-4099, CVE-2021-37964, CVE-2022-0099, CVE-2021-37996, CVE-2021-4064, CVE-2022-0106, CVE-2021-38008, CVE-2021-4101, CVE-2021-37978, CVE-2022-0109, CVE-2022-0120, CVE-2021-37958, CVE-2021-37969, CVE-2021-38020, CVE-2021-37984, CVE-2021-38005, CVE-2022-0100
    CVSS Scores
    Base 9.6 / Temporal 8.3
    Description
    Debian has released a security update for chromium to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5046-1 for updates and patch information.
    Patches
    Debian DSA 5046-1
  • CVE-2022-22739+
    Recently Published

    AlmaLinux Security Update for firefox (ALSA-2022:0130)

    Severity
    Urgent5
    Qualys ID
    940430
    Date Published
    January 18, 2022
    Vendor Reference
    ALSA-2022:0130
    CVE Reference
    CVE-2022-22739, CVE-2022-22742, CVE-2022-22743, CVE-2022-22747, CVE-2022-22748, CVE-2022-22738, CVE-2022-22745, CVE-2022-22740, CVE-2022-22737, CVE-2022-22751, CVE-2022-22741, CVE-2021-4140
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    AlmaLinux has released a security update for firefox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2022-0130 for updates and patch information.
    Patches
    AlmaLinux ALSA-2022:0130
  • CVE-2022-22739+
    Recently Published

    AlmaLinux Security Update for thunderbird (ALSA-2022:0129)

    Severity
    Urgent5
    Qualys ID
    940429
    Date Published
    January 18, 2022
    Vendor Reference
    ALSA-2022:0129
    CVE Reference
    CVE-2022-22739, CVE-2022-22742, CVE-2022-22743, CVE-2022-22747, CVE-2022-22748, CVE-2022-22738, CVE-2022-22745, CVE-2022-22740, CVE-2022-22737, CVE-2022-22751, CVE-2022-22741, CVE-2021-4140
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    AlmaLinux has released a security update for thunderbird to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2022-0129 for updates and patch information.
    Patches
    AlmaLinux ALSA-2022:0129
  • CVE-2021-44228+
    Recently Published

    VMware Tanzu GemFire Log4j Remote Code Execution (RCE) Vulnerability (VMSA-2021-0028) (Log4Shell)

    Severity
    Urgent5
    Qualys ID
    376245
    Date Published
    January 18, 2022
    Vendor Reference
    VMSA-2021-0028
    CVE Reference
    CVE-2021-44228, CVE-2021-45046
    CVSS Scores
    Base 10 / Temporal 9
    Description
    VMware GemFire is a distributed data management platform. Pivotal GemFire is designed for many diverse data management situations, but is especially useful for high-volume, latency-sensitive, mission-critical, transactional systems.

    VMware GemFire when deployed without a SecurityManager, contain a JMX service available which contains an insecure default configuration.

    Affected Versions
    VMware GemFire versions prior to 9.10.13
    VMware GemFire versions prior to 9.9.7

    QID Detection Logic
    This QID checks for the vulnerable version of VMware GemFire on system

    Consequence
    A malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system.
    Solution
    User are advised to upgrade to following versions v9.10.13, v9.9.7Workaround:

    Refer to Workaround instructions for GemFire for more information.

    Patches
    VMSA-2021-0028
  • CVE-2022-21661+
    Recently Published

    WordPress Prior to 3.7.37 and 5.8.3 Multiple Security Vulnerabilities

    Severity
    Critical4
    Qualys ID
    730330
    Date Published
    January 18, 2022
    Vendor Reference
    WordPress 5.8.3
    CVE Reference
    CVE-2022-21661, CVE-2022-21662, CVE-2022-21663
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    WordPress is software designed for everyone, emphasizing accessibility, performance, security, and ease of use.

    Affected Versions:
    WordPress versions from 3.7.x prior to 3.7.37
    WordPress versions from 5.0.0 prior to 5.8.3

    QID Detection Logic:
    The QID checks for the version via the meta generator tag.

    Consequence
    Successful exploitation of these vulnerabilities may affect Confidentiality, Integrity and Availability.
    Solution
    Customers are advised to upgrade to the fixed versions 5.8.3 to remediate these vulnerabilities:
    For more Information Please visit WordPress site
    Patches
    WordPress 5.8.3
  • CVE-2020-8169+
    Recently Published

    McAfee Web Gateway Product Multiple Vulnerabilities (WP-2326,WP-3443)

    Severity
    Urgent5
    Qualys ID
    12304
    Date Published
    January 18, 2022
    Vendor Reference
    McAfee Web Gateway, WP-2326
    CVE Reference
    CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8234, CVE-2020-8285, CVE-2020-8286, CVE-2020-0548, CVE-2020-0549
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    McAfee Web Gateway Anti-Malware Engine, part of McAfee Web Protection, is a powerful in-line technology designed to protect against contemporary threats delivered via HTTP and HTTPS channels, taking web exploit detection, zero-day, and targeted threat prevention to the next level.

    Affected Versions:
    McAfee Web Gateway Web Gateway 9.2.x to 9.2.1
    McAfee Web Gateway Web Gateway 8.2.x to 8.2.17

    QID Detection Logic(Unauthenticated):
    This QID retrieves McAfee Web Gateway version and checks to see if it's vulnerable.

    Consequence
    An unauthenticated attacker could exploit this vulnerability to execute arbitrary code on the system.

    Solution
    Please refer to McAfee Security Bulletin WP-2326Mcafee Web Gateway for more details.
    Patches
    web-gateway-8.2.x, web-gateway-9.2.x
  • CVE-2022-0217
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for prosody xmpp server advisory 2022-01-13 (e3ec8b30-757b-11ec-922f-654747404482)

    Severity
    Urgent5
    Qualys ID
    690773
    Date Published
    January 17, 2022
    Vendor Reference
    e3ec8b30-757b-11ec-922f-654747404482
    CVE Reference
    CVE-2022-0217
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    FreeBSD has released a security update for prosody xmpp server advisory 2022-01-13 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory e3ec8b30-757b-11ec-922f-654747404482 for updates and patch information.
    Patches
    "FreeBSD" e3ec8b30-757b-11ec-922f-654747404482
  • CVE-2022-22737+
    Recently Published

    Debian Security Update for firefox-esr (DLA 2880-1)

    Severity
    Urgent5
    Qualys ID
    179006
    Date Published
    January 17, 2022
    Vendor Reference
    DLA 2880-1
    CVE Reference
    CVE-2022-22737, CVE-2021-4140, CVE-2022-22748, CVE-2022-22740, CVE-2022-22745, CVE-2022-22739, CVE-2022-22747, CVE-2022-22738, CVE-2022-22751, CVE-2022-22743, CVE-2022-22742, CVE-2022-22741
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Debian has released a security update for firefox-esr to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 2880-1 for updates and patch information.
    Patches
    Debian DLA 2880-1
  • CVE-2022-22737+
    Recently Published

    Debian Security Update for thunderbird (DLA 2881-1)

    Severity
    Urgent5
    Qualys ID
    179005
    Date Published
    January 17, 2022
    Vendor Reference
    DLA 2881-1
    CVE Reference
    CVE-2022-22737, CVE-2021-4140, CVE-2022-22748, CVE-2022-22740, CVE-2022-22745, CVE-2022-22739, CVE-2022-22747, CVE-2022-22738, CVE-2022-22751, CVE-2022-22743, CVE-2022-22742, CVE-2022-22741
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Debian has released a security update for thunderbird to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 2881-1 for updates and patch information.
    Patches
    Debian DLA 2881-1
  • CVE-2020-29050
    Recently Published

    Debian Security Update for sphinxsearch (DLA 2882-1)

    Severity
    Critical4
    Qualys ID
    179007
    Date Published
    January 17, 2022
    Vendor Reference
    DLA 2882-1
    CVE Reference
    CVE-2020-29050
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for sphinxsearch to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 2882-1 for updates and patch information.
    Patches
    Debian DLA 2882-1
  • CVE-2022-0217
    Recently Published

    Debian Security Update for prosody (DSA 5047-1)

    Severity
    Urgent5
    Qualys ID
    179004
    Date Published
    January 17, 2022
    Vendor Reference
    DSA 5047-1
    CVE Reference
    CVE-2022-0217
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Debian has released a security update for prosody to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5047-1 for updates and patch information.
    Patches
    Debian DSA 5047-1
  • CVE-2022-23094
    Recently Published

    Debian Security Update for libreswan (DSA 5048-1)

    Severity
    Urgent5
    Qualys ID
    179003
    Date Published
    January 17, 2022
    Vendor Reference
    DSA 5048-1
    CVE Reference
    CVE-2022-23094
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Debian has released a security update for libreswan to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5048-1 for updates and patch information.
    Patches
    Debian DSA 5048-1
  • CVE-2022-22824
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7131)

    Severity
    Urgent5
    Qualys ID
    900512
    Date Published
    January 17, 2022
    Vendor Reference
    7131
    CVE Reference
    CVE-2022-22824
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7131
  • CVE-2022-22823
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7130)

    Severity
    Urgent5
    Qualys ID
    900511
    Date Published
    January 17, 2022
    Vendor Reference
    7130
    CVE Reference
    CVE-2022-22823
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7130
  • CVE-2022-22822
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7129)

    Severity
    Urgent5
    Qualys ID
    900510
    Date Published
    January 17, 2022
    Vendor Reference
    7129
    CVE Reference
    CVE-2022-22822
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7129
  • Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for wordpress (79b65dc5-749f-11ec-8be6-d4c9ef517024)

    Severity
    Urgent5
    Qualys ID
    690772
    Date Published
    January 17, 2022
    Vendor Reference
    79b65dc5-749f-11ec-8be6-d4c9ef517024
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    FreeBSD has released a security update for wordpress to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory 79b65dc5-749f-11ec-8be6-d4c9ef517024 for updates and patch information.
    Patches
    "FreeBSD" 79b65dc5-749f-11ec-8be6-d4c9ef517024
  • CVE-2022-22739+
    Recently Published

    Debian Security Update for thunderbird (DSA 5045-1)

    Severity
    Urgent5
    Qualys ID
    179001
    Date Published
    January 17, 2022
    Vendor Reference
    DSA 5045-1
    CVE Reference
    CVE-2022-22739, CVE-2022-22742, CVE-2022-22743, CVE-2022-22747, CVE-2022-22748, CVE-2022-22738, CVE-2022-22745, CVE-2022-22740, CVE-2022-22737, CVE-2022-22751, CVE-2022-22741, CVE-2021-4140
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Debian has released a security update for thunderbird to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5045-1 for updates and patch information.
    Patches
    Debian DSA 5045-1
  • CVE-2022-22827
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7134)

    Severity
    Critical4
    Qualys ID
    900515
    Date Published
    January 17, 2022
    Vendor Reference
    7134
    CVE Reference
    CVE-2022-22827
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7134
  • CVE-2022-22826
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7133)

    Severity
    Critical4
    Qualys ID
    900514
    Date Published
    January 17, 2022
    Vendor Reference
    7133
    CVE Reference
    CVE-2022-22826
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7133
  • CVE-2022-22825
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7132)

    Severity
    Critical4
    Qualys ID
    900513
    Date Published
    January 17, 2022
    Vendor Reference
    7132
    CVE Reference
    CVE-2022-22825
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7132
  • CVE-2021-46143
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7128)

    Severity
    Critical4
    Qualys ID
    900516
    Date Published
    January 17, 2022
    Vendor Reference
    7128
    CVE Reference
    CVE-2021-46143
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7128
  • CVE-2020-27820+
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0080-1)

    Severity
    Critical4
    Qualys ID
    751602
    Date Published
    January 17, 2022
    Vendor Reference
    SUSE-SU-2022:0080-1
    CVE Reference
    CVE-2020-27820, CVE-2018-25020, CVE-2021-4083, CVE-2021-28712, CVE-2021-45486, CVE-2021-4002, CVE-2021-28711, CVE-2021-0920, CVE-2021-43975, CVE-2021-33098, CVE-2021-4149, CVE-2021-43976, CVE-2021-28714, CVE-2021-28713, CVE-2021-45485, CVE-2021-28715, CVE-2021-0935, CVE-2019-15126
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    SUSE has released a security update for kernel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0080-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0080-1
  • CVE-2021-3997
    Recently Published

    Fedora Security Update for systemd (FEDORA-2022-f38f479b8f)

    Severity
    Critical4
    Qualys ID
    282242
    Date Published
    January 17, 2022
    Vendor Reference
    FEDORA-2022-f38f479b8f
    CVE Reference
    CVE-2021-3997
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Fedora has released a security update for systemd to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-f38f479b8f
  • CVE-2022-22816+
    Recently Published

    Ubuntu Security Notification for Pillow Vulnerabilities (USN-5227-1)

    Severity
    Urgent5
    Qualys ID
    198632
    Date Published
    January 17, 2022
    Vendor Reference
    USN-5227-1
    CVE Reference
    CVE-2022-22816, CVE-2022-22815, CVE-2022-22817, CVE-2021-34552, CVE-2021-23437
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Pillow incorrectly handled certain image files.
    Pillow incorrectly handled certain image files.
    Pillow incorrectly handled certain image files.
    Pillow incorrectly handled certain image files.
    Pillow incorrectly handled certain image files.
    Consequence
    If auser or automated system were tricked into opening a specially-craftedfile, a remote attacker could cause pillow to hang, resulting in a denialof service.
    If auser or automated system were tricked into opening a specially-craftedfile, a remote attacker could cause pillow to crash, resulting in a denialof service.
    If auser or automated system were tricked into opening a specially-craftedfile, a remote attacker could cause pillow to crash, resulting in a denialof service, or possibly execute arbitrary code.
    If auser or automated system were tricked into opening a specially-craftedfile, a remote attacker could cause pillow to crash, resulting in a denialof service.
    If auser or automated system were tricked into opening a specially-craftedfile, a remote attacker could cause pillow to crash, resulting in a denialof service, or possibly execute arbitrary code.
    Solution
    Refer to Ubuntu security advisory USN-5227-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5227-1
  • Recently Published

    Fedora Security Update for firefox (FEDORA-2022-86b0833619)

    Severity
    Urgent5
    Qualys ID
    282233
    Date Published
    January 17, 2022
    Vendor Reference
    FEDORA-2022-86b0833619
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Fedora has released a security update for firefox to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-86b0833619
  • CVE-2022-22745+
    Recently Published

    Debian Security Update for firefox-esr (DSA 5044-1)

    Severity
    Urgent5
    Qualys ID
    178999
    Date Published
    January 17, 2022
    Vendor Reference
    DSA 5044-1
    CVE Reference
    CVE-2022-22745, CVE-2022-22741, CVE-2022-22739, CVE-2021-4140, CVE-2022-22738, CVE-2022-22743, CVE-2022-22748, CVE-2022-22742, CVE-2022-22740, CVE-2022-22737, CVE-2022-22747, CVE-2022-22751
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Debian has released a security update for firefox-esr to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5044-1 for updates and patch information.
    Patches
    Debian DSA 5044-1
  • CVE-2021-38493
    Recently Published

    Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5146-1)

    Severity
    Critical4
    Qualys ID
    198634
    Date Published
    January 17, 2022
    Vendor Reference
    USN-5146-1
    CVE Reference
    CVE-2021-38493
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Ubuntu has released a security update for thunderbird to fix the vulnerabilities.
    Consequence
    Multiple security issues were discovered in thunderbird.
    If a user weretricked into opening a specially crafted website in a browsing context, anattacker could potentially exploit these to cause a denial of service, orexecute arbitrary code.
    Solution
    Refer to Ubuntu security advisory USN-5146-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5146-1
  • CVE-2022-0128
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (7117)

    Severity
    Critical4
    Qualys ID
    900506
    Date Published
    January 17, 2022
    Vendor Reference
    7117
    CVE Reference
    CVE-2022-0128
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7117
  • CVE-2021-43976+
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0068-1)

    Severity
    Critical4
    Qualys ID
    751600
    Date Published
    January 17, 2022
    Vendor Reference
    SUSE-SU-2022:0068-1
    CVE Reference
    CVE-2021-43976, CVE-2021-0935, CVE-2021-45485, CVE-2019-15126, CVE-2021-28711, CVE-2021-0920, CVE-2020-27820, CVE-2018-25020, CVE-2021-4002, CVE-2021-28713, CVE-2021-28712, CVE-2021-43975, CVE-2021-28714, CVE-2021-45486, CVE-2021-33098, CVE-2021-28715
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    SUSE has released a security update for kernel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0068-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0068-1
  • CVE-2021-41819
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ruby (7116)

    Severity
    Critical4
    Qualys ID
    900509
    Date Published
    January 17, 2022
    Vendor Reference
    7116
    CVE Reference
    CVE-2021-41819
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ruby to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7116
  • CVE-2021-44716
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (7115)

    Severity
    Critical4
    Qualys ID
    900508
    Date Published
    January 17, 2022
    Vendor Reference
    7115
    CVE Reference
    CVE-2021-44716
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7115
  • CVE-2021-45960
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7114)

    Severity
    Critical4
    Qualys ID
    900507
    Date Published
    January 17, 2022
    Vendor Reference
    7114
    CVE Reference
    CVE-2021-45960
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7114
  • CVE-2021-4104
    Recently Published

    Ubuntu Security Notification for Apache Log4j 1.2 Vulnerability (USN-5223-1)

    Severity
    Critical4
    Qualys ID
    198633
    Date Published
    January 17, 2022
    Vendor Reference
    USN-5223-1
    CVE Reference
    CVE-2021-4104
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for apache to fix the vulnerabilities.
    Consequence
    2 was vulnerable to deserialization ofuntrusted data if the configuration file was editable.
    An attacker could usethis vulnerability to cause a dos or possibly execute arbitrary code.
    Solution
    Refer to Ubuntu security advisory USN-5223-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5223-1
  • CVE-2021-24579
    Recently Published

    WordPress Bold Page Builder Plugin PHP Object Injection Vulnerability (CVE-2021-24579)

    Severity
    Critical4
    Qualys ID
    150449
    Date Published
    January 17, 2022
    Vendor Reference
    Wpscan
    CVE Reference
    CVE-2021-24579
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    WordPress Plugin Bold Page Builder is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input before being passed to the unserialize() PHP function.

    Affected versions:
    before 3.1.6

    Consequence
    Attackers can possibly exploit this issue to execute arbitrary PHP code within the context of the affected webserver process.

    Solution
    Customers are advised to upgrade to Bold Page Builder version 3.1.6 or later versions to remediate this vulnerability.
    Patches
    WordPress
  • CVE-2021-28709+
    Recently Published

    Oracle Managed Virtualization (VM) Server for x86 Security Update for xen (OVMSA-2022-0003)

    Severity
    Critical4
    Qualys ID
    390255
    Date Published
    January 17, 2022
    Vendor Reference
    OVMSA-2022-0003
    CVE Reference
    CVE-2021-28709, CVE-2017-17045, CVE-2021-28706, CVE-2017-17044, CVE-2021-28705
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Oracle VM Server for x86 has released a security update for xen to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Oracle VM Server security advisory OVMSA-2022-0003 for updates and patch information.
    Patches
    Oracle VM Server OVMSA-2022-0003
  • CVE-2021-28706+
    Recently Published

    Oracle Managed Virtualization (VM) Server for x86 Security Update for xen (OVMSA-2022-0004)

    Severity
    Critical4
    Qualys ID
    390253
    Date Published
    January 17, 2022
    Vendor Reference
    OVMSA-2022-0004
    CVE Reference
    CVE-2021-28706, CVE-2021-28709, CVE-2021-28705
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle VM Server for x86 has released a security update for xen to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Oracle VM Server security advisory OVMSA-2022-0004 for updates and patch information.
    Patches
    Oracle VM Server OVMSA-2022-0004
  • CVE-2020-15862+
    Recently Published

    SUSE Enterprise Linux Security Update for net-snmp (SUSE-SU-2022:0050-1)

    Severity
    Critical4
    Qualys ID
    751589
    Date Published
    January 17, 2022
    Vendor Reference
    SUSE-SU-2022:0050-1
    CVE Reference
    CVE-2020-15862, CVE-2018-18065
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    SUSE has released a security update for net-snmp to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0050-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0050-1
  • CVE-2021-4155+
    Recently Published

    Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0005)

    Severity
    Critical4
    Qualys ID
    390254
    Date Published
    January 17, 2022
    Vendor Reference
    OVMSA-2022-0005
    CVE Reference
    CVE-2021-4155, CVE-2021-1048, CVE-2021-0920
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Oracle VM Server for x86 has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Oracle VM Server security advisory OVMSA-2022-0005 for updates and patch information.
    Patches
    Oracle VM Server OVMSA-2022-0005
  • CVE-2021-4156
    Recently Published

    OpenSUSE Security Update for libsndfile (openSUSE-SU-2022:0052-1)

    Severity
    Critical4
    Qualys ID
    751592
    Date Published
    January 17, 2022
    Vendor Reference
    openSUSE-SU-2022:0052-1
    CVE Reference
    CVE-2021-4156
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    OpenSUSE has released a security update for libsndfile to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0052-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0052-1
  • CVE-2021-4147+
    Recently Published

    SUSE Enterprise Linux Security Update for libvirt (SUSE-SU-2022:0045-1)

    Severity
    Critical4
    Qualys ID
    751588
    Date Published
    January 17, 2022
    Vendor Reference
    SUSE-SU-2022:0045-1
    CVE Reference
    CVE-2021-4147, CVE-2021-3975
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    SUSE has released a security update for libvirt to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0045-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0045-1
  • CVE-2021-4156
    Recently Published

    SUSE Enterprise Linux Security Update for libsndfile (SUSE-SU-2022:0052-1)

    Severity
    Critical4
    Qualys ID
    751587
    Date Published
    January 17, 2022
    Vendor Reference
    SUSE-SU-2022:0052-1
    CVE Reference
    CVE-2021-4156
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    SUSE has released a security update for libsndfile to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server for SAP Applications 15
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0052-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0052-1
  • CVE-2021-3778+
    Recently Published

    Debian Security Update for vim (DLA 2876-1)

    Severity
    Critical4
    Qualys ID
    178990
    Date Published
    January 17, 2022
    Vendor Reference
    DLA 2876-1
    CVE Reference
    CVE-2021-3778, CVE-2017-17087, CVE-2019-20807, CVE-2021-3796
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Debian has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 2876-1 for updates and patch information.
    Patches
    Debian DLA 2876-1
  • CVE-2021-44228+
    Recently Published

    Dell EMC NetWorker Virtual Edition Multiple Apache Log4j Remote Code Execution (RCE) Vulnerabilities (DSA-2021-280)

    Severity
    Urgent5
    Qualys ID
    730329
    Date Published
    January 17, 2022
    Vendor Reference
    DSA-2021-280
    CVE Reference
    CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
    CVSS Scores
    Base 10 / Temporal 9
    Description
    Dell EMC NetWorker software provides fast, efficient backup and recovery for enterprise applications and databases.

    Affected Version:
    Dell EMC NetWorker Virtual Edition 19.5.x
    QID Detection Logic (Unauthenticated):
    This QID tries to find vulnerable Dell EMC NetWorker Virtual Edition versions by transmitting a HTTP POST request to avi/avigui/avigwt

    Consequence
    Apache Log4j remote code execution vulnerability that may be exploited by malicious users to compromise the affected system Dell EMC NetWorker Virtual Edition

    Solution
    Further information can be obtained from DSA-2021-280
    Patches
    DSA-2021-280
  • CVE-2021-22045
    Recently Published

    VMware Workstation and VMware Fusion Heap Overflow Vulnerability (VMSA-2022-0001)

    Severity
    Critical4
    Qualys ID
    376228
    Date Published
    January 17, 2022
    Vendor Reference
    VMSA-2022-0001
    CVE Reference
    CVE-2021-22045
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    VMware Workstation, Fusion is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems.

    The CD-ROM device emulation in VMware Workstation, Fusion and ESXi has a heap-overflow vulnerability.

    Affected Versions:
    VMware Workstation Pro 16.x prior to 16.2.0
    VMware Workstation Player 16.x prior to 16.2.0
    VMware Fusion prior to 12.x prior to 12.2.0

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of Workstation and Fusion .exe file.

    Consequence
    A malicious actor with normal user privilege access to a virtual machine can cause heap-overflow vulnerability via the CD-ROM device emulation.

    Solution
    Vmware has released patch for VMware Workstation and VMware Fusion.

    Refer to VMware advisory VMSA-2022-0001 for more information.

    Patches
    VMware Fusion 12.2.0, VMware Workstation 16.2.0
  • CVE-2021-34727
    Recently Published

    Cisco Internetwork Operating System (IOS) XE SD-WAN Software Buffer Overflow Vulnerability (cisco-sa-iosxesdwan-rbuffover-vE2OB6tp)

    Severity
    Urgent5
    Qualys ID
    317124
    Date Published
    January 17, 2022
    Vendor Reference
    cisco-sa-iosxesdwan-rbuffover-vE2OB6tp
    CVE Reference
    CVE-2021-34727
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated,
    remote attacker to cause a buffer overflow on an affected device.

    Affected Products:
    Following Cisco products if they are running a vulnerable release of Cisco IOS XE SD-WAN Software and have the SD-WAN feature enabled:
    1000 Series Integrated Services Routers (ISRs)
    4000 Series ISRs
    ASR 1000 Series Aggregation Services Routers
    Cloud Services Router 1000V Series
    Note: The SD-WAN feature is not enabled by default.

    QID Detection Logic (Authenticated):
    The check matches Cisco IOS XE SDWAN version retrieved via Unix Auth using "show version" command.
    QID Detection Logic (Unauthenticated):
    The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet.

    Consequence
    A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges,
    or cause the device to reload, which could result in a denial of service condition.
    Solution

    Customers are advised to refer to cisco-sa-iosxesdwan-rbuffover-vE2OB6tp for more information.

    Patches
    cisco-sa-iosxesdwan-rbuffover-vE2OB6tp
  • CVE-2021-4009+
    Recently Published

    Fedora Security Update for xorg (FEDORA-2021-664a6554a1)

    Severity
    Critical4
    Qualys ID
    282214
    Date Published
    January 17, 2022
    Vendor Reference
    FEDORA-2021-664a6554a1
    CVE Reference
    CVE-2021-4009, CVE-2021-4008, CVE-2021-4010, CVE-2021-4011
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for xorg to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2021-664a6554a1
  • CVE-2021-45469
    Recently Published

    Fedora Security Update for kernel (FEDORA-2021-a7a558062e)

    Severity
    Critical4
    Qualys ID
    282213
    Date Published
    January 17, 2022
    Vendor Reference
    FEDORA-2021-a7a558062e
    CVE Reference
    CVE-2021-45469
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for kernel to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2021-a7a558062e
  • CVE-2014-0219+
    Recently Published

    Apache Karaf Multiple Vulnerabilities

    Severity
    Critical4
    Qualys ID
    376223
    Date Published
    January 17, 2022
    Vendor Reference
    Apache Karaf
    CVE Reference
    CVE-2014-0219, CVE-2016-8750, CVE-2018-11786, CVE-2018-11787, CVE-2018-11788, CVE-2019-0191, CVE-2019-0226, CVE-2020-11980
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Apache Karaf is a set of bundles (modules), it includes an OSGi framework (a set of tools exported by the base osgi bundle -the core- in order to be used by other bundles)

    Affected Versions:
    Apache Karaf all version(s) before 4.2.9

    QID Detection Logic (Authenticated):
    This QID checks for vulnerable version of Apache Karaf .

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Apache Karaf Download Page Apache Karaf downloads for updates and patch information.
    Patches
    Apache karaf
  • CVE-2021-42392
    Recently Published

    H2 Database Console Remote Code Execution (RCE) Vulnerability (CVE-2021-42392)

    Severity
    Critical4
    Qualys ID
    376244
    Date Published
    January 14, 2022
    Vendor Reference
    H2 database
    CVE Reference
    CVE-2021-42392
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    H2 is an open-source Java SQL database offering a lightweight in-memory solution that doesn't require data to be stored on disk.

    CVE-2021-42392: H2 Console in versions since 1.1.100 (2008-10-14) to 2.0.204 (2021-12-21) inclusive allows loading of custom classes from remote servers through JNDI. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution.

    Affected versions:
    1.1.100 (2008-10-14) to 2.0.204 (2021-12-21)

    Consequence
    H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method (such as security constraint) wasn't set, an intruder can load own custom class and execute its code in a process with H2 Console (H2 Server process or a web server with H2 Console servlet).

    Solution
    It is recommend all users of the H2 database to upgrade to version 2.0.206

    Since version 2.0.206 H2 Console and linked tables explicitly forbid attempts to specify LDAP URLs for JNDI. Only local data sources can be used.

    Patches
    h2 DB
  • CVE-2021-29262
    Recently Published

    Apache Solr Information Disclosure Vulnerability (CVE-2021-29262)

    Severity
    Critical4
    Qualys ID
    150446
    Date Published
    January 14, 2022
    Vendor Reference
    CVE-2021-29262
    CVE Reference
    CVE-2021-29262
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Apache Solr is an open-source enterprise search platform which is on Apache Lucene.

    The installed version of Apache Solr is vulnerable to Information Exposure. When starting Solr, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable.

    Affected Versions:
    before version 8.8.2

    Consequence
    Successful exploitation would lead to Information Disclosure vulnerability, which can help the attacker carry out further attacks and obtain sensitive information.

    Solution
    Upgrade to Solr 8.8.2 or later.
    Patches
    Apache Solr, SOLR-15249
  • CVE-2019-17545+
    Recently Published

    Debian Security Update for gdal (DLA 2877-1)

    Severity
    Urgent5
    Qualys ID
    178998
    Date Published
    January 13, 2022
    Vendor Reference
    DLA 2877-1
    CVE Reference
    CVE-2019-17545, CVE-2021-45943
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released a security update for gdal to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 2877-1 for updates and patch information.
    Patches
    Debian DLA 2877-1
  • CVE-2022-20612
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for jenkins (672eeea9-a070-4f88-b0f1-007e90a2cbc3)

    Severity
    Urgent5
    Qualys ID
    690769
    Date Published
    January 13, 2022
    Vendor Reference
    672eeea9-a070-4f88-b0f1-007e90a2cbc3
    CVE Reference
    CVE-2022-20612
    CVSS Scores
    Base 4.3 / Temporal 3.8
    Description
    FreeBSD has released a security update for jenkins to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory 672eeea9-a070-4f88-b0f1-007e90a2cbc3 for updates and patch information.
    Patches
    "FreeBSD" 672eeea9-a070-4f88-b0f1-007e90a2cbc3
  • CVE-2021-4126+
    Recently Published

    OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2022:0058-1)

    Severity
    Critical4
    Qualys ID
    751599
    Date Published
    January 13, 2022
    Vendor Reference
    openSUSE-SU-2022:0058-1
    CVE Reference
    CVE-2021-4126, CVE-2021-44538
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    OpenSUSE has released a security update for MozillaThunderbird to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0058-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0058-1
  • CVE-2021-44224+
    Recently Published

    SUSE Enterprise Linux Security Update for apache2 (SUSE-SU-2022:0065-1)

    Severity
    Critical4
    Qualys ID
    751596
    Date Published
    January 13, 2022
    Vendor Reference
    SUSE-SU-2022:0065-1
    CVE Reference
    CVE-2021-44224, CVE-2021-44790
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for apache2 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0065-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0065-1
  • CVE-2021-45463
    Recently Published

    Fedora Security Update for gegl04 (FEDORA-2022-5b5a738d7a)

    Severity
    Critical4
    Qualys ID
    282230
    Date Published
    January 13, 2022
    Vendor Reference
    FEDORA-2022-5b5a738d7a
    CVE Reference
    CVE-2021-45463
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for gegl04 to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-5b5a738d7a
  • CVE-2021-41817
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ruby (7104)

    Severity
    Critical4
    Qualys ID
    900505
    Date Published
    January 13, 2022
    Vendor Reference
    7104
    CVE Reference
    CVE-2021-41817
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ruby to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7104
  • CVE-2021-45485
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (7102)

    Severity
    Critical4
    Qualys ID
    900504
    Date Published
    January 13, 2022
    Vendor Reference
    7102
    CVE Reference
    CVE-2021-45485
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7102
  • CVE-2021-43818
    Recently Published

    Ubuntu Security Notification for lxml Vulnerability (USN-5225-1)

    Severity
    Critical4
    Qualys ID
    198628
    Date Published
    January 13, 2022
    Vendor Reference
    USN-5225-1
    CVE Reference
    CVE-2021-43818
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    Lxml incorrectly handled certain xml and html files.
    Consequence
    An attacker could possibly use this issue to execute arbitrary code.
    Solution
    Refer to Ubuntu security advisory USN-5225-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5225-1
  • CVE-2021-43818
    Recently Published

    Debian Security Update for lxml (DSA 5043-1)

    Severity
    Critical4
    Qualys ID
    178995
    Date Published
    January 13, 2022
    Vendor Reference
    DSA 5043-1
    CVE Reference
    CVE-2021-43818
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    Debian has released a security update for lxml to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5043-1 for updates and patch information.
    Patches
    Debian DSA 5043-1
  • CVE-2021-45942
    Recently Published

    OpenSUSE Security Update for openexr (openSUSE-SU-2022:0062-1)

    Severity
    Critical4
    Qualys ID
    751598
    Date Published
    January 13, 2022
    Vendor Reference
    openSUSE-SU-2022:0062-1
    CVE Reference
    CVE-2021-45942
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    OpenSUSE has released a security update for openexr to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0062-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0062-1
  • CVE-2021-45942
    Recently Published

    SUSE Enterprise Linux Security Update for openexr (SUSE-SU-2022:0061-1)

    Severity
    Critical4
    Qualys ID
    751595
    Date Published
    January 13, 2022
    Vendor Reference
    SUSE-SU-2022:0061-1
    CVE Reference
    CVE-2021-45942
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    SUSE has released a security update for openexr to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0061-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0061-1
  • CVE-2021-4140+
    Recently Published

    Red Hat Update for firefox (RHSA-2022:0124)

    Severity
    Critical4
    Qualys ID
    240006
    Date Published
    January 13, 2022
    Vendor Reference
    RHSA-2022:0124
    CVE Reference
    CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description

    mozilla firefox is an open-source web browser, designed for standards compliance, performance, and portability.

    Security Fix(es):
    • mozilla: iframe sandbox bypass with xslt (cve-2021-4140)
    • mozilla: race condition when playing audio files (cve-2022-22737)
    • mozilla: heap-buffer-overflow in blendgaussianblur (cve-2022-22738)
    • mozilla: use-after-free of channeleventqueue::mowner (cve-2022-22740)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22741)
    • mozilla: out-of-bounds memory access when inserting text in edit mode (cve-2022-22742)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22743)
    • mozilla: memory safety bugs fixed in firefox 96 and firefox esr 91.5 (cve-2022-22751)
    • mozilla: leaking cross-origin urls through securitypolicyviolation event (cve-2022-22745)
    • mozilla: spoofed origin on external protocol launch dialog (cve-2022-22748)
    • mozilla: missing throttling on external protocol launch dialog (cve-2022-22739)
    • mozilla: crash when handling empty pkcs7 sequence (cve-2022-22747)

    Affected Products:

    • Red Hat enterprise linux server 7 x86_64
    • Red Hat enterprise linux workstation 7 x86_64
    • Red Hat enterprise linux desktop 7 x86_64
    • Red Hat enterprise linux for ibm z systems 7 s390x
    • Red Hat enterprise linux for power, big endian 7 ppc64
    • Red Hat enterprise linux for power, little endian 7 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0124 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0124
  • CVE-2021-4140+
    Recently Published

    Red Hat Update for firefox (RHSA-2022:0130)

    Severity
    Critical4
    Qualys ID
    240005
    Date Published
    January 13, 2022
    Vendor Reference
    RHSA-2022:0130
    CVE Reference
    CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description

    mozilla firefox is an open-source web browser, designed for standards compliance, performance, and portability.

    Security Fix(es):
    • mozilla: iframe sandbox bypass with xslt (cve-2021-4140)
    • mozilla: race condition when playing audio files (cve-2022-22737)
    • mozilla: heap-buffer-overflow in blendgaussianblur (cve-2022-22738)
    • mozilla: use-after-free of channeleventqueue::mowner (cve-2022-22740)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22741)
    • mozilla: out-of-bounds memory access when inserting text in edit mode (cve-2022-22742)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22743)
    • mozilla: memory safety bugs fixed in firefox 96 and firefox esr 91.5 (cve-2022-22751)
    • mozilla: leaking cross-origin urls through securitypolicyviolation event (cve-2022-22745)
    • mozilla: spoofed origin on external protocol launch dialog (cve-2022-22748)
    • mozilla: missing throttling on external protocol launch dialog (cve-2022-22739)
    • mozilla: crash when handling empty pkcs7 sequence (cve-2022-22747)

    Affected Products:

    • Red Hat enterprise linux for x86_64 8 x86_64
    • Red Hat enterprise linux for ibm z systems 8 s390x
    • Red Hat enterprise linux for power, little endian 8 ppc64le
    • Red Hat enterprise linux for arm 64 8 aarch64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0130 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0130
  • CVE-2021-4140+
    Recently Published

    Red Hat Update for thunderbird (RHSA-2022:0128)

    Severity
    Critical4
    Qualys ID
    240003
    Date Published
    January 13, 2022
    Vendor Reference
    RHSA-2022:0128
    CVE Reference
    CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description

    mozilla thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):
    • mozilla: iframe sandbox bypass with xslt (cve-2021-4140)
    • mozilla: race condition when playing audio files (cve-2022-22737)
    • mozilla: heap-buffer-overflow in blendgaussianblur (cve-2022-22738)
    • mozilla: use-after-free of channeleventqueue::mowner (cve-2022-22740)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22741)
    • mozilla: out-of-bounds memory access when inserting text in edit mode (cve-2022-22742)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22743)
    • mozilla: memory safety bugs fixed in firefox 96 and firefox esr 91.5 (cve-2022-22751)
    • mozilla: leaking cross-origin urls through securitypolicyviolation event (cve-2022-22745)
    • mozilla: spoofed origin on external protocol launch dialog (cve-2022-22748)
    • mozilla: missing throttling on external protocol launch dialog (cve-2022-22739)
    • mozilla: crash when handling empty pkcs7 sequence (cve-2022-22747)

    Affected Products:

    • Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64
    • Red Hat enterprise linux server - aus 8.4 x86_64
    • Red Hat enterprise linux for ibm z systems - extended update support 8.4 s390x
    • Red Hat enterprise linux for power, little endian - extended update support 8.4 ppc64le
    • Red Hat enterprise linux server - tus 8.4 x86_64
    • Red Hat enterprise linux for arm 64 - extended update support 8.4 aarch64
    • Red Hat enterprise linux server (for ibm power le) - update services for sap solutions 8.4 ppc64le
    • Red Hat enterprise linux server - update services for sap solutions 8.4 x86_64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0128 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0128
  • CVE-2021-4140+
    Recently Published

    Red Hat Update for thunderbird (RHSA-2022:0123)

    Severity
    Critical4
    Qualys ID
    240002
    Date Published
    January 13, 2022
    Vendor Reference
    RHSA-2022:0123
    CVE Reference
    CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description

    mozilla thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):
    • mozilla: iframe sandbox bypass with xslt (cve-2021-4140)
    • mozilla: race condition when playing audio files (cve-2022-22737)
    • mozilla: heap-buffer-overflow in blendgaussianblur (cve-2022-22738)
    • mozilla: use-after-free of channeleventqueue::mowner (cve-2022-22740)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22741)
    • mozilla: out-of-bounds memory access when inserting text in edit mode (cve-2022-22742)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22743)
    • mozilla: memory safety bugs fixed in firefox 96 and firefox esr 91.5 (cve-2022-22751)
    • mozilla: leaking cross-origin urls through securitypolicyviolation event (cve-2022-22745)
    • mozilla: spoofed origin on external protocol launch dialog (cve-2022-22748)
    • mozilla: missing throttling on external protocol launch dialog (cve-2022-22739)
    • mozilla: crash when handling empty pkcs7 sequence (cve-2022-22747)

    Affected Products:

    • Red Hat enterprise linux for x86_64 - extended update support 8.2 x86_64
    • Red Hat enterprise linux server - aus 8.2 x86_64
    • Red Hat enterprise linux for power, little endian - extended update support 8.2 ppc64le
    • Red Hat enterprise linux server - tus 8.2 x86_64
    • Red Hat enterprise linux for arm 64 - extended update support 8.2 aarch64
    • Red Hat enterprise linux server (for ibm power le) - update services for sap solutions 8.2 ppc64le
    • Red Hat enterprise linux server - update services for sap solutions 8.2 x86_64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0123 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0123
  • CVE-2021-4140+
    Recently Published

    Red Hat Update for thunderbird (RHSA-2022:0127)

    Severity
    Critical4
    Qualys ID
    240001
    Date Published
    January 13, 2022
    Vendor Reference
    RHSA-2022:0127
    CVE Reference
    CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description

    mozilla thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):
    • mozilla: iframe sandbox bypass with xslt (cve-2021-4140)
    • mozilla: race condition when playing audio files (cve-2022-22737)
    • mozilla: heap-buffer-overflow in blendgaussianblur (cve-2022-22738)
    • mozilla: use-after-free of channeleventqueue::mowner (cve-2022-22740)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22741)
    • mozilla: out-of-bounds memory access when inserting text in edit mode (cve-2022-22742)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22743)
    • mozilla: memory safety bugs fixed in firefox 96 and firefox esr 91.5 (cve-2022-22751)
    • mozilla: leaking cross-origin urls through securitypolicyviolation event (cve-2022-22745)
    • mozilla: spoofed origin on external protocol launch dialog (cve-2022-22748)
    • mozilla: missing throttling on external protocol launch dialog (cve-2022-22739)
    • mozilla: crash when handling empty pkcs7 sequence (cve-2022-22747)

    Affected Products:

    • Red Hat enterprise linux server 7 x86_64
    • Red Hat enterprise linux workstation 7 x86_64
    • Red Hat enterprise linux desktop 7 x86_64
    • Red Hat enterprise linux for power, little endian 7 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0127 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0127
  • CVE-2021-4140+
    Recently Published

    Red Hat Update for firefox (RHSA-2022:0126)

    Severity
    Critical4
    Qualys ID
    240000
    Date Published
    January 13, 2022
    Vendor Reference
    RHSA-2022:0126
    CVE Reference
    CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0126 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0126
  • CVE-2021-4140+
    Recently Published

    Red Hat Update for firefox (RHSA-2022:0132)

    Severity
    Critical4
    Qualys ID
    239999
    Date Published
    January 13, 2022
    Vendor Reference
    RHSA-2022:0132
    CVE Reference
    CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0132 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0132
  • CVE-2021-4140+
    Recently Published

    Red Hat Update for thunderbird (RHSA-2022:0129)

    Severity
    Critical4
    Qualys ID
    239998
    Date Published
    January 13, 2022
    Vendor Reference
    RHSA-2022:0129
    CVE Reference
    CVE-2021-4140, CVE-2022-22737, CVE-2022-22738, CVE-2022-22739, CVE-2022-22740, CVE-2022-22741, CVE-2022-22742, CVE-2022-22743, CVE-2022-22745, CVE-2022-22747, CVE-2022-22748, CVE-2022-22751
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description

    mozilla thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):
    • mozilla: iframe sandbox bypass with xslt (cve-2021-4140)
    • mozilla: race condition when playing audio files (cve-2022-22737)
    • mozilla: heap-buffer-overflow in blendgaussianblur (cve-2022-22738)
    • mozilla: use-after-free of channeleventqueue::mowner (cve-2022-22740)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22741)
    • mozilla: out-of-bounds memory access when inserting text in edit mode (cve-2022-22742)
    • mozilla: browser window spoof using fullscreen mode (cve-2022-22743)
    • mozilla: memory safety bugs fixed in firefox 96 and firefox esr 91.5 (cve-2022-22751)
    • mozilla: leaking cross-origin urls through securitypolicyviolation event (cve-2022-22745)
    • mozilla: spoofed origin on external protocol launch dialog (cve-2022-22748)
    • mozilla: missing throttling on external protocol launch dialog (cve-2022-22739)
    • mozilla: crash when handling empty pkcs7 sequence (cve-2022-22747)

    Affected Products:

    • Red Hat enterprise linux for x86_64 8 x86_64
    • Red Hat enterprise linux for ibm z systems 8 s390x
    • Red Hat enterprise linux for power, little endian 8 ppc64le
    • Red Hat enterprise linux for arm 64 8 aarch64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0129 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0129
  • CVE-2021-43056+
    Recently Published

    Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5218-1)

    Severity
    Urgent5
    Qualys ID
    198627
    Date Published
    January 13, 2022
    Vendor Reference
    USN-5218-1
    CVE Reference
    CVE-2021-43056, CVE-2021-4002, CVE-2021-4204, CVE-2021-41864, CVE-2021-20321, CVE-2021-43389, CVE-2021-3760, CVE-2021-43267
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    The hugetlb implementation in the linux kerneldid not perform tlb flushes under certain conditions.
    The ebpf implementation in the linux kernel didnot properly validate the memory size of certain ring buffer operationarguments.
    A race condition existed in the overlay file systemimplementation in the linux kernel.
    The nfc subsystem in the linux kernel contained ause-after-free vulnerability in its nfc controller interface (nci)implementation.
    An integer overflow could be triggered in the ebpfimplementation in the linux kernel when preallocating objects for stackmaps.
    The kvm implementation for power8 processors in thelinux kernel did not properly keep track if a wakeup event could beresolved by a guest.
    The tipc protocol implementation in the linux kerneldid not properly validate msg_crypto messages in some situations.
    The isdn capi implementation in the linux kernelcontained a race condition in certain situations that could trigger anarray out-of-bounds bug.
    Consequence
    A local attackercould use this to leak or alter data from other processes that use hugepages.
    A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code.
    A local attacker could use this tocause a denial of service (system crash).
    A local attacker could possibly use this to cause a denialof service (system crash) or execute arbitrary code.
    A privileged local attacker could use this to cause a denial ofservice or possibly execute arbitrary code.
    An attacker in a guest vm could possibly use this tocause a denial of service (host os crash).
    Anattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code.
    A privileged local attacker could possibly usethis to cause a denial of service or execute arbitrary code.
    Solution
    Refer to Ubuntu security advisory USN-5218-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5218-1
  • CVE-2021-43173+
    Recently Published

    Debian Security Update for cfrpki (DSA 5041-1)

    Severity
    Urgent5
    Qualys ID
    178993
    Date Published
    January 13, 2022
    Vendor Reference
    DSA 5041-1
    CVE Reference
    CVE-2021-43173, CVE-2021-3761, CVE-2021-3910, CVE-2021-3907, CVE-2021-3911, CVE-2021-3908, CVE-2021-3912, CVE-2021-3909, CVE-2021-43174
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released a security update for cfrpki to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5041-1 for updates and patch information.
    Patches
    Debian DSA 5041-1
  • CVE-2022-21663+
    Recently Published

    Debian Security Update for wordpress (DSA 5039-1)

    Severity
    Critical4
    Qualys ID
    178992
    Date Published
    January 13, 2022
    Vendor Reference
    DSA 5039-1
    CVE Reference
    CVE-2022-21663, CVE-2022-21662, CVE-2022-21664, CVE-2022-21661
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    Debian has released a security update for wordpress to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5039-1 for updates and patch information.
    Patches
    Debian DSA 5039-1
  • CVE-2020-15862+
    Recently Published

    OpenSUSE Security Update for net-snmp (openSUSE-SU-2022:0050-1)

    Severity
    Critical4
    Qualys ID
    751591
    Date Published
    January 13, 2022
    Vendor Reference
    openSUSE-SU-2022:0050-1
    CVE Reference
    CVE-2020-15862, CVE-2018-18065
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    OpenSUSE has released a security update for net-snmp to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0050-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0050-1
  • CVE-2021-45053+
    Recently Published

    Adobe InCopy Multiple Vulnerabilities (APSB22-04)

    Severity
    Critical4
    Qualys ID
    376238
    Date Published
    January 13, 2022
    Vendor Reference
    APSB22-04
    CVE Reference
    CVE-2021-45053, CVE-2021-45054, CVE-2021-45055, CVE-2021-45056
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Adobe InCopy is a professional word processor made by Adobe.

    CVE-2021-45053: Adobe InCopy is affected with Arbitrary Code Execution Vulnerability.
    CVE-2021-45054: Adobe InCopy is affected with Privilege escalation Vulnerability.
    CVE-2021-45055: Adobe InCopy is affected with Arbitrary Code Execution Vulnerability.
    CVE-2021-45056: Adobe InCopy is affected with Arbitrary Code Execution Vulnerability.

    Affected Versions:
    Adobe InCopy 16.4 and earlier version for macOS
    Adobe InCopy 16.4 and earlier version for Windows

    QID Detection Logic (Authenticated):
    This checks for vulnerable versions of InCopy.

    Consequence
    Successful exploitation of these vulnerabilities could lead to arbitrary code execution and application denial of service.
    Solution
    The vendor has released updates to fix the vulnerabilities. Please refer to Adobe advisory APSB22-04 for details.
    Patches
    APSB22-04
  • CVE-2021-45057+
    Recently Published

    Adobe InDesign Multiple Vulnerabilities (APSB22-05)

    Severity
    Critical4
    Qualys ID
    376234
    Date Published
    January 13, 2022
    Vendor Reference
    APSB22-05
    CVE Reference
    CVE-2021-45057, CVE-2021-45058, CVE-2021-45059
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    Adobe InDesign is a desktop publishing software application.
    Affected Version:
    16.4 and earlier versions for MAC and Windows OS

    QID Detection Logic (Authenticated):
    This checks for vulnerable versions of InDesign.

    Consequence
    Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code on the target system.
    Solution
    Please refer to Adobe advisory APSB22-05 for details.
    Patches
    APSB22-05
  • CVE-2021-43976+
    Recently Published

    OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0056-1)

    Severity
    Critical4
    Qualys ID
    751590
    Date Published
    January 13, 2022
    Vendor Reference
    openSUSE-SU-2022:0056-1
    CVE Reference
    CVE-2021-43976, CVE-2021-28714, CVE-2021-4002, CVE-2021-43975, CVE-2021-45485, CVE-2020-27820, CVE-2020-24504, CVE-2021-45486, CVE-2021-4001, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-33098, CVE-2021-28715
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    OpenSUSE has released a security update for the Linux Kernel to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.3

    Consequence
    Malicious users could also use this vulnerability to change partial contents or configuration on the system and information disclosure.Denial of service can appear in some cases too.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2022:0056-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2022:0056-1
  • CVE-2019-16884
    Recently Published

    Amazon Linux Security Advisory for runc : ALAS-2021-1556

    Severity
    Critical4
    Qualys ID
    353110
    Date Published
    January 13, 2022
    Vendor Reference
    ALAS-2021-1556
    CVE Reference
    CVE-2019-16884
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Runc through 1.0.0-rc8, as used in docker through 19.03.2-ce and other products, allows apparmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious docker image can mount over a /proc directory. (
    ( CVE-2019-16884)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS-2021-1556 for affected packages and patching details, or update with your package manager.
    Patches
    Amazon Linux ALAS-2021-1556
  • CVE-2016-2124+
    Recently Published

    Red Hat Update for samba (RHSA-2022:0074)

    Severity
    Critical4
    Qualys ID
    239996
    Date Published
    January 13, 2022
    Vendor Reference
    RHSA-2022:0074
    CVE Reference
    CVE-2016-2124, CVE-2020-25717
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description

    samba is an open-source implementation of the server message block (smb) protocol and the related common internet file system (cifs) protocol, which allow pc-compatible machines to share files, printers, and various information.

    Security Fix(es):
    • samba: active directory (ad) domain user could become root on domain members (cve-2020-25717)
    • samba: smb1 client connections can be downgraded to plaintext authentication (cve-2016-2124)

    Affected Products:

    • Red Hat enterprise linux for x86_64 - extended update support 8.2 x86_64
    • Red Hat enterprise linux server - aus 8.2 x86_64
    • Red Hat enterprise linux for ibm z systems - extended update support 8.2 s390x
    • Red Hat enterprise linux for power, little endian - extended update support 8.2 ppc64le
    • Red Hat enterprise linux server - tus 8.2 x86_64
    • Red Hat enterprise linux for arm 64 - extended update support 8.2 aarch64
    • Red Hat enterprise linux server (for ibm power le) - update services for sap solutions 8.2 ppc64le
    • Red Hat enterprise linux server - update services for sap solutions 8.2 x86_64
    • Red Hat codeready linux builder for x86_64 - extended update support 8.2 x86_64
    • Red Hat codeready linux builder for power, little endian - extended update support 8.2 ppc64le
    • Red Hat codeready linux builder for ibm z systems - extended update support 8.2 s390x
    • Red Hat codeready linux builder for arm 64 - extended update support 8.2 aarch64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:0074 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:0074
  • CVE-2021-44228
    Recently Published

    Couchbase Server Security Update For Log4shell

    Severity
    Urgent5
    Qualys ID
    730332
    Date Published
    January 13, 2022
    Vendor Reference
    Couchbase Server CVE-2021-44228
    CVE Reference
    CVE-2021-44228
    CVSS Scores
    Base 10 / Temporal 9
    Description
    Couchbase Server, originally known as Membase, is an open-source, distributed multi-model NoSQL document-oriented database software package optimized for interactive applications.

    CVE-2021-44228: A critical issue in the Apache Log4J utility as used by the Couchbase Analytics Service requires updating to prevent potential Remote Code Execution (RCE) and sensitive data extraction.

    Affected Products:
    Couchbase Server version from 7.0.0 prior to 7.0.3
    Couchbase Server version from 6.6.0 prior to 6.6.4
    Couchbase Server versions 6.5.x
    Couchbase Server versions 6.0.x

    QID Detection Logic(Unauthenticated):
    This QID sends a GET request and identify the vulnerable version of Couchbase server on /versions.

    Consequence
    Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on the target system.
    Solution

    Customers are advised to refer to Couchbase Server for more information.Workaround:
    Please refer to Couchbase Server Workaround for more information.

    Patches
    Couchbase Server CVE-2021-44228
  • CVE-2021-44228+
    Recently Published

    Dell EMC NetWorker Virtual Edition multiple Apache Log4j Remote Code Execution (RCE) Vulnerabilities (DSA-2021-280)

    Severity
    Urgent5
    Qualys ID
    730331
    Date Published
    January 13, 2022
    Vendor Reference
    DSA-2021-280
    CVE Reference
    CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
    CVSS Scores
    Base 10 / Temporal 9.4
    Description
    Dell EMC NetWorker software provides fast, efficient backup and recovery for enterprise applications and databases.

    Affected Version:
    Dell EMC NetWorker Virtual Edition 19.4.x
    QID Detection Logic (Unauthenticated):
    This QID tries to find vulnerable Dell EMC NetWorker Virtual Edition versions by transmitting a HTTP POST request to avi/avigui/avigwt

    Consequence
    Apache Log4j remote code execution vulnerability that may be exploited by malicious users to compromise the affected system Dell EMC NetWorker Virtual Edition.

    Solution
    Further information can be obtained from DSA-2021-280
  • CVE-2021-44227
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for mailman less than 2.1.38 (0d6efbe3-52d9-11ec-9472-e3667ed6088e)

    Severity
    Critical4
    Qualys ID
    690768
    Date Published
    January 13, 2022
    Vendor Reference
    0d6efbe3-52d9-11ec-9472-e3667ed6088e
    CVE Reference
    CVE-2021-44227
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    FreeBSD has released a security update for mailman to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory 0d6efbe3-52d9-11ec-9472-e3667ed6088e for updates and patch information.
    Patches
    "FreeBSD" 0d6efbe3-52d9-11ec-9472-e3667ed6088e
  • CVE-2021-44228+
    Recently Published

    Dell EMC NetWorker Server Apache Log4j multiple Remote Code Execution (RCE) Vulnerabilities (DSA-2021-280)

    Severity
    Urgent5
    Qualys ID
    376231
    Date Published
    January 13, 2022
    Vendor Reference
    DSA-2021-280
    CVE Reference
    CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
    CVSS Scores
    Base 10 / Temporal 9.2
    Description
    Dell EMC NetWorker is a suite of enterprise level data protection software that unifies and automates backup to tape, disk-based, and flash-based storage media across physical and virtual environments for granular and disaster recovery.

    Affected Version:
    Dell EMC NetWorker Server 19.4.x

    QID Detection Logic (Authenticated):
    This QID check Windows registry to see if vulnerable version of Dell EMC NetWorker is installed.

    Consequence
    Apache Log4j remote code execution vulnerability that may be exploited by malicious users to compromise the affected system Dell EMC NetWorker Server.

    Solution
    Further information can be obtained from DSA-2021-280
    Workaround:
    Download the latest version of the logpresso tool from the following location: https://github.com/logpresso/CVE-2021-44228-Scanner.
    Choose the latest logscanner tool for "Any OS".
    Copy the logpresso-log4j2-scan-XXX.jar to C:\temp directory on the NetWorker server.
    Run logpresso jar against the affected locations.
  • CVE-2021-44228+
    Recently Published

    Dell EMC NetWorker Apache Log4j multiple Remote Code Execution (RCE) Vulnerabilities (DSA-2021-280)

    Severity
    Urgent5
    Qualys ID
    376230
    Date Published
    January 13, 2022
    Vendor Reference
    DSA-2021-280
    CVE Reference
    CVE-2021-44228, CVE-2021-45046, CVE-2021-45105
    CVSS Scores
    Base 10 / Temporal 9
    Description
    Dell EMC NetWorker is a suite of enterprise level data protection software that unifies and automates backup to tape, disk-based, and flash-based storage media across physical and virtual environments for granular and disaster recovery.

    Affected Version:
    Dell EMC NetWorker Server 19.5.x
    Fixed Version
    Dell EMC NetWorker Server 19.5.0.5

    QID Detection Logic (Authenticated):
    This QID check Windows registry to see if vulnerable version of Dell EMC NetWorker is installed.

    Consequence
    Apache Log4j remote code execution vulnerability that may be exploited by malicious users to compromise the affected system Dell EMC NetWorker Server.

    Solution
    Further information can be obtained from DSA-2021-280
    Patches
    DSA-2021-280
  • CVE-2021-27905
    Recently Published

    Apache Solr SSRF Vulnerability (CVE-2021-27905)

    Severity
    Critical4
    Qualys ID
    150445
    Date Published
    January 13, 2022
    Vendor Reference
    CVE-2021-27905
    CVE Reference
    CVE-2021-27905
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    Apache Solr is an open-source enterprise search platform which is on Apache Lucene.

    The installed version of Apache Solr allow unauthenticated remote attackers to perform SSRF attacks. The vulnerability exists due to insufficient validation of user-supplied input passed via the "masterUrl" or "leaderUrl" parameters to "/replication" URL.

    Affected versions:
    before version 8.8.2

    Consequence
    Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

    Solution
    Upgrade to Solr 8.8.2 or later.
    Patches
    Apache Solr, SOLR-15217
  • CVE-2010-1132
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for spamass-milter (7132c842-58e2-11df-8d80-0015587e2cc1)

    Severity
    Urgent5
    Qualys ID
    690271
    Date Published
    January 13, 2022
    Vendor Reference
    7132c842-58e2-11df-8d80-0015587e2cc1
    CVE Reference
    CVE-2010-1132
    CVSS Scores
    Base 4.2 / Temporal 3.8
    Description
    FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.

    FreeBSD has released a security update.
    Affected versions:

    Version range 0.0.0 to 0.3.1_9 for package spamass-milter

    QID Detection Logic: (Authenticated)
    It checks package versions to check for the vulnerable packages.

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Please refer to FreeBSD security advisory 7132c842-58e2-11df-8d80-0015587e2cc1 for updates and patch information
    Patches
    "FreeBSD" 7132c842-58e2-11df-8d80-0015587e2cc1
  • CVE-2015-5380
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for node, iojs, and v8 (864e6f75-2372-11e5-86ff-14dae9d210b8)

    Severity
    Critical4
    Qualys ID
    690322
    Date Published
    January 13, 2022
    Vendor Reference
    864e6f75-2372-11e5-86ff-14dae9d210b8
    CVE Reference
    CVE-2015-5380
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.

    FreeBSD has released a security update.
    Affected versions:

    Version range 0.0.0 to 0.12.6 for package node
    Version range 0.0.0 to 0.12.6 for package node-devel
    Version range 0.0.0 to 2.3.3 for package iojs
    Version range 0.0.0 to 3.18.6 for package v8
    Version range 0.0.0 to 3.27.7_3 for package v8-devel

    QID Detection Logic: (Authenticated)
    It checks package versions to check for the vulnerable packages.

    Consequence
    Successful exploitation allows attacker to compromise the system.
    Solution
    Please refer to FreeBSD security advisory 864e6f75-2372-11e5-86ff-14dae9d210b8 for updates and patch information
    Patches
    "FreeBSD" 864e6f75-2372-11e5-86ff-14dae9d210b8
  • CVE-2018-10925+
    Recently Published

    Gentoo Linux PostgreSQL Multiple Vulnerabilities (GLSA 201810-08)

    Severity
    Critical4
    Qualys ID
    710227
    Date Published
    January 13, 2022
    Vendor Reference
    GLSA 201810-08
    CVE Reference
    CVE-2018-10925, CVE-2018-10915, CVE-2018-1115
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    Gentoo Linux is a Linux distribution

    Multiple vulnerabilities have been found in PostgreSQL, the worst which could lead to privilege escalation.

    Affected Package(s): dev-db/postgresql


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    The Vendor has released security update to fix the vulnerability. For more information please visit GLSA 201810-08 for updates and patch information.
    Patches
    Gentoo GLSA 201810-08
  • CVE-2021-44701+
    Recently Published

    Adobe Security Update for Adobe Acrobat and Adobe Reader (APSB22-01)

    Severity
    Urgent5
    Qualys ID
    376233
    Date Published
    January 12, 2022
    Vendor Reference
    APSB22-01
    CVE Reference
    CVE-2021-44701, CVE-2021-44702, CVE-2021-44703, CVE-2021-44704, CVE-2021-44705, CVE-2021-44706, CVE-2021-44707, CVE-2021-44708, CVE-2021-44709, CVE-2021-44710, CVE-2021-44711, CVE-2021-44712, CVE-2021-44713, CVE-2021-44714, CVE-2021-44715, CVE-2021-44739, CVE-2021-44740, CVE-2021-44741, CVE-2021-44742, CVE-2021-45060, CVE-2021-45061, CVE-2021-45062, CVE-2021-45063, CVE-2021-45064, CVE-2021-45067, CVE-2021-45068
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    Adobe Reader and Acrobat are applications for handling PDF files. Adobe Reader and Acrobat are prone to multiple vulnerabilities that could potentially allow an attacker to take control of an affected system.

    Affected Versions:
    Acrobat DC Continuous 21.007.20099 and earlier versions(Windows )
    Acrobat Reader DC Continuous 21.007.20099 and earlier versions (Windows)
    Acrobat DC Continuous 21.007.20099 and earlier versions(MacOS)
    Acrobat Reader DC Continuous 21.007.20099 and earlier versions (MacOS )
    Acrobat 2020 Classic 2020, 20.004.30017 and earlier versions (Windows and macOS)
    Acrobat Reader 2020 Classic 2020,20.004.30017 and earlier versions (Windows and macOS)
    Acrobat 2017 Classic 2017, 17.011.30204 and earlier version (Windows and macOS)
    Acrobat Reader 2017 Classic 2017, 17.011.30204 and earlier version (Windows and macOS)

    QID Detection Logic (Authenticated):
    This QID looks for the vulnerable version of Acrobat.dll, AcroRd32.dll, and nppdf32.dll files.

    Consequence

    An attacker could exploit this vulnerability to compromise Confidentiality, Integrity and/or Availability.

    Solution

    Adobe has released fix to address this issue. Customers are advised to refer to APSB22-01 for updates pertaining to this vulnerability.

    Patches
    APSB22-01
  • CVE-2022-21917
    Recently Published

    Microsoft HEVC Video Extensions Remote Code Execution (RCE) Vulnerability for January 2022

    Severity
    Critical4
    Qualys ID
    91855
    Date Published
    January 12, 2022
    Vendor Reference
    CVE-2022-21917
    CVE Reference
    CVE-2022-21917
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    A crafted image file could cause a crash in Explorer during browsing of the directory containing the file.

    Affected Product:
    "HEVC from Device Manufacturer" media codec before version 1.0.43421.0

    QID Detection Logic (Authenticated):
    - Checks for vulnerable version of HEVC Video Extensions via wmi_query

    Consequence
    This vulnerability would require an authenticated victim to be tricked into opening a specially crafted media file which could result in remote code execution on the victim's machine.
    Solution
    Users are advised to check CVE-2022-21917 for more information.

    Patches
    CVE-2022-21917
  • CVE-2022-21842+
    Recently Published

    Microsoft SharePoint Enterprise Server and Foundation Multiple Vulnerabilities for January 2022

    Severity
    Urgent5
    Qualys ID
    110399
    Date Published
    January 12, 2022
    Vendor Reference
    KB5001995, KB5002102, KB5002108, KB5002109, KB5002110, KB5002111, KB5002113, KB5002118, KB5002127, KB5002129
    CVE Reference
    CVE-2022-21842, CVE-2022-21837, CVE-2022-21840
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Microsoft has released January 2022 security updates to fix multiple security vulnerabilities.

    This security update contains the following KBs:

    KB5002113
    KB5002118
    KB5002127
    KB5002111
    KB5002109
    KB5002129
    KB5002110
    KB5002108
    KB5001995
    KB5002102

    QID Detection Logic:
    This authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.

    Consequence
    Successful exploitation allows remote code execution.

    Solution
    Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

    KB5002113
    KB5002118
    KB5002127
    KB5002111
    KB5002109
    KB5002129
    KB5002110
    KB5002108
    KB5001995
    KB5002102

    Patches
    Microsoft Office and Microsoft Office Services and Web Apps Security Update
  • CVE-2022-21842+
    Recently Published

    Microsoft Office Security Update for January 2022

    Severity
    Urgent5
    Qualys ID
    110398
    Date Published
    January 12, 2022
    Vendor Reference
    KB4462205, KB5002052, KB5002057, KB5002060, KB5002064, KB5002107, KB5002114, KB5002115, KB5002116, KB5002119, KB5002122, KB5002124, KB5002128
    CVE Reference
    CVE-2022-21842, CVE-2022-21841, CVE-2022-21840
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Microsoft has released January 2022 security updates to fix multiple security vulnerabilities.

    This security update contains the following:

    MacOS Release Notes
    Office Click-2-Run and Office 365 Release Notes
    KB5002057
    KB5002119
    KB5002116
    KB5002122
    KB5002064
    KB5002124
    KB4462205
    KB5002128
    KB5002060
    KB5002115
    KB5002052
    KB5002114
    KB5002107

    QID Detection Logic:
    This authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.

    Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.

    Consequence
    Successful exploitation allows an attacker to execute code remotely.

    Solution
    Refer to Microsoft Security Guidance for more details pertaining to this vulnerability.

    MacOS Release Notes
    Office Click-2-Run and Office 365 Release Notes
    KB5002057
    KB5002119
    KB5002116
    KB5002122
    KB5002064
    KB5002124
    KB4462205
    KB5002128
    KB5002060
    KB5002115
    KB5002052
    KB5002114
    KB5002107

    Patches
    Microsoft office January 2022
  • CVE-2022-21907
    Recently Published

    Microsoft Hypertext Transfer Protocol (HTTP) Protocol Stack Remote Code Execution (RCE) Vulnerability for January 2022

    Severity
    Critical4
    Qualys ID
    91852
    Date Published
    January 12, 2022
    Vendor Reference
    KB5009543, KB5009555, KB5009557, KB5009566
    CVE Reference
    CVE-2022-21907
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Microsoft Windows Security Update - January 2022 The KB Articles associated with the update:
    KB5009557
    KB5009566
    KB5009543
    KB5009555

    This QID checks for the file version of http.sys

    The following versions of http.sys with their corresponding KBs are verified:
    KB5009557 - 10.0.17763.2452
    KB5009543 - 10.0.19041.1466
    KB5009566 - 10.0.22000.434
    KB5009555 - 10.0.20348.469
    Detection also checks for registry key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters" value "EnableTrailerSupport"=dword:00000001 on Windows 10 Version 1809 and Windows Server 2019 Operating Systems.

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the KB5009557
    KB5009566
    KB5009543
    KB5009555
    Patches
    KB5009543, KB5009555, KB5009557, KB5009566
  • CVE-2022-21913+
    Recently Published

    Microsoft Windows Security Update for January 2022

    Severity
    Critical4
    Qualys ID
    91851
    Date Published
    January 12, 2022
    Vendor Reference
    KB5009543, KB5009545, KB5009546, KB5009555, KB5009557, KB5009566, KB5009585, KB5009586, KB5009595, KB5009601, KB5009610, KB5009619, KB5009621, KB5009624, KB5009627
    CVE Reference
    CVE-2022-21913, CVE-2022-21901, CVE-2022-21902, CVE-2022-21900, CVE-2022-21897, CVE-2022-21888, CVE-2022-21885, CVE-2022-21884, CVE-2022-21963, CVE-2022-21962, CVE-2022-21928, CVE-2022-21925, CVE-2022-21924, CVE-2022-21959, CVE-2022-21899, CVE-2022-21898, CVE-2022-21958, CVE-2022-21880, CVE-2022-21881, CVE-2022-21882, CVE-2022-21874, CVE-2022-21905, CVE-2022-21906, CVE-2022-21907, CVE-2022-21912, CVE-2022-21910, CVE-2022-21908, CVE-2022-21904, CVE-2022-21903, CVE-2022-21960, CVE-2022-21896, CVE-2022-21894, CVE-2022-21893, CVE-2022-21892, CVE-2022-21961, CVE-2022-21879, CVE-2022-21878, CVE-2022-21887, CVE-2022-21964, CVE-2022-21876, CVE-2022-21875, CVE-2022-21877, CVE-2022-21873, CVE-2022-21870, CVE-2022-21872, CVE-2022-21868, CVE-2022-21869, CVE-2022-21867, CVE-2022-21866, CVE-2022-21864, CVE-2022-21865, CVE-2022-21863, CVE-2022-21862, CVE-2022-21861, CVE-2022-21859, CVE-2022-21860, CVE-2022-21858, CVE-2022-21857, CVE-2022-21839, CVE-2022-21838, CVE-2022-21836, CVE-2022-21835, CVE-2022-21834, CVE-2022-21833, CVE-2022-21915, CVE-2022-21914, CVE-2022-21895, CVE-2022-21916, CVE-2022-21918, CVE-2022-21919, CVE-2021-36976, CVE-2021-22947, CVE-2022-21852, CVE-2022-21851, CVE-2022-21850, CVE-2022-21871, CVE-2022-21920, CVE-2022-21922, CVE-2022-21921, CVE-2022-21847
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Microsoft Windows Security Update - January 2022 The KB Articles associated with the update:
    KB5009543
    KB5009555
    KB5009557
    KB5009545
    KB5009624
    KB5009595
    KB5009586
    KB5009619
    KB5009610
    KB5009621
    KB5009546
    KB5009585
    KB5009566
    KB5009627
    KB5009601

    This QID checks for the file version of ntoskrnl.exe

    The following versions of ntoskrnl.exe with their corresponding KBs are verified:

    Consequence
    Successful exploit could compromise Confidentiality, Integrity and Availability

    Solution
    Please refer to the KB5009543
    KB5009555
    KB5009557
    KB5009545
    KB5009624
    KB5009595
    KB5009586
    KB5009619
    KB5009610
    KB5009621
    KB5009546
    KB5009585
    KB5009566
    KB5009627
    KB5009601
    Patches
    KB5009543, KB5009545, KB5009546, KB5009555, KB5009557, KB5009566, KB5009585, KB5009586, KB5009595, KB5009601, KB5009610, KB5009619, KB5009621, KB5009624, KB5009627
  • CVE-2022-21889+
    Recently Published

    Microsoft Windows Internet Key Exchange (IKE) Extension Multiple Vulnerabilities for January 2022

    Severity
    Critical4
    Qualys ID
    376232
    Date Published
    January 12, 2022
    Vendor Reference
    CVE-2022-21843, CVE-2022-21848, CVE-2022-21849, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890
    CVE Reference
    CVE-2022-21889, CVE-2022-21843, CVE-2022-21883, CVE-2022-21849, CVE-2022-21848, CVE-2022-21890
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CVE-2022-21889,CVE-2022-21843,CVE-2022-21883,CVE-2022-21848,CVE-2022-21890: Windows IKE Extension Denial of Service Vulnerability
    CVE-2022-21849: Windows IKE Extension Remote Code Execution Vulnerability

    Affected Versions
    Windows IKE affected with the IPSec service running

    QID Detection Logic(Authenticated):
    This authenticated QID flags vulnerable systems by detecting

    Consequence
    Successful exploitation of this vulnerability can lead to denial of service and execution of remote code, which may aid further attacks.
    Solution
    Microsoft has released patch for updates pertaining these vulnerabilities. For more information, please check advisory.
    Patches
    CVE-2022-21843, CVE-2022-21848, CVE-2022-21849, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890
  • CVE-2022-21969+
    Recently Published

    Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability for January 2022

    Severity
    Critical4
    Qualys ID
    50118
    Date Published
    January 12, 2022
    Vendor Reference
    CVE-2022-21846, CVE-2022-21855, CVE-2022-21969
    CVE Reference
    CVE-2022-21969, CVE-2022-21855, CVE-2022-21846
    CVSS Scores
    Base 9 / Temporal 7.8
    Description
    Microsoft Exchange Server Remote Code Execution Vulnerability

    KB Articles associated with this update are: KB5008631

    Affected Versions:
    Microsoft Exchange Server 2019 Cumulative Update 11
    Microsoft Exchange Server 2016 Cumulative Update 22
    Microsoft Exchange Server 2019 Cumulative Update 10
    Microsoft Exchange Server 2016 Cumulative Update 21
    Microsoft Exchange Server 2013 Cumulative Update 23

    QID Detection Logic (authenticated):
    The QID checks for the version of file Exsetup.exe.

    Consequence
    Successful exploitation allows attackers to execute remote code.
    Solution
    Customers are advised to refer to KB5008631 for information pertaining to this vulnerability.
    Patches
    CVE-2022-21846, CVE-2022-21855, CVE-2022-21969
  • CVE-2022-21932
    Recently Published

    Microsoft Dynamics 365 Security Update for January 2022

    Severity
    Critical4
    Qualys ID
    91853
    Date Published
    January 12, 2022
    Vendor Reference
    CVE-2022-21932
    CVE Reference
    CVE-2022-21932
    CVSS Scores
    Base 7.6 / Temporal 6.6
    Description
    Microsoft Dynamics 365 is a product line of enterprise resource planning and customer relationship management intelligent business applications.

    CVE-2022-21932: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

    Affected Software:
    Microsoft Dynamics 365 Customer Engagement V9.0

    QID Detection Logic(Authenticated):
    This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Crm.Setup.Server.exe:

    Consequence
    Successful exploitation of this vulnerability can result into remote code execution.
    Solution
    Customers are advised to refer to CVE-2022-21932 for more details pertaining to this vulnerability.
    Patches
    CVE-2022-21891, CVE-2022-21932
  • CVE-2021-4147+
    Recently Published

    SUSE Enterprise Linux Security Update for libvirt (SUSE-SU-2022:0042-1)

    Severity
    Critical4
    Qualys ID
    751586
    Date Published
    January 12, 2022
    Vendor Reference
    SUSE-SU-2022:0042-1
    CVE Reference
    CVE-2021-4147, CVE-2021-3975
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    SUSE has released a security update for libvirt to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0042-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0042-1
  • CVE-2021-4147+
    Recently Published

    SUSE Enterprise Linux Security Update for libvirt (SUSE-SU-2022:0041-1)

    Severity
    Critical4
    Qualys ID
    751585
    Date Published
    January 12, 2022
    Vendor Reference
    SUSE-SU-2022:0041-1
    CVE Reference
    CVE-2021-4147, CVE-2021-3975
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    SUSE has released a security update for libvirt to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:0041-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:0041-1
  • Recently Published

    EOL/Obsolete Operating System: Fedora 33 Detected

    Severity
    Urgent5
    Qualys ID
    106033
    Date Published
    January 12, 2022
    Vendor Reference
    FEDORA 33 End of Life
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    The host is running Fedora 33. Support for Fedora 33 ended on November 30, 2021. No further updates, including security updates, are available for Fedora 33.
    Consequence
    The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.
    Solution
    Update to the latest version of Fedora Operating System.
    Refer to Fedora for information on this operating system.
  • CVE-2021-22045
    Recently Published

    VMware ESXi 6.7 Patch Release ESXi670-202111101-SG Missing (VMSA-2022-0001)

    Severity
    Critical4
    Qualys ID
    216279
    Date Published
    January 12, 2022
    Vendor Reference
    VMSA-2022-0001
    CVE Reference
    CVE-2021-22045
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    VMware ESXi is an enterprise-level computer virtualization product.

    The CD-ROM device emulation in VMware Workstation, Fusion, and ESXi has a heap-overflow vulnerability.

    Affected Versions:
    VMware ESXi 6.7 prior to build 18828794

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of VMware ESXi with build version using web service present on the target.

    Consequence
    A malicious actor with normal user privilege access to a virtual machine can cause heap-overflow vulnerability via the CD-ROM device emulation.

    Solution
    VMware has released patch for VMware ESXi 6.7 , visit VMware ESXi 6.7 , Patch ReleaseESXi670-202111101-SG
    Refer to VMware advisory VMSA-2022-0001 for more information.

    Patches
    ESXi670-202111101-SG
  • CVE-2021-22045
    Recently Published

    VMware ESXi 6.5 Patch Release ESXi650-202110101-SG Missing (VMSA-2022-0001)

    Severity
    Critical4
    Qualys ID
    216278
    Date Published
    January 12, 2022
    Vendor Reference
    VMSA-2022-0001
    CVE Reference
    CVE-2021-22045
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    VMware ESXi is an enterprise-level computer virtualization product.

    The CD-ROM device emulation in VMware Workstation, Fusion, and ESXi has a heap-overflow vulnerability.

    Affected Versions:
    VMware ESXi 6.5 prior to build 18678235

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable versions of VMware ESXi with build version using web service present on the target.

    Consequence
    A malicious actor with normal user privilege access to a virtual machine can cause heap-overflow vulnerability via the CD-ROM device emulation.

    Solution
    VMware has released patch for VMware ESXi 6.5 , visit VMware ESXi 6.5 , Patch Release ESXi650-202110101-SG
    Refer to VMware advisory VMSA-2022-0001 for more information.

    Patches
    VMware ESXi 6.5 ESXi650-202110101-SG
  • Recently Published

    EOL/Obsolete Software: Apache Log4j 1.X Detected

    Severity
    Urgent5
    Qualys ID
    106032
    Date Published
    January 12, 2022
    Vendor Reference
    Apache Log4j Security Advisory
    CVSS Scores
    Base 10 / Temporal 9.1
    Description
    On August 5, 2015, the Apache Logging Services Project Management Committee (PMC) has announced that the Log4j 1.x logging framework has reached its end of life (EOL) and is no longer officially supported.

    QID Detection: (Authenticated) - Linux
    This QID uses the OS package manager, locate command and ls proc command to check vulnerable versions of log4j
    QID Detection: (Authenticated) - Windows
    On Windows system, the QID identifies vulnerable instance of log4j via WMI query to check log4j included in the running processes via command-line.

    Consequence
    Apache no longer provides security updates for 1.x versions. Obsolete software is more vulnerable to viruses and other attacks.

    Solution
    Customers are advised to upgrade to Apache Log4j 2.X, for more information please refer to Apache Blog.
  • CVE-2021-46141+
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for uriparser (b927b654-7146-11ec-ad4b-5404a68ad561)

    Severity
    Urgent5
    Qualys ID
    690766
    Date Published
    January 10, 2022
    Vendor Reference
    b927b654-7146-11ec-ad4b-5404a68ad561
    CVE Reference
    CVE-2021-46141, CVE-2021-46142
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    FreeBSD has released a security update for uriparser to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory b927b654-7146-11ec-ad4b-5404a68ad561 for updates and patch information.
    Patches
    "FreeBSD" b927b654-7146-11ec-ad4b-5404a68ad561
  • CVE-2021-46144
    Recently Published

    Debian Security Update for roundcube (DSA 5037-1)

    Severity
    Urgent5
    Qualys ID
    178988
    Date Published
    January 10, 2022
    Vendor Reference
    DSA 5037-1
    CVE Reference
    CVE-2021-46144
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    Debian has released a security update for roundcube to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5037-1 for updates and patch information.
    Patches
    Debian DSA 5037-1
  • CVE-2021-4192
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (7077)

    Severity
    Critical4
    Qualys ID
    900500
    Date Published
    January 10, 2022
    Vendor Reference
    7077
    CVE Reference
    CVE-2021-4192
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7077
  • CVE-2021-4173
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (7076)

    Severity
    Critical4
    Qualys ID
    900499
    Date Published
    January 10, 2022
    Vendor Reference
    7076
    CVE Reference
    CVE-2021-4173
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7076
  • CVE-2021-45463
    Recently Published

    Fedora Security Update for gegl04 (FEDORA-2022-a1c5b18362)

    Severity
    Critical4
    Qualys ID
    282221
    Date Published
    January 10, 2022
    Vendor Reference
    FEDORA-2022-a1c5b18362
    CVE Reference
    CVE-2021-45463
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for gegl04 to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-a1c5b18362
  • CVE-2021-44790
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (7035)

    Severity
    Urgent5
    Qualys ID
    900337
    Date Published
    January 10, 2022
    Vendor Reference
    7035
    CVE Reference
    CVE-2021-44790
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7035
  • CVE-2021-43527
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for nss (7020)

    Severity
    Urgent5
    Qualys ID
    900336
    Date Published
    January 10, 2022
    Vendor Reference
    7020
    CVE Reference
    CVE-2021-43527
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for nss to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7020
  • CVE-2021-43267
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6163)

    Severity
    Urgent5
    Qualys ID
    900335
    Date Published
    January 10, 2022
    Vendor Reference
    6163
    CVE Reference
    CVE-2021-43267
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6163
  • CVE-2021-38297
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (6020)

    Severity
    Urgent5
    Qualys ID
    900334
    Date Published
    January 10, 2022
    Vendor Reference
    6020
    CVE Reference
    CVE-2021-38297
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6020
  • CVE-2021-3711
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (6005)

    Severity
    Urgent5
    Qualys ID
    900333
    Date Published
    January 10, 2022
    Vendor Reference
    6005
    CVE Reference
    CVE-2021-3711
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for openssl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6005
  • CVE-2021-39275
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (5917)

    Severity
    Urgent5
    Qualys ID
    900332
    Date Published
    January 10, 2022
    Vendor Reference
    5917
    CVE Reference
    CVE-2021-39275
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5917
  • CVE-2017-12562
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libsndfile (3791)

    Severity
    Urgent5
    Qualys ID
    900330
    Date Published
    January 10, 2022
    Vendor Reference
    3791
    CVE Reference
    CVE-2017-12562
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libsndfile to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 3791
  • CVE-2021-43267+
    Recently Published

    Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5208-1)

    Severity
    Urgent5
    Qualys ID
    198621
    Date Published
    January 10, 2022
    Vendor Reference
    USN-5208-1
    CVE Reference
    CVE-2021-43267, CVE-2021-3760, CVE-2021-43056, CVE-2021-20321, CVE-2021-4002, CVE-2021-41864, CVE-2021-43389
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    The hugetlb implementation in the linux kerneldid not perform tlb flushes under certain conditions.
    A race condition existed in the overlay file systemimplementation in the linux kernel.
    The nfc subsystem in the linux kernel contained ause-after-free vulnerability in its nfc controller interface (nci)implementation.
    An integer overflow could be triggered in the ebpfimplementation in the linux kernel when preallocating objects for stackmaps.
    The kvm implementation for power8 processors in thelinux kernel did not properly keep track if a wakeup event could beresolved by a guest.
    The tipc protocol implementation in the linux kerneldid not properly validate msg_crypto messages in some situations.
    The isdn capi implementation in the linux kernelcontained a race condition in certain situations that could trigger anarray out-of-bounds bug.
    Consequence
    A local attackercould use this to leak or alter data from other processes that use hugepages.
    A local attacker could use this tocause a denial of service (system crash).
    A local attacker could possibly use this to cause a denialof service (system crash) or execute arbitrary code.
    A privileged local attacker could use this to cause a denial ofservice or possibly execute arbitrary code.
    An attacker in a guest vm could possibly use this tocause a denial of service (host os crash).
    Anattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code.
    A privileged local attacker could possibly usethis to cause a denial of service or execute arbitrary code.
    Solution
    Refer to Ubuntu security advisory USN-5208-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5208-1
  • CVE-2021-44790+
    Recently Published

    Ubuntu Security Notification for Apache Hypertext Transfer Protocol (HTTP) Server Vulnerabilities (USN-5212-1)

    Severity
    Urgent5
    Qualys ID
    198620
    Date Published
    January 10, 2022
    Vendor Reference
    USN-5212-1
    CVE Reference
    CVE-2021-44790, CVE-2021-44224
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    The apache http server incorrectly handled certainforward proxy requests.
    The apache http server lua module incorrectlyhandled memory in the multipart parser.
    Consequence
    A remote attacker could use this issue to causethe server to crash, resulting in a denial of service, or possibly performa server side request forgery attack.
    A remote attacker could use thisissue to cause the server to crash, resulting in a denial of service, orpossibly execute arbitrary code.
    Solution
    Refer to Ubuntu security advisory USN-5212-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5212-1
  • CVE-2021-43267+
    Recently Published

    Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5207-1)

    Severity
    Urgent5
    Qualys ID
    198616
    Date Published
    January 10, 2022
    Vendor Reference
    USN-5207-1
    CVE Reference
    CVE-2021-43267, CVE-2021-4002, CVE-2021-42739, CVE-2021-4001
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    The hugetlb implementation in the linux kerneldid not perform tlb flushes under certain conditions.
    The ebpf implementation in the linux kernelcontained a race condition around read-only maps.
    The firedtv firewire driver in the linux kerneldid not properly perform bounds checking in some situations.
    The tipc protocol implementation in the linux kerneldid not properly validate msg_crypto messages in some situations.
    Consequence
    A local attackercould use this to leak or alter data from other processes that use hugepages.
    A privileged attackercould use this to modify read-only maps.
    A localattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code.
    Anattacker could use this to cause a denial of service (system crash) orpossibly execute arbitrary code.
    Solution
    Refer to Ubuntu security advisory USN-5207-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5207-1
  • CVE-2021-43523
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for uclibc-ng (6195)

    Severity
    Urgent5
    Qualys ID
    900338
    Date Published
    January 10, 2022
    Vendor Reference
    6195
    CVE Reference
    CVE-2021-43523
    CVSS Scores
    Base 9.6 / Temporal 8.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for uclibc-ng to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6195
  • CVE-2021-4048
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for lapack (6300)

    Severity
    Urgent5
    Qualys ID
    900340
    Date Published
    January 10, 2022
    Vendor Reference
    6300
    CVE Reference
    CVE-2021-4048
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for lapack to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6300
  • CVE-2021-22945
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for curl (5940)

    Severity
    Urgent5
    Qualys ID
    900339
    Date Published
    January 10, 2022
    Vendor Reference
    5940
    CVE Reference
    CVE-2021-22945
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for curl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5940
  • CVE-2021-40438
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (5489)

    Severity
    Urgent5
    Qualys ID
    900331
    Date Published
    January 10, 2022
    Vendor Reference
    5489
    CVE Reference
    CVE-2021-40438
    CVSS Scores
    Base 9 / Temporal 7.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5489
  • CVE-2021-45116+
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for django (d3e023fb-6e88-11ec-b948-080027240888)

    Severity
    Urgent5
    Qualys ID
    690765
    Date Published
    January 10, 2022
    Vendor Reference
    d3e023fb-6e88-11ec-b948-080027240888
    CVE Reference
    CVE-2021-45116, CVE-2021-45452, CVE-2021-45115
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    FreeBSD has released a security update for django to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory d3e023fb-6e88-11ec-b948-080027240888 for updates and patch information.
    Patches
    "FreeBSD" d3e023fb-6e88-11ec-b948-080027240888
  • CVE-2020-29050
    Recently Published

    Debian Security Update for sphinxsearch (DSA 5036-1)

    Severity
    Urgent5
    Qualys ID
    178987
    Date Published
    January 10, 2022
    Vendor Reference
    DSA 5036-1
    CVE Reference
    CVE-2020-29050
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for sphinxsearch to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5036-1 for updates and patch information.
    Patches
    Debian DSA 5036-1
  • CVE-2021-4002
    Recently Published

    Ubuntu Security Notification for Linux kernel (OEM) Vulnerability (USN-5206-1)

    Severity
    Urgent5
    Qualys ID
    198619
    Date Published
    January 10, 2022
    Vendor Reference
    USN-5206-1
    CVE Reference
    CVE-2021-4002
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    The hugetlb implementation in the linux kerneldid not perform tlb flushes under certain conditions.
    Consequence
    A local attackercould use this to leak or alter data from other processes that use hugepages.
    Solution
    Refer to Ubuntu security advisory USN-5206-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5206-1
  • CVE-2017-8361
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libsndfile (3838)

    Severity
    Critical4
    Qualys ID
    900350
    Date Published
    January 10, 2022
    Vendor Reference
    3838
    CVE Reference
    CVE-2017-8361
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libsndfile to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 3838
  • CVE-2018-13139
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libsndfile (3852)

    Severity
    Critical4
    Qualys ID
    900349
    Date Published
    January 10, 2022
    Vendor Reference
    3852
    CVE Reference
    CVE-2018-13139
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libsndfile to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 3852
  • CVE-2017-6892
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libsndfile (3848)

    Severity
    Critical4
    Qualys ID
    900348
    Date Published
    January 10, 2022
    Vendor Reference
    3848
    CVE Reference
    CVE-2017-6892
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libsndfile to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 3848
  • CVE-2021-32626
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for redis (5965)

    Severity
    Critical4
    Qualys ID
    900347
    Date Published
    January 10, 2022
    Vendor Reference
    5965
    CVE Reference
    CVE-2021-32626
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for redis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5965
  • CVE-2021-3653
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (5952)

    Severity
    Critical4
    Qualys ID
    900346
    Date Published
    January 10, 2022
    Vendor Reference
    5952
    CVE Reference
    CVE-2021-3653
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5952
  • CVE-2021-32762
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for redis (5970)

    Severity
    Critical4
    Qualys ID
    900345
    Date Published
    January 10, 2022
    Vendor Reference
    5970
    CVE Reference
    CVE-2021-32762
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for redis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5970
  • CVE-2021-39537
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (5935)

    Severity
    Critical4
    Qualys ID
    900343
    Date Published
    January 10, 2022
    Vendor Reference
    5935
    CVE Reference
    CVE-2021-39537
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ncurses to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5935
  • CVE-2020-7014
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for rubygem-elasticsearch (6272)

    Severity
    Critical4
    Qualys ID
    900342
    Date Published
    January 10, 2022
    Vendor Reference
    6272
    CVE Reference
    CVE-2020-7014
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for rubygem-elasticsearch to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6272
  • CVE-2020-7009
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for rubygem-elasticsearch (6271)

    Severity
    Critical4
    Qualys ID
    900341
    Date Published
    January 10, 2022
    Vendor Reference
    6271
    CVE Reference
    CVE-2020-7009
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for rubygem-elasticsearch to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6271
  • CVE-2021-32690
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for helm (5486)

    Severity
    Critical4
    Qualys ID
    900351
    Date Published
    January 10, 2022
    Vendor Reference
    5486
    CVE Reference
    CVE-2021-32690
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for helm to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5486
  • CVE-2021-44224
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (7034)

    Severity
    Critical4
    Qualys ID
    900352
    Date Published
    January 10, 2022
    Vendor Reference
    7034
    CVE Reference
    CVE-2021-44224
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7034
  • CVE-2021-3935
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for pgbouncer (6245)

    Severity
    Critical4
    Qualys ID
    900357
    Date Published
    January 10, 2022
    Vendor Reference
    6245
    CVE Reference
    CVE-2021-3935
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for pgbouncer to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6245
  • CVE-2021-25741
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kubernetes (6285)

    Severity
    Critical4
    Qualys ID
    900356
    Date Published
    January 10, 2022
    Vendor Reference
    6285
    CVE Reference
    CVE-2021-25741
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kubernetes to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6285
  • CVE-2017-14245
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libsndfile (3793)

    Severity
    Critical4
    Qualys ID
    900355
    Date Published
    January 10, 2022
    Vendor Reference
    3793
    CVE Reference
    CVE-2017-14245
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libsndfile to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 3793
  • CVE-2018-19662
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libsndfile (3795)

    Severity
    Critical4
    Qualys ID
    900354
    Date Published
    January 10, 2022
    Vendor Reference
    3795
    CVE Reference
    CVE-2018-19662
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libsndfile to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 3795
  • CVE-2017-14246
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libsndfile (3798)

    Severity
    Critical4
    Qualys ID
    900353
    Date Published
    January 10, 2022
    Vendor Reference
    3798
    CVE Reference
    CVE-2017-14246
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libsndfile to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 3798
  • CVE-2021-3968
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (6233)

    Severity
    Critical4
    Qualys ID
    900358
    Date Published
    January 10, 2022
    Vendor Reference
    6233
    CVE Reference
    CVE-2021-3968
    CVSS Scores
    Base 8 / Temporal 7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6233
  • CVE-2021-45469
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (7064)

    Severity
    Critical4
    Qualys ID
    900381
    Date Published
    January 10, 2022
    Vendor Reference
    7064
    CVE Reference
    CVE-2021-45469
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7064
  • CVE-2021-45078
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for binutils (7026)

    Severity
    Critical4
    Qualys ID
    900380
    Date Published
    January 10, 2022
    Vendor Reference
    7026
    CVE Reference
    CVE-2021-45078
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for binutils to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7026
  • CVE-2021-4019
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (6290)

    Severity
    Critical4
    Qualys ID
    900379
    Date Published
    January 10, 2022
    Vendor Reference
    6290
    CVE Reference
    CVE-2021-4019
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6290
  • CVE-2021-3984
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (6289)

    Severity
    Critical4
    Qualys ID
    900378
    Date Published
    January 10, 2022
    Vendor Reference
    6289
    CVE Reference
    CVE-2021-3984
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6289
  • CVE-2021-37322
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for gcc (7016)

    Severity
    Critical4
    Qualys ID
    900377
    Date Published
    January 10, 2022
    Vendor Reference
    7016
    CVE Reference
    CVE-2021-37322
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for gcc to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7016
  • CVE-2021-4136
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (7051)

    Severity
    Critical4
    Qualys ID
    900376
    Date Published
    January 10, 2022
    Vendor Reference
    7051
    CVE Reference
    CVE-2021-4136
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7051
  • CVE-2021-4069
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (6297)

    Severity
    Critical4
    Qualys ID
    900375
    Date Published
    January 10, 2022
    Vendor Reference
    6297
    CVE Reference
    CVE-2021-4069
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6297
  • CVE-2020-18032
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for graphviz (5484)

    Severity
    Critical4
    Qualys ID
    900374
    Date Published
    January 10, 2022
    Vendor Reference
    5484
    CVE Reference
    CVE-2020-18032
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for graphviz to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5484
  • CVE-2021-3778
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (5482)

    Severity
    Critical4
    Qualys ID
    900373
    Date Published
    January 10, 2022
    Vendor Reference
    5482
    CVE Reference
    CVE-2021-3778
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5482
  • CVE-2021-41864
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (5947)

    Severity
    Critical4
    Qualys ID
    900372
    Date Published
    January 10, 2022
    Vendor Reference
    5947
    CVE Reference
    CVE-2021-41864
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5947
  • CVE-2021-41073
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (5934)

    Severity
    Critical4
    Qualys ID
    900371
    Date Published
    January 10, 2022
    Vendor Reference
    5934
    CVE Reference
    CVE-2021-41073
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5934
  • CVE-2021-38300
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (5901)

    Severity
    Critical4
    Qualys ID
    900370
    Date Published
    January 10, 2022
    Vendor Reference
    5901
    CVE Reference
    CVE-2021-38300
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5901
  • CVE-2021-42008
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (5963)

    Severity
    Critical4
    Qualys ID
    900369
    Date Published
    January 10, 2022
    Vendor Reference
    5963
    CVE Reference
    CVE-2021-42008
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5963
  • CVE-2021-42771
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for babel (6032)

    Severity
    Critical4
    Qualys ID
    900368
    Date Published
    January 10, 2022
    Vendor Reference
    6032
    CVE Reference
    CVE-2021-42771
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for babel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6032
  • CVE-2021-3872
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (6028)

    Severity
    Critical4
    Qualys ID
    900367
    Date Published
    January 10, 2022
    Vendor Reference
    6028
    CVE Reference
    CVE-2021-3872
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6028
  • CVE-2021-42252
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6014)

    Severity
    Critical4
    Qualys ID
    900366
    Date Published
    January 10, 2022
    Vendor Reference
    6014
    CVE Reference
    CVE-2021-42252
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6014
  • CVE-2021-43057
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6162)

    Severity
    Critical4
    Qualys ID
    900365
    Date Published
    January 10, 2022
    Vendor Reference
    6162
    CVE Reference
    CVE-2021-43057
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6162
  • CVE-2021-3903
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (6155)

    Severity
    Critical4
    Qualys ID
    900364
    Date Published
    January 10, 2022
    Vendor Reference
    6155
    CVE Reference
    CVE-2021-3903
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6155
  • CVE-2021-41103
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd (6154)

    Severity
    Critical4
    Qualys ID
    900363
    Date Published
    January 10, 2022
    Vendor Reference
    6154
    CVE Reference
    CVE-2021-41103
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for moby-containerd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6154
  • CVE-2021-3928
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (6165)

    Severity
    Critical4
    Qualys ID
    900362
    Date Published
    January 10, 2022
    Vendor Reference
    6165
    CVE Reference
    CVE-2021-3928
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6165
  • CVE-2021-3927
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (6172)

    Severity
    Critical4
    Qualys ID
    900361
    Date Published
    January 10, 2022
    Vendor Reference
    6172
    CVE Reference
    CVE-2021-3927
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6172
  • CVE-2021-3974
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (6235)

    Severity
    Critical4
    Qualys ID
    900360
    Date Published
    January 10, 2022
    Vendor Reference
    6235
    CVE Reference
    CVE-2021-3974
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6235
  • CVE-2021-3973
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (6234)

    Severity
    Critical4
    Qualys ID
    900359
    Date Published
    January 10, 2022
    Vendor Reference
    6234
    CVE Reference
    CVE-2021-3973
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6234
  • CVE-2020-26541+
    Recently Published

    Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5210-1)

    Severity
    Critical4
    Qualys ID
    198618
    Date Published
    January 10, 2022
    Vendor Reference
    USN-5210-1
    CVE Reference
    CVE-2020-26541, CVE-2021-3760, CVE-2021-43056, CVE-2021-20321, CVE-2021-4002, CVE-2021-41864, CVE-2021-43389
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    The hugetlb implementation in the linux kerneldid not perform tlb flushes under certain conditions.
    The linux kernel did not properly enforce certaintypes of entries in the secure boot forbidden signature database (aka dbx)protection mechanism.
    A race condition existed in the overlay file systemimplementation in the linux kernel.
    The nfc subsystem in the linux kernel contained ause-after-free vulnerability in its nfc controller interface (nci)implementation.
    An integer overflow could be triggered in the ebpfimplementation in the linux kernel when preallocating objects for stackmaps.
    The kvm implementation for power8 processors in thelinux kernel did not properly keep track if a wakeup event could beresolved by a guest.
    The isdn capi implementation in the linux kernelcontained a race condition in certain situations that could trigger anarray out-of-bounds bug.
    Consequence
    A local attackercould use this to leak or alter data from other processes that use hugepages.
    An attacker could use this to bypass uefi secure bootrestrictions.
    A local attacker could use this tocause a denial of service (system crash).
    A local attacker could possibly use this to cause a denialof service (system crash) or execute arbitrary code.
    A privileged local attacker could use this to cause a denial ofservice or possibly execute arbitrary code.
    An attacker in a guest vm could possibly use this tocause a denial of service (host os crash).
    A privileged local attacker could possibly usethis to cause a denial of service or execute arbitrary code.
    Solution
    Refer to Ubuntu security advisory USN-5210-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5210-1
  • CVE-2021-20317+
    Recently Published

    Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5209-1)

    Severity
    Critical4
    Qualys ID
    198617
    Date Published
    January 10, 2022
    Vendor Reference
    USN-5209-1
    CVE Reference
    CVE-2021-20317, CVE-2021-3760, CVE-2021-20321, CVE-2021-4002, CVE-2021-41864, CVE-2021-43389
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    The hugetlb implementation in the linux kerneldid not perform tlb flushes under certain conditions.
    A race condition existed in the timer implementationin the linux kernel.
    A race condition existed in the overlay file systemimplementation in the linux kernel.
    The nfc subsystem in the linux kernel contained ause-after-free vulnerability in its nfc controller interface (nci)implementation.
    An integer overflow could be triggered in the ebpfimplementation in the linux kernel when preallocating objects for stackmaps.
    The isdn capi implementation in the linux kernelcontained a race condition in certain situations that could trigger anarray out-of-bounds bug.
    Consequence
    A local attackercould use this to leak or alter data from other processes that use hugepages.
    A privileged attacker could use this cause a denial ofservice.
    A local attacker could use this tocause a denial of service (system crash).
    A local attacker could possibly use this to cause a denialof service (system crash) or execute arbitrary code.
    A privileged local attacker could use this to cause a denial ofservice or possibly execute arbitrary code.
    A privileged local attacker could possibly usethis to cause a denial of service or execute arbitrary code.
    Solution
    Refer to Ubuntu security advisory USN-5209-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5209-1
  • CVE-2019-15903
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (6265)

    Severity
    Critical4
    Qualys ID
    900404
    Date Published
    January 10, 2022
    Vendor Reference
    6265
    CVE Reference
    CVE-2019-15903
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6265
  • CVE-2021-43618
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for gmp (6224)

    Severity
    Critical4
    Qualys ID
    900403
    Date Published
    January 10, 2022
    Vendor Reference
    6224
    CVE Reference
    CVE-2021-43618
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for gmp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6224
  • CVE-2021-41991
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for strongswan (6027)

    Severity
    Critical4
    Qualys ID
    900402
    Date Published
    January 10, 2022
    Vendor Reference
    6027
    CVE Reference
    CVE-2021-41991
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for strongswan to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6027
  • CVE-2021-41990
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for strongswan (6025)

    Severity
    Critical4
    Qualys ID
    900401
    Date Published
    January 10, 2022
    Vendor Reference
    6025
    CVE Reference
    CVE-2021-41990
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for strongswan to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6025
  • CVE-2021-20228
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ansible (6008)

    Severity
    Critical4
    Qualys ID
    900400
    Date Published
    January 10, 2022
    Vendor Reference
    6008
    CVE Reference
    CVE-2021-20228
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ansible to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6008
  • CVE-2021-36222
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (5994)

    Severity
    Critical4
    Qualys ID
    900399
    Date Published
    January 10, 2022
    Vendor Reference
    5994
    CVE Reference
    CVE-2021-36222
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for krb5 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5994
  • CVE-2020-28196
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (5993)

    Severity
    Critical4
    Qualys ID
    900398
    Date Published
    January 10, 2022
    Vendor Reference
    5993
    CVE Reference
    CVE-2020-28196
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for krb5 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5993
  • CVE-2019-14844
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (5992)

    Severity
    Critical4
    Qualys ID
    900397
    Date Published
    January 10, 2022
    Vendor Reference
    5992
    CVE Reference
    CVE-2019-14844
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for krb5 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5992
  • CVE-2021-41099
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for redis (5971)

    Severity
    Critical4
    Qualys ID
    900396
    Date Published
    January 10, 2022
    Vendor Reference
    5971
    CVE Reference
    CVE-2021-41099
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for redis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5971
  • CVE-2021-41773
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (5962)

    Severity
    Critical4
    Qualys ID
    900395
    Date Published
    January 10, 2022
    Vendor Reference
    5962
    CVE Reference
    CVE-2021-41773
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5962
  • CVE-2021-41524
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (5961)

    Severity
    Critical4
    Qualys ID
    900394
    Date Published
    January 10, 2022
    Vendor Reference
    5961
    CVE Reference
    CVE-2021-41524
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5961
  • CVE-2021-32687
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for redis (5969)

    Severity
    Critical4
    Qualys ID
    900393
    Date Published
    January 10, 2022
    Vendor Reference
    5969
    CVE Reference
    CVE-2021-32687
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for redis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5969
  • CVE-2021-32675
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for redis (5968)

    Severity
    Critical4
    Qualys ID
    900392
    Date Published
    January 10, 2022
    Vendor Reference
    5968
    CVE Reference
    CVE-2021-32675
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for redis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5968
  • CVE-2021-32628
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for redis (5967)

    Severity
    Critical4
    Qualys ID
    900391
    Date Published
    January 10, 2022
    Vendor Reference
    5967
    CVE Reference
    CVE-2021-32628
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for redis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5967
  • CVE-2021-32627
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for redis (5966)

    Severity
    Critical4
    Qualys ID
    900390
    Date Published
    January 10, 2022
    Vendor Reference
    5966
    CVE Reference
    CVE-2021-32627
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for redis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5966
  • CVE-2021-22946
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for curl (5943)

    Severity
    Critical4
    Qualys ID
    900389
    Date Published
    January 10, 2022
    Vendor Reference
    5943
    CVE Reference
    CVE-2021-22946
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for curl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5943
  • CVE-2021-41054
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for atftp (5481)

    Severity
    Critical4
    Qualys ID
    900388
    Date Published
    January 10, 2022
    Vendor Reference
    5481
    CVE Reference
    CVE-2021-41054
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for atftp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5481
  • CVE-2021-36160
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (5488)

    Severity
    Critical4
    Qualys ID
    900387
    Date Published
    January 10, 2022
    Vendor Reference
    5488
    CVE Reference
    CVE-2021-36160
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5488
  • CVE-2021-34798
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (5487)

    Severity
    Critical4
    Qualys ID
    900386
    Date Published
    January 10, 2022
    Vendor Reference
    5487
    CVE Reference
    CVE-2021-34798
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5487
  • CVE-2021-40145
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for gd (6269)

    Severity
    Critical4
    Qualys ID
    900385
    Date Published
    January 10, 2022
    Vendor Reference
    6269
    CVE Reference
    CVE-2021-40145
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for gd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6269
  • CVE-2021-41186
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for rubygem-fluentd (6279)

    Severity
    Critical4
    Qualys ID
    900384
    Date Published
    January 10, 2022
    Vendor Reference
    6279
    CVE Reference
    CVE-2021-41186
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for rubygem-fluentd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6279
  • CVE-2021-41495
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for numpy (7036)

    Severity
    Critical4
    Qualys ID
    900383
    Date Published
    January 10, 2022
    Vendor Reference
    7036
    CVE Reference
    CVE-2021-41495
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for numpy to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7036
  • CVE-2021-41496
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for numpy (7050)

    Severity
    Critical4
    Qualys ID
    900382
    Date Published
    January 10, 2022
    Vendor Reference
    7050
    CVE Reference
    CVE-2021-41496
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for numpy to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7050
  • CVE-2021-3712
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (6006)

    Severity
    Critical4
    Qualys ID
    900406
    Date Published
    January 10, 2022
    Vendor Reference
    6006
    CVE Reference
    CVE-2021-3712
    CVSS Scores
    Base 7.4 / Temporal 6.4
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for openssl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6006
  • CVE-2021-3796
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (5493)

    Severity
    Critical4
    Qualys ID
    900344
    Date Published
    January 10, 2022
    Vendor Reference
    5493
    CVE Reference
    CVE-2021-3796
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 5493
  • CVE-2021-42386
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (6194)

    Severity
    Critical4
    Qualys ID
    900415
    Date Published
    January 10, 2022
    Vendor Reference
    6194
    CVE Reference
    CVE-2021-42386
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for busybox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6194
  • CVE-2021-42385
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (6193)

    Severity
    Critical4
    Qualys ID
    900414
    Date Published
    January 10, 2022
    Vendor Reference
    6193
    CVE Reference
    CVE-2021-42385
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for busybox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6193
  • CVE-2021-42384
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (6192)

    Severity
    Critical4
    Qualys ID
    900413
    Date Published
    January 10, 2022
    Vendor Reference
    6192
    CVE Reference
    CVE-2021-42384
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for busybox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6192
  • CVE-2021-42382
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (6191)

    Severity
    Critical4
    Qualys ID
    900412
    Date Published
    January 10, 2022
    Vendor Reference
    6191
    CVE Reference
    CVE-2021-42382
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for busybox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6191
  • CVE-2021-42381
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (6190)

    Severity
    Critical4
    Qualys ID
    900411
    Date Published
    January 10, 2022
    Vendor Reference
    6190
    CVE Reference
    CVE-2021-42381
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for busybox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6190
  • CVE-2021-42380
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (6189)

    Severity
    Critical4
    Qualys ID
    900410
    Date Published
    January 10, 2022
    Vendor Reference
    6189
    CVE Reference
    CVE-2021-42380
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for busybox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6189
  • CVE-2021-42379
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (6188)

    Severity
    Critical4
    Qualys ID
    900409
    Date Published
    January 10, 2022
    Vendor Reference
    6188
    CVE Reference
    CVE-2021-42379
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for busybox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6188
  • CVE-2021-42378
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (6187)

    Severity
    Critical4
    Qualys ID
    900408
    Date Published
    January 10, 2022
    Vendor Reference
    6187
    CVE Reference
    CVE-2021-42378
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for busybox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 6187
  • CVE-2021-4166
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (7068)

    Severity
    Critical4
    Qualys ID
    900419
    Date Published
    January 10, 2022
    Vendor Reference
    7068
    CVE Reference
    CVE-2021-4166
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 7068
  • CVE-2021-43818
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for python-lxml (7021)

    Severity
    Critical4
    Qualys ID
    900418
    Date Published
    January 10, 2022
    Vendor Reference
    7021
    CVE Reference
    CVE-2021-43818
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for python-lxml to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mar