Vulnerability Detection Pipeline

Upcoming and New QIDs

Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for all severities.

Disclaimer: The Vulnerability Detection Pipeline is intended to give users an early insight into some of the CVEs the Qualys Research Team is investigating. It may not show all the CVEs that are actively being investigated. Specific CVE feature requests filed via a Qualys Support case may or may not show up on this page. Please reach out to Qualys Support for status of such support cases.

Detection Status

  • Under investigation: We are researching a detection and will publish one if it is feasible.
  • In development: We are coding a detection and will typically publish it within a few days.
  • Recently published: We have published the detection on the date indicated, and it will typically be available in the KnowledgeBase on shared platforms within a day.

Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.

Displaying QID development activity from through last updated:
707 results
CVE
Qualys ID
Title
Severity
  • CVE-2022-24963+
    QID: 355339
    In Development

    Amazon Linux Security Advisory for apr : ALAS2023-2023-016

    Severity
    Urgent5
    Qualys ID
    355339
    Vendor Reference
    ALAS2023-2023-016
    CVE Reference
    CVE-2022-24963, CVE-2021-35940
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    An out-of-bounds array read in the apr_time_exp*() functions was fixed in the apache portable runtime 1.6.3 release (cve-2017-12613).
    The fix for this issue was not carried forward to the apr 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (
    ( CVE-2021-35940) integer overflow or wraparound vulnerability in apr_base64 functions of apache portable runtime utility (apr-util) allows an attacker to write beyond bounds of a buffer.
    This issue affects apache portable runtime utility (apr-util) 1.6.1 and prior versions. (
    ( CVE-2022-24963)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2023-2023-016 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2023 ALAS2023-2023-016
  • CVE-2022-0336+
    QID: 355336
    In Development

    Amazon Linux Security Advisory for samba : ALAS2023-2023-032

    Severity
    Urgent5
    Qualys ID
    355336
    Vendor Reference
    ALAS2023-2023-032
    CVE Reference
    CVE-2022-0336, CVE-2022-1615, CVE-2021-43566, CVE-2022-37967, CVE-2022-37966, CVE-2022-3592, CVE-2022-3437, CVE-2022-32746, CVE-2022-45141, CVE-2022-32743, CVE-2022-32742, CVE-2022-38023
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    all versions of samba prior to 4.13.16 are vulnerable to a malicious client using an smb1 or nfs race to allow a directory to be created in an area of the server file system not exported under the share definition.
    Note that smb1 has to be enabled, or the share also available via nfs in order for this attack to succeed. (
    ( CVE-2021-43566) samba ad users with permission to write to an account can impersonate arbitrary services (cve-2022-0336) in samba, gnutls gnutls_rnd() can fail and give predictable random values. (
    ( CVE-2022-1615) a flaw was found in samba.
    Some smb1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data.
    The client cannot control the area of the server memory written to the file (or printer). (
    ( CVE-2022-32742) samba does not validate the validated-dns-host-name right for the dnshostname attribute which could permit unprivileged users to write it. (
    ( CVE-2022-32743) a flaw was found in the samba ad ldap server.
    The ad dc database audit logging module can access ldap message values freed by a preceding database module, resulting in a use-after-free issue.
    This issue is only possible when modifying certain privileged attributes, such as useraccountcontrol. (
    ( CVE-2022-32746) a heap-based buffer overflow vulnerability was found in samba within the gssapi unwrap_des() and unwrap_des3() routines of heimdal.
    The des and triple-des decryption routines in the heimdal gssapi library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet.

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2023-2023-032 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2023 ALAS2023-2023-032
  • CVE-2015-10082
    QID: 355333
    Recently Published

    Amazon Linux Security Advisory for libplist : ALAS2-2023-2067

    Severity
    Urgent5
    Qualys ID
    355333
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2067
    CVE Reference
    CVE-2015-10082
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    A vulnerability classified as problematic has been found in uikit0 libplist 1.12.
    This affects the function plist_from_xml of the file src/xplist.c of the component xml handler.
    The manipulation leads to xml external entity reference.
    The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440.
    It is recommended to apply a patch to fix this issue.
    The associated identifier of this vulnerability is vdb-221499. (
    ( CVE-2015-10082)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2067 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2067
  • CVE-2022-45062
    QID: 199398
    In Development

    Ubuntu Security Notification for xfce4-settings Vulnerability (USN-6141-1)

    Severity
    Urgent5
    Qualys ID
    199398
    Vendor Reference
    USN-6141-1
    CVE Reference
    CVE-2022-45062
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Ubuntu has released a security update for xfce4-settings to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6141-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6141-1
  • CVE-2022-41724+
    QID: 199396
    In Development

    Ubuntu Security Notification for Go Vulnerabilities (USN-6140-1)

    Severity
    Urgent5
    Qualys ID
    199396
    Vendor Reference
    USN-6140-1
    CVE Reference
    CVE-2022-41724, CVE-2023-29400, CVE-2022-41725, CVE-2023-24537, CVE-2023-24534, CVE-2023-24540, CVE-2023-24539, CVE-2023-24538
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Ubuntu has released a security update for go to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6140-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6140-1
  • CVE-2022-27774+
    QID: 754069
    In Development

    SUSE Enterprise Linux Security Update for curl (SUSE-SU-2023:2225-1)

    Severity
    Urgent5
    Qualys ID
    754069
    Vendor Reference
    SUSE-SU-2023:2225-1
    CVE Reference
    CVE-2022-27774, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    SUSE has released a security update for curl to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2225-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2225-1
  • CVE-2019-12523+
    QID: 355319
    Recently Published

    Amazon Linux Security Advisory for squid : ALAS2-2023-2065

    Severity
    Urgent5
    Qualys ID
    355319
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2065
    CVE Reference
    CVE-2019-12523, CVE-2019-18676
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description

    An issue was discovered in squid before 4.9.
    When handling a urn request, a corresponding http request is made.
    This http request doesn't go through the access checks that incoming http requests go through.
    This causes all access checks to be bypassed and allows access to restricted http servers, e.g., an attacker can connect to http servers that only listen on localhost. (
    ( CVE-2019-12523) an issue was discovered in squid 3.x and 4.x through 4.8.
    Due to incorrect input validation, there is a heap-based buffer overflow that can result in denial of service to all clients using the proxy.
    Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted uri scheme. (
    ( CVE-2019-18676)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2065 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2065
  • CVE-2021-28235+
    QID: 241582
    Recently Published

    Red Hat Update for OpenStack Platform 16.2 (RHSA-2023:3445)

    Severity
    Critical4
    Qualys ID
    241582
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3445
    CVE Reference
    CVE-2021-28235, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-29400
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    A highly-available key value store for shared configuration..Security Fix(es):
      information discosure via debug function (cve-2021-28235).
      Html/template: improper handling of javascript whitespace.
    <H2></H2>
      Red Hat openstack for ibm power 16.2 ppc64le.
      Red hat openstack 16.2 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3445 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3445
  • CVE-2021-28235+
    QID: 241581
    Recently Published

    Red Hat Update for OpenStack Platform 17.0 (RHSA-2023:3441)

    Severity
    Critical4
    Qualys ID
    241581
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3441
    CVE Reference
    CVE-2021-28235, CVE-2023-32082
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    A highly-available key value store for shared configuration..Security Fix(es):
      information discosure via debug function (cve-2021-28235).
      Key name can be accessed via leasetimetolive api (cve-2023-32082).
    <H2></H2>
      Red Hat openstack 17 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3441 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3441
  • CVE-2021-28235+
    QID: 241580
    Recently Published

    Red Hat Update for OpenStack Platform 16.1 (RHSA-2023:3447)

    Severity
    Critical4
    Qualys ID
    241580
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3447
    CVE Reference
    CVE-2021-28235, CVE-2022-41723
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    A highly-available key value store for shared configuration..Security Fix(es):
      information discosure via debug function (cve-2021-28235).
      Golang.org/x/net/http2: avoid quadratic complexity in hpack decoding.
    <H2></H2>
      Red Hat openstack for ibm power 16.1 ppc64le.
      Red hat openstack 16.1 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3447 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3447
  • CVE-2022-22489
    QID: 378551
    Under Investigation

    IBM MQ Explorer XML External Entity Injection (XXE) Vulnerability (6613021)

    Severity
    Critical4
    Qualys ID
    378551
    Vendor Reference
    6613021
    CVE Reference
    CVE-2022-22489
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    BM MQ is a message oriented middleware that allows independent and non-concurrent applications on a distributed system to communicate with each other.

    IBM MQ Explorer is vulnerable to an XML External Entity Injection (XXE) attack.

    Affected Version:
    IBM MQ 8.0, 9.0, 9.1, 9.2

    QID Detection Logic: (Authenticated)
    Operating System: Windows
    It checks for vulnerable IBM MQ versions.

    Operating System: Linux
    The QID runs the command "/opt/mqm/bin/dspmqver -v | grep -A3 '^Name'" and "/usr/mqm/bin/dspmqver -v | grep -A3 '^Name'" (for AIX only) to see if the system is running a vulnerable version of IBM MQ or not.

    Consequence
    A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
    Solution
    Please refer to advisory IBM MQ 6613021 for further information.

    Patches
    6613021
  • CVE-2023-24805
    QID: 941133
    In Development

    AlmaLinux Security Update for cups-filters (ALSA-2023:3423)

    Severity
    Critical4
    Qualys ID
    941133
    Vendor Reference
    ALSA-2023:3423
    CVE Reference
    CVE-2023-24805
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    AlmaLinux has released a security update for cups-filters to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2023:3423 for updates and patch information.
    Patches
    AlmaLinux ALSA-2023:3423
  • CVE-2023-24805
    QID: 941130
    In Development

    AlmaLinux Security Update for cups-filters (ALSA-2023:3425)

    Severity
    Critical4
    Qualys ID
    941130
    Vendor Reference
    ALSA-2023:3425
    CVE Reference
    CVE-2023-24805
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    AlmaLinux has released a security update for cups-filters to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2023:3425 for updates and patch information.
    Patches
    AlmaLinux ALSA-2023:3425
  • CVE-2023-24805
    QID: 241587
    In Development

    Red Hat Update for cups-filters (RHSA-2023:3426)

    Severity
    Critical4
    Qualys ID
    241587
    Vendor Reference
    RHSA-2023:3426
    CVE Reference
    CVE-2023-24805
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    The cups-filters package contains back ends, filters, and other software that was once part of the core common unix printing system (cups) distribution but is now maintained independently. ..
    Security fix(es):
      cups-filters: remote code execution in cups-filters, beh cups backend (cve-2023-24805).
    Affected Products:
      Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64.
      Red hat enterprise linux server - aus 8.6 x86_64.
      Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x.
      Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le.
      Red hat enterprise linux server - tus 8.6 x86_64.
      Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
      Red hat codeready linux builder for x86_64 - extended update support 8.6 x86_64.
      Red hat codeready linux builder for power, little endian - extended update support 8.6 ppc64le.
      Red hat codeready linux builder for ibm z systems - extended update support 8.6 s390x.
      Red hat codeready linux builder for arm 64 - extended update support 8.6 aarch64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3426 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3426
  • CVE-2023-24805
    QID: 241584
    In Development

    Red Hat Update for cups-filters (RHSA-2023:3425)

    Severity
    Critical4
    Qualys ID
    241584
    Vendor Reference
    RHSA-2023:3425
    CVE Reference
    CVE-2023-24805
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    The cups-filters package contains back ends, filters, and other software that was once part of the core common unix printing system (cups) distribution but is now maintained independently. ..
    Security fix(es):
      cups-filters: remote code execution in cups-filters, beh cups backend (cve-2023-24805).
    <H2></H2>
      Red Hat enterprise linux for x86_64 8 x86_64.
      Red hat enterprise linux for x86_64 - extended update support 8.8 x86_64.
      Red hat enterprise linux server - aus 8.8 x86_64.
      Red hat enterprise linux for ibm z systems 8 s390x.
      Red hat enterprise linux for ibm z systems - extended update support 8.8 s390x.
      Red hat enterprise linux for power, little endian 8 ppc64le.
      Red hat enterprise linux for power, little endian - extended update support 8.8 ppc64le.
      Red hat enterprise linux server - tus 8.8 x86_64.
      Red hat enterprise linux for arm 64 8 aarch64.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.8 x86_64.
      Red hat codeready linux builder for x86_64 8 x86_64.
      Red hat codeready linux builder for power, little endian 8 ppc64le.
      Red hat codeready linux builder for arm 64 8 aarch64.
      Red hat codeready linux builder for ibm z systems 8 s390x.
      Red hat enterprise linux for arm 64 - extended update support 8.8 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.8 ppc64le.
      Red hat codeready linux builder for x86_64 - extended update support 8.8 x86_64.
      Red hat codeready linux builder for power, little endian - extended update support 8.8 ppc64le.
      Red hat codeready linux builder for ibm z systems - extended update support 8.8 s390x.
      Red hat codeready linux builder for arm 64 - extended update support 8.8 aarch64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3425 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3425
  • CVE-2023-24805
    QID: 241579
    Recently Published

    Red Hat Update for cups-filters (RHSA-2023:3424)

    Severity
    Critical4
    Qualys ID
    241579
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3424
    CVE Reference
    CVE-2023-24805
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    The cups-filters package contains back ends, filters, and other software that was once part of the core common unix printing system (cups) distribution but is now maintained independently. ..
    Security fix(es):
      cups-filters: remote code execution in cups-filters, beh cups backend (cve-2023-24805).
    Affected Products:
      Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64.
      Red hat enterprise linux for ibm z systems - extended update support 9.0 s390x.
      Red hat enterprise linux for power, little endian - extended update support 9.0 ppc64le.
      Red hat enterprise linux for arm 64 - extended update support 9.0 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 9.0 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 9.0 x86_64.
      Red hat codeready linux builder for x86_64 - extended update support 9.0 x86_64.
      Red hat codeready linux builder for power, little endian - extended update support 9.0 ppc64le.
      Red hat codeready linux builder for ibm z systems - extended update support 9.0 s390x.
      Red hat codeready linux builder for arm 64 - extended update support 9.0 aarch64.
      Red hat enterprise linux server for arm 64 - 4 years of updates 9.0 aarch64.
      Red hat enterprise linux server for ibm z systems - 4 years of updates 9.0 s390x.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3424 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3424
  • CVE-2023-24805
    QID: 241578
    Recently Published

    Red Hat Update for cups-filters (RHSA-2023:3427)

    Severity
    Critical4
    Qualys ID
    241578
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3427
    CVE Reference
    CVE-2023-24805
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    The cups-filters package contains back ends, filters, and other software that was once part of the core common unix printing system (cups) distribution but is now maintained independently. ..
    Security fix(es):
      cups-filters: remote code execution in cups-filters, beh cups backend (cve-2023-24805).
    Affected Products:
      Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64.
      Red hat enterprise linux server - aus 8.4 x86_64.
      Red hat enterprise linux for ibm z systems - extended update support 8.4 s390x.
      Red hat enterprise linux for power, little endian - extended update support 8.4 ppc64le.
      Red hat enterprise linux server - tus 8.4 x86_64.
      Red hat enterprise linux for arm 64 - extended update support 8.4 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.4 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.4 x86_64.
      Red hat codeready linux builder for x86_64 - extended update support 8.4 x86_64.
      Red hat codeready linux builder for power, little endian - extended update support 8.4 ppc64le.
      Red hat codeready linux builder for ibm z systems - extended update support 8.4 s390x.
      Red hat codeready linux builder for arm 64 - extended update support 8.4 aarch64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3427 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3427
  • CVE-2023-24805
    QID: 160717
    In Development

    Oracle Enterprise Linux Security Update for cups-filters (ELSA-2023-3425)

    Severity
    Critical4
    Qualys ID
    160717
    Vendor Reference
    ELSA-2023-3425
    CVE Reference
    CVE-2023-24805
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Oracle Enterprise Linux has released a security update for cups-filters to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-3425
    Patches
    Oracle Linux ELSA-2023-3425
  • CVE-2023-24805
    QID: 160715
    In Development

    Oracle Enterprise Linux Security Update for cups-filters (ELSA-2023-3423)

    Severity
    Critical4
    Qualys ID
    160715
    Vendor Reference
    ELSA-2023-3423
    CVE Reference
    CVE-2023-24805
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Oracle Enterprise Linux has released a security update for cups-filters to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-3423
    Patches
    Oracle Linux ELSA-2023-3423
  • CVE-2023-32373+
    QID: 941132
    In Development

    AlmaLinux Security Update for webkit2gtk3 (ALSA-2023:3432)

    Severity
    Critical4
    Qualys ID
    941132
    Vendor Reference
    ALSA-2023:3432
    CVE Reference
    CVE-2023-32373, CVE-2023-28204
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    AlmaLinux has released a security update for webkit2gtk3 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2023:3432 for updates and patch information.
    Patches
    AlmaLinux ALSA-2023:3432
  • CVE-2023-32373+
    QID: 941131
    In Development

    AlmaLinux Security Update for webkit2gtk3 (ALSA-2023:3433)

    Severity
    Critical4
    Qualys ID
    941131
    Vendor Reference
    ALSA-2023:3433
    CVE Reference
    CVE-2023-32373, CVE-2023-28204
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    AlmaLinux has released a security update for webkit2gtk3 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2023:3433 for updates and patch information.
    Patches
    AlmaLinux ALSA-2023:3433
  • CVE-2023-34414+
    QID: 378556
    In Development

    Mozilla Firefox Multiple Vulnerabilities (MFSA2023-20)

    Severity
    Critical4
    Qualys ID
    378556
    Vendor Reference
    MFSA2023-20
    CVE Reference
    CVE-2023-34414, CVE-2023-34415, CVE-2023-34417, CVE-2023-34416
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.

    Mozilla Firefox is prone to
    CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
    CVE-2023-34415: Site-isolation bypass on sites that allow open redirects to data: urls
    CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
    CVE-2023-34417: Memory safety bugs fixed in Firefox 114

    Affected Products:
    Prior to Firefox 114

    QID Detection Logic (Authenticated) :
    This checks for vulnerable version of Firefox browser.


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Vendor has released fix to address these vulnerabilities. Refer to MFSA2023-20 or later
    Patches
    MFSA2023-20
  • CVE-2023-34414+
    QID: 378555
    In Development

    Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2023-19)

    Severity
    Critical4
    Qualys ID
    378555
    Vendor Reference
    MFSA2023-19
    CVE Reference
    CVE-2023-34414, CVE-2023-34416
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.

    Mozilla Firefox ESR is prone to
    CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
    CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

    Affected Products:
    Prior to Firefox ESR 102.12

    QID Detection Logic (Authenticated) :
    This checks for vulnerable version of Firefox browser.


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Vendor has released fix to address these vulnerabilities. Refer to MFSA2023-19 or later
    Patches
    MFSA2023-19
  • CVE-2023-3079
    QID: 378549
    Recently Published

    Google Chrome Prior to 114.0.5735.106 for Linux and Mac and 114.0.5735.110 for Windows Multiple Vulnerabilities

    Severity
    Critical4
    Qualys ID
    378549
    Date Published
    June 6, 2023
    Vendor Reference
    Google Chrome 114.0.5735.106
    CVE Reference
    CVE-2023-3079
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Chrome has released security updates for Windows, Mac, and Linux to fix the vulnerabilities.


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Chrome security advisory 114.0.5735.106 for updates and patch information.
    Patches
    Google Chrome 114.0.5735.106
  • CVE-2023-32215+
    QID: 355327
    Recently Published

    Amazon Linux Security Advisory for thunderbird : ALAS2-2023-2051

    Severity
    Critical4
    Qualys ID
    355327
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2051
    CVE Reference
    CVE-2023-32215, CVE-2023-32211, CVE-2023-32205, CVE-2023-32207, CVE-2023-32206, CVE-2023-32212, CVE-2023-32213
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description

    In multiple cases browser prompts could have been obscured by popups controlled by content.
    These could have led to potential user confusion and spoofing attacks. (
    ( CVE-2023-32205) the mozilla foundation security advisory describes this flaw as: an out-of-bound read could have led to a crash in the rlbox expat driver. (
    ( CVE-2023-32206) the mozilla foundation security advisory describes this flaw as: a missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. (
    ( CVE-2023-32207) the mozilla foundation security advisory describes this flaw as: a type checking bug would have led to invalid code being compiled. (
    ( CVE-2023-32211) the mozilla foundation security advisory describes this flaw as: an attacker could have positioned a `datalist` element to obscure the address bar. (
    ( CVE-2023-32212) the mozilla foundation security advisory describes this flaw as: when reading a file, an uninitialized value could have been used as read limit. (
    ( CVE-2023-32213) mozilla developers and community members reported memory safety bugs present in firefox 112 and firefox esr 102.10.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (
    ( CVE-2023-32215)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2051 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2051
  • CVE-2023-2283+
    QID: 199393
    Recently Published

    Ubuntu Security Notification for libssh Vulnerabilities (USN-6138-1)

    Severity
    Critical4
    Qualys ID
    199393
    Date Published
    June 6, 2023
    Vendor Reference
    USN-6138-1
    CVE Reference
    CVE-2023-2283, CVE-2023-1667
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Ubuntu has released a security update for libssh to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6138-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6138-1
  • CVE-2023-32373+
    QID: 160718
    In Development

    Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2023-3432)

    Severity
    Critical4
    Qualys ID
    160718
    Vendor Reference
    ELSA-2023-3432
    CVE Reference
    CVE-2023-32373, CVE-2023-28204
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle Enterprise Linux has released a security update for webkit2gtk3 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-3432
    Patches
    Oracle Linux ELSA-2023-3432
  • CVE-2023-32373+
    QID: 160716
    In Development

    Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2023-3433)

    Severity
    Critical4
    Qualys ID
    160716
    Vendor Reference
    ELSA-2023-3433
    CVE Reference
    CVE-2023-32373, CVE-2023-28204
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle Enterprise Linux has released a security update for webkit2gtk3 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-3433
    Patches
    Oracle Linux ELSA-2023-3433
  • CVE-2021-3930+
    QID: 355320
    Recently Published

    Amazon Linux Security Advisory for qemu : ALAS2-2023-2061

    Severity
    Critical4
    Qualys ID
    355320
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2061
    CVE Reference
    CVE-2021-3930, CVE-2021-4207, CVE-2022-4144, CVE-2021-20196, CVE-2021-3392, CVE-2021-3527
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description

    a null pointer dereference flaw was found in the floppy disk emulator of qemu.
    This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device.
    This flaw allows a privileged guest user to crash the qemu process on the host, resulting in a denial of service.
    The highest threat from this vulnerability is to system availability. (
    ( CVE-2021-20196) a use-after-free flaw was found in the megaraid emulator of qemu.
    This issue occurs while processing scsi i/o requests in the case of an error mptsas_free_request() that does not dequeue the request object req from a pending requests queue.
    Versions between 2.10.0 and 5.2.0 are potentially affected. (
    ( CVE-2021-3392) a flaw was found in the usb redirector device (usb-redir) of qemu.
    Small usb packets are combined into a single, large transfer request, to reduce the overhead and improve performance.
    The combined size of the bulk transfer is used to dynamically allocate a variable length array (vla) on the stack without proper validation.
    Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the qemu process to perform an excessive allocation on the stack, resulting in a denial of service. (
    ( CVE-2021-3527) an off-by-one error was found in the scsi device emulation in qemu.
    It could occur while processing mode select commands in mode_sense_page() if the page argument was set to mode_page_alls (0x3f).
    A malicious guest could use this flaw to potentially crash qemu, resulting in a denial of service condition. (
    ( CVE-2021-3930) a flaw was found in the qxl display device emulation in qemu.

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2061 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2061
  • CVE-2023-32233
    QID: 941129
    Recently Published

    AlmaLinux Security Update for kernel-rt (ALSA-2023:3350)

    Severity
    Critical4
    Qualys ID
    941129
    Date Published
    June 6, 2023
    Vendor Reference
    ALSA-2023:3350
    CVE Reference
    CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    AlmaLinux has released a security update for kernel-rt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2023:3350 for updates and patch information.
    Patches
    AlmaLinux ALSA-2023:3350
  • CVE-2023-32233
    QID: 941128
    Recently Published

    AlmaLinux Security Update for kernel (ALSA-2023:3349)

    Severity
    Critical4
    Qualys ID
    941128
    Date Published
    June 6, 2023
    Vendor Reference
    ALSA-2023:3349
    CVE Reference
    CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    AlmaLinux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2023:3349 for updates and patch information.
    Patches
    AlmaLinux ALSA-2023:3349
  • CVE-2023-32233
    QID: 355335
    Recently Published

    Amazon Linux Security Advisory for kernel : ALAS2-2023-2050

    Severity
    Critical4
    Qualys ID
    355335
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2050
    CVE Reference
    CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    In the linux kernel through 6.3.1, a use-after-free in netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory.
    Unprivileged local users can obtain root privileges.
    This occurs because anonymous sets are mishandled. (
    ( CVE-2023-32233)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2050 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2050
  • CVE-2023-0461+
    QID: 241588
    In Development

    Red Hat Update for kernel (RHSA-2023:3465)

    Severity
    Critical4
    Qualys ID
    241588
    Vendor Reference
    RHSA-2023:3465
    CVE Reference
    CVE-2023-0461, CVE-2023-2008, CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    The kernel packages contain the linux kernel, the core of any linux operating system...Security Fix(es):
      kernel: net/ulp: use-after-free in listening ulp sockets (cve-2023-0461).
      Kernel: udmabuf: improper validation of array index leading to local privilege escalation (cve-2023-2008).
      Kernel: use-after-free in netfilter nf_tables when processing batch requests can lead to privilege escalation (cve-2023-32233).
    Affected Products:
      Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64.
      Red hat enterprise linux for ibm z systems - extended update support 9.0 s390x.
      Red hat enterprise linux for power, little endian - extended update support 9.0 ppc64le.
      Red hat enterprise linux for arm 64 - extended update support 9.0 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 9.0 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 9.0 x86_64.
      Red hat codeready linux builder for x86_64 - extended update support 9.0 x86_64.
      Red hat codeready linux builder for power, little endian - extended update support 9.0 ppc64le.
      Red hat codeready linux builder for ibm z systems - extended update support 9.0 s390x.
      Red hat codeready linux builder for arm 64 - extended update support 9.0 aarch64.
      Red hat enterprise linux server for arm 64 - 4 years of updates 9.0 aarch64.
      Red hat enterprise linux server for ibm z systems - 4 years of updates 9.0 s390x.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3465 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3465
  • CVE-2021-32142+
    QID: 199394
    Recently Published

    Ubuntu Security Notification for LibRaw Vulnerabilities (USN-6137-1)

    Severity
    Critical4
    Qualys ID
    199394
    Date Published
    June 6, 2023
    Vendor Reference
    USN-6137-1
    CVE Reference
    CVE-2021-32142, CVE-2023-1729
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Ubuntu has released a security update for libraw to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6137-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6137-1
  • CVE-2023-0386+
    QID: 181828
    Recently Published

    Debian Security Update for linux-5.10 (DLA 3446-1)

    Severity
    Critical4
    Qualys ID
    181828
    Date Published
    June 6, 2023
    Vendor Reference
    DLA 3446-1
    CVE Reference
    CVE-2023-0386, CVE-2023-31436, CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Debian has released a security update for linux-5.10 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3446-1 for updates and patch information.
    Patches
    Debian DLA 3446-1
  • CVE-2016-10003
    QID: 355334
    Recently Published

    Amazon Linux Security Advisory for squid : ALAS2-2023-2066

    Severity
    Critical4
    Qualys ID
    355334
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2066
    CVE Reference
    CVE-2016-10003
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Incorrect http request header comparison in squid http proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in collapsed forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. (
    ( CVE-2016-10003)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2066 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2066
  • CVE-2020-14058
    QID: 355331
    Recently Published

    Amazon Linux Security Advisory for squid : ALAS2-2023-2063

    Severity
    Critical4
    Qualys ID
    355331
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2063
    CVE Reference
    CVE-2020-14058
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    An issue was discovered in squid before 4.12 and 5.x before 5.0.3.
    Due to use of a potentially dangerous function, squid and the default certificate validation helper are vulnerable to a denial of service when opening a tls connection to an attacker-controlled server for https.
    This occurs because unrecognized error values are mapped to null, but later code expects that each error value is mapped to a valid error string. (
    ( CVE-2020-14058)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2063 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2063
  • CVE-2019-9923
    QID: 355329
    Recently Published

    Amazon Linux Security Advisory for tar : ALAS2-2023-2064

    Severity
    Critical4
    Qualys ID
    355329
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2064
    CVE Reference
    CVE-2019-9923
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Pax_decode_header in sparse.c in gnu tar before 1.32 had a null pointer dereference when parsing certain archives that have malformed extended headers. (
    ( CVE-2019-9923)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2064 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2064
  • CVE-2023-1436
    QID: 355325
    Recently Published

    Amazon Linux Security Advisory for jettison : ALAS2-2023-2053

    Severity
    Critical4
    Qualys ID
    355325
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2053
    CVE Reference
    CVE-2023-1436
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    An infinite recursion is triggered in jettison when constructing a jsonarray from a collection that contains a self-reference in one of its elements.
    This leads to a stackoverflowerror exception being thrown. (
    ( CVE-2023-1436)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2053 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2053
  • CVE-2020-8517
    QID: 355323
    Recently Published

    Amazon Linux Security Advisory for squid : ALAS2-2023-2062

    Severity
    Critical4
    Qualys ID
    355323
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2062
    CVE Reference
    CVE-2020-8517
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    An issue was discovered in squid before 4.10.
    Due to incorrect input validation, the ntlm authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer.
    On systems with memory access protections, this can result in the helper process being terminated unexpectedly.
    This leads to the squid process also terminating and a denial of service for all clients using the proxy. (
    ( CVE-2020-8517)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2062 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2062
  • CVE-2021-46659+
    QID: 355322
    Recently Published

    Amazon Linux Security Advisory for mariadb : ALAS2-2023-2057

    Severity
    Critical4
    Qualys ID
    355322
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2057
    CVE Reference
    CVE-2021-46659, CVE-2021-46661, CVE-2021-46663, CVE-2022-27380, CVE-2022-27384, CVE-2021-46668, CVE-2021-46666, CVE-2021-46657, CVE-2021-46667, CVE-2022-31624
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    get_sort_by_table in mariadb before 10.6.2 allows an application crash via certain subquery uses of order by. (
    ( CVE-2021-46657) mariadb before 10.7.2 allows an application crash because it does not recognize that select_lex::nest_level is local to each view. (
    ( CVE-2021-46659) mariadb through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (cte). (
    ( CVE-2021-46661) mariadb through 10.5.13 allows a ha_maria::extra application crash via certain select statements. (
    ( CVE-2021-46663) mariadb before 10.6.2 allows an application crash because of mishandling of a pushdown from a having clause to a where clause. (
    ( CVE-2021-46666) an integer overflow vulnerability was found in mariadb, where an invalid size of ref_pointer_array is allocated.
    This issue results in a denial of service. (
    ( CVE-2021-46667) mariadb through 10.5.9 allows an application crash via certain long select distinct statements that improperly interact with storage-engine resource limitations for temporary data structures. (
    ( CVE-2021-46668) an issue in the component my_decimal::operator= of mariadb server v10.6.3 and below was discovered to allow attackers to cause a denial of service (dos) via specially crafted sql statements. (
    ( CVE-2022-27380) an issue in the component item_subselect::init_expr_cache_tracker of mariadb server v10.6 and below was discovered to allow attackers to cause a denial of service (dos) via specially crafted sql statements. (
    ( CVE-2022-27384) mariadb server before 10.7 is vulnerable to denial of service.
    ( CVE-2022-31624)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2057 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2057
  • CVE-2023-30861
    QID: 241586
    In Development

    Red Hat Update for OpenStack Platform 17.0 (RHSA-2023:3440)

    Severity
    Critical4
    Qualys ID
    241586
    Vendor Reference
    RHSA-2023:3440
    CVE Reference
    CVE-2023-30861
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Flask is called a micro-framework because the idea to keep the core.simple but extensible.
    There is no database abstraction layer, no form.validation or anything else where different libraries already exist that.can handle that.
    However flask knows the concept of extensions that can add.this functionality into your application as if it was implemented in flask.itself.
    There are currently extensions for object relational mappers, form.validation, upload handling, various open authentication technologies and.more...Security Fix(es):
      possible disclosure of permanent session cookie due to missing vary:.
    Affected Products:
      Red Hat openstack 17 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3440 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3440
  • CVE-2023-30861
    QID: 241585
    In Development

    Red Hat Update for OpenStack Platform 16.2 (RHSA-2023:3444)

    Severity
    Critical4
    Qualys ID
    241585
    Vendor Reference
    RHSA-2023:3444
    CVE Reference
    CVE-2023-30861
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Flask is called a micro-framework because the idea to keep the core.simple but extensible.
    There is no database abstraction layer, no form.validation or anything else where different libraries already exist that.can handle that.
    However flask knows the concept of extensions that can add.this functionality into your application as if it was implemented in flask.itself.
    There are currently extensions for object relational mappers, form.validation, upload handling, various open authentication technologies and.more...Security Fix(es):
      possible disclosure of permanent session cookie due to missing vary:.
    Affected Products:
      Red Hat openstack for ibm power 16.2 ppc64le.
      Red hat openstack 16.2 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3444 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3444
  • CVE-2023-30861
    QID: 241583
    Recently Published

    Red Hat Update for OpenStack Platform 16.1 (RHSA-2023:3446)

    Severity
    Critical4
    Qualys ID
    241583
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3446
    CVE Reference
    CVE-2023-30861
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Flask is called a micro-framework because the idea to keep the core.simple but extensible.
    There is no database abstraction layer, no form.validation or anything else where different libraries already exist that.can handle that.
    However flask knows the concept of extensions that can add.this functionality into your application as if it was implemented in flask.itself.
    There are currently extensions for object relational mappers, form.validation, upload handling, various open authentication technologies and.more...Security Fix(es):
      possible disclosure of permanent session cookie due to missing vary:.
    Affected Products:
      Red Hat openstack for ibm power 16.1 ppc64le.
      Red hat openstack 16.1 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3446 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3446
  • CVE-2020-11080
    QID: 199397
    In Development

    Ubuntu Security Notification for nghttp2 Vulnerability (USN-6142-1)

    Severity
    Critical4
    Qualys ID
    199397
    Vendor Reference
    USN-6142-1
    CVE Reference
    CVE-2020-11080
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for nghttp2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6142-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6142-1
  • CVE-2023-31489+
    QID: 199395
    Recently Published

    Ubuntu Security Notification for FRR Vulnerabilities (USN-6136-1)

    Severity
    Critical4
    Qualys ID
    199395
    Date Published
    June 6, 2023
    Vendor Reference
    USN-6136-1
    CVE Reference
    CVE-2023-31489, CVE-2023-31490
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for frr to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6136-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6136-1
  • CVE-2023-24329
    QID: 199392
    Recently Published

    Ubuntu Security Notification for Python Vulnerability (USN-6139-1)

    Severity
    Critical4
    Qualys ID
    199392
    Date Published
    June 6, 2023
    Vendor Reference
    USN-6139-1
    CVE Reference
    CVE-2023-24329
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for python to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6139-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6139-1
  • CVE-2023-24539
    QID: 355332
    Recently Published

    Amazon Linux Security Advisory for golang : ALAS2-2023-2052

    Severity
    Critical4
    Qualys ID
    355332
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2052
    CVE Reference
    CVE-2023-24539
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description

    Html/template: improper sanitization of css values angle brackets (<>) were not considered dangerous characters when inserted into css contexts.
    Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the css context and allowing for injection of unexpected hmtl, if executed with untrusted input. (
    ( CVE-2023-24539)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2052 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2052
  • CVE-2022-23181
    QID: 355337
    In Development

    Amazon Linux Security Advisory for tomcat9 : ALAS2023-2023-059

    Severity
    Critical4
    Qualys ID
    355337
    Vendor Reference
    ALAS2023-2023-059
    CVE Reference
    CVE-2022-23181
    CVSS Scores
    Base 7 / Temporal 6.1
    Description

    The fix for bug( CVE-2020-9484 introduced a time of check, time of use vulnerability into apache tomcat 10.1.0-m1 to 10.1.0-m8, 10.0.0-m5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the tomcat process is using.
    This issue is only exploitable when tomcat is configured to persist sessions using the filestore. (
    ( CVE-2022-23181)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2023-2023-059 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2023 ALAS2023-2023-059
  • CVE-2022-22476
    QID: 378550
    Under Investigation

    IBM Spectrum Protect Operations Center Sensitive Information Vulnerability (6621141)

    Severity
    Serious3
    Qualys ID
    378550
    Vendor Reference
    6621141
    CVE Reference
    CVE-2022-22476
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    An identity spoofing vulnerability in IBM WebSphere Application Server Liberty may affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service.

    Affected Versions:
    IBM Spectrum Protect Operations Center 8.1.0.000-8.1.15.xxx
    IBM Spectrum Protect Client Management Service 8.1.0.000-8.1.15.xxx

    QID Detection Logic(Authenticated):
    This checks for vulnerable versions of IBM Spectrum Protect Operations Center

    Consequence
    Successful exploitation could lead to Identity spoofing by an authenticated user using a specially crafted request.

    Solution
    Vendor has released updated version to address this issue. Refer to 6621141 for details.
    Patches
    6621141
  • CVE-2022-48339
    QID: 241589
    In Development

    Red Hat Update for emacs (RHSA-2023:3481)

    Severity
    Serious3
    Qualys ID
    241589
    Vendor Reference
    RHSA-2023:3481
    CVE Reference
    CVE-2022-48339
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Gnu emacs is a powerful, customizable, self-documenting text editor.
    It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news...Security Fix(es):
      emacs: command injection vulnerability in htmlfontify.el (cve-2022-48339).
    Affected Products:
      Red Hat enterprise linux server 7 x86_64.
      Red hat enterprise linux workstation 7 x86_64.
      Red hat enterprise linux desktop 7 x86_64.
      Red hat enterprise linux for ibm z systems 7 s390x.
      Red hat enterprise linux for power, big endian 7 ppc64.
      Red hat enterprise linux for scientific computing 7 x86_64.
      Red hat enterprise linux for power, little endian 7 ppc64le.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3481 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3481
  • CVE-2022-3171
    QID: 378553
    Under Investigation

    IBM MQ Blockchain bridge Denial of Service Vulnerability within protobuf-java core (6853381)

    Severity
    Serious3
    Qualys ID
    378553
    Vendor Reference
    6853381
    CVE Reference
    CVE-2022-3171
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    IBM MQ is a message oriented middleware that allows independent and non-concurrent applications on a distributed system to communicate with each other.

    protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text format data.
    Affected Version:
    IBM MQ 9.2, 9.3

    QID Detection Logic: (Authenticated)
    Operating System: Linux
    The QID runs the command "/opt/mqm/bin/dspmqver -v | grep -A3 '^Name' to see if the system is running a vulnerable version of IBM MQ or not.

    Consequence
    By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause long garbage collection pauses.
    Solution
    Please refer to advisory IBM MQ 6853381 for further information.

    Patches
    6853381
  • CVE-2023-32235
    QID: 150689
    Under Investigation

    Ghost CMS Path Traversal Vulnerability (CVE-2023-32235)

    Severity
    Serious3
    Qualys ID
    150689
    Vendor Reference
    GHSA-wf7x-fh6w-34r6
    CVE Reference
    CVE-2023-32235
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    Ghost is a free and open source blogging platform, a headless Node.js CMS designed to simplify the process of online publishing for individual bloggers as well as online publications.

    Affected versions of Ghost allows remote attackers to read arbitrary files within the active theme's folder via "/assets/built%2F..%2F..%2F/" directory traversal. This vulnerability occurs in "frontend/web/middleware/static-theme.js".

    Affected Products:
    Ghost prior to version 5.42.1

    QID Detection Logic (Unauthenticated):
    This QID sends a HTTP GET request to "assets/built%2F..%2F..%2F/package.jsons" endpoint and based on the response determines if the target application is vulnerable.

    Consequence
    Successful exploitation of this vulnerability could allow remote attackers to read sensitive files within the target application.

    Solution
    Customers are advised to upgrade to latest version of Ghost to remediate this vulnerability. For more information please refer GitHub Security Advisory
    Patches
    GHSA-wf7x-fh6w-34r6
  • CVE-2022-33972+
    QID: 355328
    Recently Published

    Amazon Linux Security Advisory for microcode_ctl : ALAS2-2023-2056

    Severity
    Serious3
    Qualys ID
    355328
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2056
    CVE Reference
    CVE-2022-33972, CVE-2022-38090, CVE-2022-21216
    CVSS Scores
    Base 6.8 / Temporal 5.9
    Description

    Insufficient granularity of access control in out-of-band management in some intel(r) atom and intel xeon scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. (
    ( CVE-2022-21216) incorrect calculation in microcode keying mechanism for some 3rd generation intel(r) xeon(r) scalable processors may allow a privileged user to potentially enable information disclosure via local access. (
    ( CVE-2022-33972) improper isolation of shared resources in some intel(r) processors when using intel(r) software guard extensions may allow a privileged user to potentially enable information disclosure via local access. (
    ( CVE-2022-38090)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2056 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2056
  • CVE-2022-2521
    QID: 355324
    Recently Published

    Amazon Linux Security Advisory for libtiff : ALAS2-2023-2055

    Severity
    Serious3
    Qualys ID
    355324
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2055
    CVE Reference
    CVE-2022-2521
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description

    It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in tiffclose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. (
    ( CVE-2022-2521)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2055 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2055
  • CVE-2021-20257
    QID: 355321
    Recently Published

    Amazon Linux Security Advisory for qemu : ALAS2-2023-2060

    Severity
    Serious3
    Qualys ID
    355321
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2060
    CVE Reference
    CVE-2021-20257
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description

    An infinite loop flaw was found in the e1000 nic emulator of the qemu.
    This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values.
    This flaw allows a guest to consume cpu cycles on the host, resulting in a denial of service.
    The highest threat from this vulnerability is to system availability. (
    ( CVE-2021-20257)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2060 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2060
  • CVE-2023-33956+
    QID: 691179
    In Development

    Free Berkeley Software Distribution (FreeBSD) Security Update for kanboard (bfca647c-0456-11ee-bafd-b42e991fc52e)

    Severity
    Serious3
    Qualys ID
    691179
    Vendor Reference
    bfca647c-0456-11ee-bafd-b42e991fc52e
    CVE Reference
    CVE-2023-33956, CVE-2023-33970, CVE-2023-33968, CVE-2023-33969
    CVSS Scores
    Base 6.4 / Temporal 5.6
    Description
    FreeBSD has released a security update for kanboard to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory bfca647c-0456-11ee-bafd-b42e991fc52e for updates and patch information.
    Patches
    "FreeBSD" bfca647c-0456-11ee-bafd-b42e991fc52e
  • CVE-2021-3572
    QID: 160714
    In Development

    Oracle Enterprise Linux Security Update for python-pip (ELSA-2023-12349)

    Severity
    Serious3
    Qualys ID
    160714
    Vendor Reference
    ELSA-2023-12349
    CVE Reference
    CVE-2021-3572
    CVSS Scores
    Base 5.7 / Temporal 5
    Description
    Oracle Enterprise Linux has released a security update for python-pip to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-12349
    Patches
    Oracle Linux ELSA-2023-12349
  • CVE-2023-0482
    QID: 378552
    Under Investigation

    IBM WebSphere Application Server Liberty Privilege Escalation Vulnerability (6982895)

    Severity
    Serious3
    Qualys ID
    378552
    Vendor Reference
    6982895
    CVE Reference
    CVE-2023-0482
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    There is a vulnerability in the RESTEasy library used by IBM WebSphere Application Server Liberty when the feature restfulWS-3.0 or restfulWS-3.1 is enabled. This has been addressed in the remediation section.

    Affected Versions:
    WebSphere Application Server Liberty Version 21.0.0.12 - 23.0.0.3
    QID Detection Logic:(Authenticated)
    It reads the fix xml file and WebSphereApplicationServer.properties to detect the vulnerable version. and it also checks for fixpack version.

    Consequence
    An authenticated attacker could exploit this vulnerability to gain elevated privileges

    Solution
    Upgrade to minimal fix pack levels as required by interim fix and then apply Interim Fix 6982895
    Patches
    6982895
  • CVE-2021-3995+
    QID: 355340
    In Development

    Amazon Linux Security Advisory for util-linux : ALAS2023-2023-024

    Severity
    Serious3
    Qualys ID
    355340
    Vendor Reference
    ALAS2023-2023-024
    CVE Reference
    CVE-2021-3995, CVE-2022-0563, CVE-2021-3996
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description

    A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a fuse filesystem.
    This flaw allows an unprivileged local attacker to unmount fuse filesystems that belong to certain other users who have a uid that is a prefix of the uid of the attacker in its string form.
    An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (
    ( CVE-2021-3995) a logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a fuse filesystem.
    This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory.
    ( CVE-2021-3996) a flaw was found in the linux kernel's util-linux chfn and chsh utilities when compiled with readline support.
    The readline library uses an inputrc environment variable to get a path to the library config file.
    When the library cannot parse the specified file, it prints an error message containing data from the file.
    This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. (
    ( CVE-2022-0563)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2023-2023-024 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2023 ALAS2023-2023-024
  • CVE-2021-0561
    QID: 355338
    In Development

    Amazon Linux Security Advisory for flac : ALAS2023-2023-008

    Severity
    Serious3
    Qualys ID
    355338
    Vendor Reference
    ALAS2023-2023-008
    CVE Reference
    CVE-2021-0561
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description

    An out-of-bounds write vulnerability was found in libflak.
    The vulnerability occurs due to a missing bounds check.
    This flaw allows a local attacker without additional execution privileges to cause local information disclosure. (
    ( CVE-2021-0561)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2023-2023-008 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2023 ALAS2023-2023-008
  • CVE-2021-3800
    QID: 355330
    Recently Published

    Amazon Linux Security Advisory for glib2 : ALAS2-2023-2058

    Severity
    Serious3
    Qualys ID
    355330
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2058
    CVE Reference
    CVE-2021-3800
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description

    A flaw was found in glib before version 2.63.6.
    Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. (
    ( CVE-2021-3800)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2058 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2058
  • CVE-2022-25309
    QID: 355326
    Recently Published

    Amazon Linux Security Advisory for fribidi : ALAS2-2023-2054

    Severity
    Serious3
    Qualys ID
    355326
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2054
    CVE Reference
    CVE-2022-25309
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description

    A heap-based buffer overflow flaw was found in the fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file.
    This flaw allows an attacker to pass a specially crafted file to the fribidi application with the --caprtl option, leading to a crash and causing a denial of service. (
    ( CVE-2022-25309)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2054 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2054
  • CVE-2022-34165
    QID: 378554
    Under Investigation

    IBM MQ Hypertext Transfer Protocol (HTTP) Header Injection Vulnerability (6853379)

    Severity
    Serious3
    Qualys ID
    378554
    Vendor Reference
    6853379
    CVE Reference
    CVE-2022-34165
    CVSS Scores
    Base 5.4 / Temporal 4.7
    Description
    IBM MQ is a message oriented middleware that allows independent and non-concurrent applications on a distributed system to communicate with each other.

    IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting.

    Affected Products:
    IBM MQ 9.1,9.2,9.3

    QID Detection Logic: (Authenticated)
    Operating System: Windows
    It checks for vulnerable IBM MQ versions.

    Operating System: Linux
    The QID runs the command "/opt/mqm/bin/dspmqver -v | grep -A3 '^Name'" and "/usr/mqm/bin/dspmqver -v | grep -A3 '^Name'" (for AIX only) to see if the system is running a vulnerable version of IBM MQ or not.

    Consequence

    This vulnerability allows the attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting.

    Solution
    Please refer to advisory IBM MQ 6853379 for further information.

    Patches
    6853379
  • CVE-2021-29425
    QID: 355318
    Recently Published

    Amazon Linux Security Advisory for apache-commons-io : ALAS2-2023-2059

    Severity
    Medium2
    Qualys ID
    355318
    Date Published
    June 6, 2023
    Vendor Reference
    ALAS2-2023-2059
    CVE Reference
    CVE-2021-29425
    CVSS Scores
    Base 4.8 / Temporal 4.5
    Description

    In apache commons io before 2.7, when invoking the method filenameutils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. (
    ( CVE-2021-29425)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2-2023-2059 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2-2023-2059
  • QID: 45576
    Under Investigation

    CheckPoint Device Model Name

    Severity
    Minimal1
    Qualys ID
    45576
    CVSS Scores
    Base / Temporal
    Description
    The Model Name of the target CheckPoint device is reported in the Result section.
    Consequence
    N/A
    Solution
    N/A
  • CVE-2006-20001+
    QID: 241574
    Recently Published

    Red Hat Update for JBoss Core Services (RHSA-2023:3354)

    Severity
    Critical4
    Qualys ID
    241574
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3354
    CVE Reference
    CVE-2006-20001, CVE-2022-4304, CVE-2022-4450, CVE-2022-25147, CVE-2022-43551, CVE-2022-43552, CVE-2023-0215, CVE-2023-0286, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-25690
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    Red hat jboss core services is a set of supplementary software for Red Hat jboss middleware products.
    This software, such as apache http server, is common to multiple jboss middleware products, and is packaged under Red Hat jboss core services to allow for faster distribution of updates, and for a more consistent update experience...Security Fix(es):
      apr-util: out-of-bounds writes in the apr_base64 (cve-2022-25147).
      Curl: hsts bypass via idn (cve-2022-43551).
      Curl: http proxy deny use-after-free (cve-2022-43552).
      Curl: hsts ignored on multiple requests (cve-2023-23914).
      Curl: hsts amnesia with --parallel (cve-2023-23915).
      Curl: http multi-header compression denial of service (cve-2023-23916).
      Httpd: mod_dav: out-of-bounds read/write of zero byte (cve-2006-20001).
      Httpd: http request splitting with mod_rewrite and mod_proxy (cve-2023-25690).
      Openssl: timing attack in rsa decryption implementation (cve-2022-4304).
      Openssl: double free after calling pem_read_bio_ex (cve-2022-4450).
      Openssl: use-after-free following bio_new_ndef (cve-2023-0215).
      Openssl: x.400 address type confusion in x.509 generalname (cve-2023-0286).
    Affected Products:
      Red Hat jboss core services 1 for rhel 8 x86_64.
      Red hat jboss core services 1 for rhel 7 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3354 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3354
  • CVE-2023-28204+
    QID: 241577
    Recently Published

    Red Hat Update for webkit2gtk3 (RHSA-2023:3433)

    Severity
    Critical4
    Qualys ID
    241577
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3433
    CVE Reference
    CVE-2023-28204, CVE-2023-32373
    CVSS Scores
    Base 8.6 / Temporal 8
    Description
    Webkitgtk is the port of the portable web rendering engine webkit to the gtk platform...Security Fix(es):
      webkitgtk: a use-after-free when processing maliciously crafted web content (cve-2023-32373).
      Webkitgtk: an out-of-bounds read when processing malicious content (cve-2023-28204).
    <H2></H2>
      Red Hat enterprise linux for x86_64 8 x86_64.
      Red hat enterprise linux for x86_64 - extended update support 8.8 x86_64.
      Red hat enterprise linux server - aus 8.8 x86_64.
      Red hat enterprise linux for ibm z systems 8 s390x.
      Red hat enterprise linux for ibm z systems - extended update support 8.8 s390x.
      Red hat enterprise linux for power, little endian 8 ppc64le.
      Red hat enterprise linux for power, little endian - extended update support 8.8 ppc64le.
      Red hat enterprise linux server - tus 8.8 x86_64.
      Red hat enterprise linux for arm 64 8 aarch64.
      Red hat enterprise linux for arm 64 - extended update support 8.8 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.8 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.8 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3433 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3433
  • CVE-2023-28204+
    QID: 241575
    Recently Published

    Red Hat Update for webkit2gtk3 (RHSA-2023:3432)

    Severity
    Critical4
    Qualys ID
    241575
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3432
    CVE Reference
    CVE-2023-28204, CVE-2023-32373
    CVSS Scores
    Base 8.6 / Temporal 8
    Description
    Webkitgtk is the port of the portable web rendering engine webkit to the gtk platform...Security Fix(es):
      webkitgtk: a use-after-free when processing maliciously crafted web content (cve-2023-32373).
      Webkitgtk: an out-of-bounds read when processing malicious content (cve-2023-28204).
    <H2></H2>
      Red Hat enterprise linux for x86_64 9 x86_64.
      Red hat enterprise linux for x86_64 - extended update support 9.2 x86_64.
      Red hat enterprise linux server - aus 9.2 x86_64.
      Red hat enterprise linux for ibm z systems 9 s390x.
      Red hat enterprise linux for ibm z systems - extended update support 9.2 s390x.
      Red hat enterprise linux for power, little endian 9 ppc64le.
      Red hat enterprise linux for power, little endian - extended update support 9.2 ppc64le.
      Red hat enterprise linux for arm 64 9 aarch64.
      Red hat enterprise linux for arm 64 - extended update support 9.2 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 9.2 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 9.2 x86_64.
      Red hat enterprise linux server for arm 64 - 4 years of updates 9.2 aarch64.
      Red hat enterprise linux server for ibm z systems - 4 years of updates 9.2 s390x.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3432 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3432
  • CVE-2023-31484
    QID: 199391
    Recently Published

    Ubuntu Security Notification for Perl Vulnerability (USN-6112-2)

    Severity
    Critical4
    Qualys ID
    199391
    Date Published
    June 6, 2023
    Vendor Reference
    USN-6112-2
    CVE Reference
    CVE-2023-31484
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Ubuntu has released a security update for perl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6112-2 for updates and patch information.
    Patches
    Ubuntu Linux USN-6112-2
  • CVE-2023-0184+
    QID: 378547
    In Development

    NVIDIA GPU Display Driver Multiple Vulnerabilities (March 2023)

    Severity
    Critical4
    Qualys ID
    378547
    Vendor Reference
    5452
    CVE Reference
    CVE-2023-0184, CVE-2023-0182, CVE-2023-0191, CVE-2023-0181, CVE-2023-0199, CVE-2023-0186, CVE-2023-0187, CVE-2023-0188, CVE-2023-0192, CVE-2023-0194, CVE-2023-0195
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, data tampering, or information disclosure.

    Affected versions:
    GeForce All versions prior to 531.41 on R510 and GeForce All versions prior to 474.30 on R470 Driver Branch
    Studio All drivers on R530 and R525 Driver Branch
    NVIDIA RTX/Quadro, NVS All driver versions prior to 474.30 on R470 Driver Branch
    NVIDIA RTX/Quadro, NVS All driver versions prior to 531.41 on R530 Driver Branch
    NVIDIA RTX/Quadro, NVS All driver versions prior to 528.89 on R525 Driver Branch
    NVIDIA RTX/Quadro, NVS All driver versions prior to 518.03 on R515 Driver Branch
    Tesla All driver versions on R525 Driver Branch
    Tesla All driver versions prior to 473.30 on R470 Driver Branch
    Tesla All driver versions prior to 454.14 on R450 Driver Branch
    Tesla All driver versions prior to 518.03 on R515 Driver Branch
    QID detection logic (authenticated):
    The QID checks for vulnerable versions of nvcpl.dll.

    Consequence
    Successful exploitation of these vulnerabilities may impact confidentiality,integrity and availability
    Solution

    Customers are advised to refer NVIDIA Security Bulletin for more information related to these vulnerabilities.

    Patches
    5452
  • CVE-2022-3564+
    QID: 241576
    Recently Published

    Red Hat Update for kpatch-patch (RHSA-2023:3431)

    Severity
    Critical4
    Qualys ID
    241576
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3431
    CVE Reference
    CVE-2022-3564, CVE-2022-4378
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    This is a kernel live patch module which is automatically loaded by the rpm post-install script to modify the code of a running kernel...Security Fix(es):
      kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (cve-2022-3564).
      Kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (cve-2022-4378).
    <H2></H2>
      Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64.
      Red hat enterprise linux server - aus 8.6 x86_64.
      Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le.
      Red hat enterprise linux server - tus 8.6 x86_64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3431 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3431
  • CVE-2023-20884
    QID: 378548
    In Development

    VMware Identity Manager (vIDM) and Workspace ONE Access Insecure Redirect Vulnerability (VMSA-2023-0011)

    Severity
    Serious3
    Qualys ID
    378548
    Vendor Reference
    VMSA-2023-0011
    CVE Reference
    CVE-2023-20884
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    An insecure redirect vulnerability in Workspace ONE Access and Identity Manager was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.

    Affected Versions:
    VMware Workspace ONE Access (Access) versions 22.09.0.0, 22.09.1.0
    VMware Identity Manager (vIDM) versions: 3.3.6,3.3.7

    QID Detection Logic (Authenticated):
    This QID checks for vulnerable versions of VMware Identity Manager and VMware Workspace ONE Access with build version on the target and checks for the presence of patch.

    Consequence
    An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
    Solution
    VMware has released patches for these vulnerabilities.

    Refer to VMware advisory VMSA-2023-0011 and VMware KB VM_KB_ 92512 for more information.

    Patches
    VMSA-2023-0011
  • QID: 45575
    In Development

    Disclosing Linux System Firmware Information

    Severity
    Minimal1
    Qualys ID
    45575
    CVSS Scores
    Base 0 / Temporal 0
    Description
    This QID find out the BIOS version on GNU / Linux operating systems.

    Dmidecode will inform us about the hardware of our system as described in the BIOS, according to the SMBIOS / DMI standard. The firmware, also known as BIOS , Dmidecode does not scan hardware, it only reports what the BIOS responds to.
    Please make sure dmidecode installed on your system.

    Consequence
    NA
    Solution
    NA
  • QID: 45574
    In Development

    Test Only-Microsoft Edge Installed Extensions

    Severity
    Minimal1
    Qualys ID
    45574
    CVSS Scores
    Base / Temporal
    Description
    Microsoft Edge is a Web browser developed and released by Microsoft. Extensions are small software programs that can modify and enhance the functionality of the Edge browser. The result section lists the installed Edge extensions.
    Consequence
    N/A
    Solution
    N/A
  • CVE-2023-2939+
    QID: 181824
    Recently Published

    Debian Security Update for chromium (DSA 5418-1)

    Severity
    Critical4
    Qualys ID
    181824
    Date Published
    June 6, 2023
    Vendor Reference
    DSA 5418-1
    CVE Reference
    CVE-2023-2939, CVE-2023-2929, CVE-2023-2937, CVE-2023-2938, CVE-2023-2933, CVE-2023-2934, CVE-2023-2930, CVE-2023-2936, CVE-2023-2941, CVE-2023-2932, CVE-2023-2931, CVE-2023-2935, CVE-2023-2940
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Debian has released a security update for chromium to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5418-1 for updates and patch information.
    Patches
    Debian DSA 5418-1
  • CVE-2022-47015
    QID: 181825
    Recently Published

    Debian Security Update for mariadb-10.3 (DLA 3444-1)

    Severity
    Serious3
    Qualys ID
    181825
    Date Published
    June 6, 2023
    Vendor Reference
    DLA 3444-1
    CVE Reference
    CVE-2022-47015
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Debian has released a security update for mariadb-10.3 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3444-1 for updates and patch information.
    Patches
    Debian DLA 3444-1
  • CVE-2023-32233
    QID: 241572
    Recently Published

    Red Hat Update for kpatch-patch (RHSA-2023:3351)

    Severity
    Critical4
    Qualys ID
    241572
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3351
    CVE Reference
    CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    This is a kernel live patch module which is automatically loaded by the rpm post-install script to modify the code of a running kernel...Security Fix(es):
      kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (cve-2023-32233).
    Affected Products:
      Red Hat enterprise linux for x86_64 8 x86_64.
      Red hat enterprise linux for x86_64 - extended update support 8.8 x86_64.
      Red hat enterprise linux server - aus 8.8 x86_64.
      Red hat enterprise linux for power, little endian 8 ppc64le.
      Red hat enterprise linux for power, little endian - extended update support 8.8 ppc64le.
      Red hat enterprise linux server - tus 8.8 x86_64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.8 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.8 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3351 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3351
  • CVE-2023-32233
    QID: 241571
    Recently Published

    Red Hat Update for kernel (RHSA-2023:3349)

    Severity
    Critical4
    Qualys ID
    241571
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3349
    CVE Reference
    CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    The kernel packages contain the linux kernel, the core of any linux operating system...Security Fix(es):
      kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (cve-2023-32233).
    Affected Products:
      Red Hat enterprise linux for x86_64 8 x86_64.
      Red hat enterprise linux for x86_64 - extended update support 8.8 x86_64.
      Red hat enterprise linux server - aus 8.8 x86_64.
      Red hat enterprise linux for ibm z systems 8 s390x.
      Red hat enterprise linux for ibm z systems - extended update support 8.8 s390x.
      Red hat enterprise linux for power, little endian 8 ppc64le.
      Red hat enterprise linux for power, little endian - extended update support 8.8 ppc64le.
      Red hat enterprise linux server - tus 8.8 x86_64.
      Red hat enterprise linux for arm 64 8 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.8 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.8 x86_64.
      Red hat codeready linux builder for x86_64 8 x86_64.
      Red hat codeready linux builder for power, little endian 8 ppc64le.
      Red hat codeready linux builder for arm 64 8 aarch64.
      Red hat enterprise linux for arm 64 - extended update support 8.8 aarch64.
      Red hat codeready linux builder for x86_64 - extended update support 8.8 x86_64.
      Red hat codeready linux builder for power, little endian - extended update support 8.8 ppc64le.
      Red hat codeready linux builder for arm 64 - extended update support 8.8 aarch64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3349 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3349
  • CVE-2022-25147
    QID: 241573
    Recently Published

    Red Hat Update for apr-util (RHSA-2023:3360)

    Severity
    Serious3
    Qualys ID
    241573
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3360
    CVE Reference
    CVE-2022-25147
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    The apache portable runtime (apr) is a portability library used by the apache http server and other projects. "
    Apr-util" is a library which provides additional utility interfaces for apr; including support for xml parsing, ldap, database interfaces, uri parsing, and more..Security Fix(es):
      apr-util: out-of-bounds writes in the apr_base64 (cve-2022-25147).
    Affected Products:
      Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64.
      Red hat enterprise linux server - aus 8.4 x86_64.
      Red hat enterprise linux for ibm z systems - extended update support 8.4 s390x.
      Red hat enterprise linux for power, little endian - extended update support 8.4 ppc64le.
      Red hat enterprise linux server - tus 8.4 x86_64.
      Red hat enterprise linux for arm 64 - extended update support 8.4 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.4 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.4 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3360 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3360
  • CVE-2023-20032
    QID: 378545
    In Development

    Cisco Advanced Malware Protection (AMP) Buffer Overflow Vulnerability (cisco-sa-clamav-q8DThCy)

    Severity
    Critical4
    Qualys ID
    378545
    Vendor Reference
    cisco-sa-clamav-q8DThCy
    CVE Reference
    CVE-2023-20032
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    A vulnerability in the HFS+ partition file parser of ClamAV could allow an unauthenticated, remote attacker to execute arbitrary code.

    Affected Versions:
    Cisco AMP for Endpoints Prior to Version 7.5.9

    Cisco AMP for Endpoints 8.0 Prior to Version 8.1.5

    QID Detection Logic:
    QID checks for the vulnerable version of Cisco AMP through Registry Key

    Consequence
    Successful exploitation could allow an unauthenticated, remote attacker to execute arbitrary code

    Solution
    Vendor has released fix to address these vulnerabilities. Refer to cisco-sa-clamav-q8DThCy
    Patches
    cisco-sa-clamav-q8DThCy
  • CVE-2023-24805
    QID: 241570
    Recently Published

    Red Hat Update for cups-filters (RHSA-2023:3423)

    Severity
    Critical4
    Qualys ID
    241570
    Date Published
    June 6, 2023
    Vendor Reference
    RHSA-2023:3423
    CVE Reference
    CVE-2023-24805
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    Red Hat has released a security update for cups-filters to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3423 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3423
  • CVE-2022-40674
    QID: 730816
    In Development

    Skyhigh (McAfee) Web Gateway Security Update for expat

    Severity
    Critical4
    Qualys ID
    730816
    Vendor Reference
    SWG 10.x, SWG 9.x, Skyhigh security SWG 11.x
    CVE Reference
    CVE-2022-40674
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c Affected Versions:
    9.x prior to 9.2.27
    10.x prior to 10.2.16
    11.x prior to 11.2.5

    QID Detection Logic :
    This QID retrieves Skyhigh Web Gateway version and checks to see if it's vulnerable.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Customers are advised to update to updated versions 11.2.5 and 10.2.16 and 9.2.27
    Patches
    Skyhigh Web Gateway 11.x
  • CVE-2023-24966
    QID: 378544
    In Development

    IBM WebSphere Application Server Cross-Site Scripting (XSS) Vulnerability (6986333)

    Severity
    Serious3
    Qualys ID
    378544
    Vendor Reference
    6986333
    CVE Reference
    CVE-2023-24966
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    IBM WebSphere Application Server is vulnerable to cross-site scripting.

    Affected Versions:
    WebSphere Application Server Version 9.0.0.0 through 9.0.5.15
    WebSphere Application Server Version 8.5.0.0 through 8.5.5.23

    QID Detection Logic:(Authenticated)
    It reads the fix xml file and WebSphereApplicationServer.properties to detect the vulnerable version and also checks for fix pack version.

    Consequence
    This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
    Solution
    Upgrade to minimal fix pack levels6986333
    Patches
    6986333
  • QID: 45573
    In Development

    Report All Data From Sudoers File - UNIX

    Severity
    Minimal1
    Qualys ID
    45573
    CVSS Scores
    Base / Temporal
    Description
    Report All Data From Sudoers file on Linux/Unix Machines.

    QID Detection Logic for Machines running Linux/Unix:
    This authenticated QID reads data from the file "/etc/sudoers" and display all data in it's result section.

    Consequence
    NA
    Solution
    NA
  • QID: 45572
    Under Investigation

    Microsoft Windows User account control information

    Severity
    Minimal1
    Qualys ID
    45572
    CVSS Scores
    Base / Temporal
    Description
    User information
    Consequence
    N/A
    Solution
    N/A
  • CVE-2023-27492+
    QID: 355316
    In Development

    Amazon Linux Security Advisory for ecs-service-connect-agent : ALAS2ECS-2023-003

    Severity
    Urgent5
    Qualys ID
    355316
    Vendor Reference
    ALAS2ECS-2023-003
    CVE Reference
    CVE-2023-27492, CVE-2023-27496, CVE-2023-27487, CVE-2023-27491, CVE-2023-27488, CVE-2023-27493
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    envoy is an open source edge and service proxy designed for cloud-native applications.
    Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass json web token (jwt) checks and forge fake original paths.
    The header `x-envoy-original-path` should be an internal header, but envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client.
    The faked header would then be used for trace logs and grpc logs, as well as used in the url used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header.
    Attackers may forge a trusted `x-envoy-original-path` header.
    Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue. (
    ( CVE-2023-27487) envoy is an open source edge and service proxy designed for cloud-native applications.
    Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter.
    For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service.
    When envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-utf-8 data was received, envoy would generate an invalid protobuf message and send it to the configured service.
    The receiving service would typically generate an error when decoding the protobuf message.
    For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case.
    ` character.
    ( CVE-2023-27496)



    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2ECS-2023-003 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2ECS-2023-003
  • CVE-2023-25173+
    QID: 355315
    In Development

    Amazon Linux Security Advisory for containerd : ALAS2ECS-2023-002

    Severity
    Critical4
    Qualys ID
    355315
    Vendor Reference
    ALAS2ECS-2023-002
    CVE Reference
    CVE-2023-25173, CVE-2023-25153, CVE-2022-23471
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    containerd is an open source container runtime.
    A bug was found in containerds cri implementation where a user can exhaust memory on the host.
    In the cri stream server, a goroutine is launched to handle terminal resize events if a tty is requested.
    If the users process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak.
    Kubernetes and crictl can both be configured to use containerds cri implementation and the stream server is used for handling container io.
    This bug has been fixed in containerd 1.6.12 and 1.5.16.
    Users should update to these versions to resolve the issue.
    Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. (
    ( CVE-2022-23471) containerd is an open source container runtime.
    Before versions 1.6.18 and 1.5.18, when importing an oci image, there was no limit on the number of bytes read for certain files.
    A maliciously crafted image with a large file where a limit was not applied could cause a denial of service.
    This bug has been fixed in containerd 1.6.18 and 1.5.18.
    As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. (
    ( CVE-2023-25153) containerd is an open source container runtime.
    A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container.
    Downstream applications that use the containerd client library may be affected as well.
    This bug has been fixed in containerd v1.6.18 and v.1.5.18.

    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2ECS-2023-002 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2ECS-2023-002
  • CVE-2022-23648
    QID: 355317
    In Development

    Amazon Linux Security Advisory for ecs-init, docker, containerd, runc : ALAS2ECS-2022-001

    Severity
    Critical4
    Qualys ID
    355317
    Vendor Reference
    ALAS2ECS-2022-001
    CVE Reference
    CVE-2022-23648
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    A bug was found in containerd where containers launched through containerd's cri implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host.
    This may bypass any policy-based enforcement on container setup (including a kubernetes pod security policy) and expose potentially sensitive information.
    Kubernetes and crictl can both be configured to use containerd's cri implementation. (
    ( CVE-2022-23648) this update includes the latest ecs agent and the latest docker, containerd, and runc versions.
    The severity is moderate.
    The packages are grouped in this advisory to indicate that all packages should be applied together to apply security updates and maintain operational stability.



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS2ECS-2022-001 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2 ALAS2ECS-2022-001
  • CVE-2022-2393+
    QID: 241564
    In Development

    Red Hat Update for pki-core:10.6 (RHSA-2023:3394)

    Severity
    Critical4
    Qualys ID
    241564
    Vendor Reference
    RHSA-2023:3394
    CVE Reference
    CVE-2022-2393, CVE-2022-2414
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    The public key infrastructure (pki) core contains fundamental packages required by Red Hat certificate system...Security Fix(es):
      pki-core: access to external entities when parsing xml can lead to xxe (cve-2022-2414).
      Pki-core: when using the caserverkeygen_dirusercert profile, user can get certificates for other uids by entering name in subject field (cve-2022-2393).
    Affected Products:
      Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64.
      Red hat enterprise linux server - aus 8.6 x86_64.
      Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x.
      Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le.
      Red hat enterprise linux server - tus 8.6 x86_64.
      Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3394 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3394
  • CVE-2023-29186
    QID: 87544
    Recently Published

    SAP NetWeaver ABAP Directory Traversal Vulnerability

    Severity
    Serious3
    Qualys ID
    87544
    Date Published
    June 6, 2023
    Vendor Reference
    SAP Security Advisory April 2023
    CVE Reference
    CVE-2023-29186
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server.

    Affected Versions:
    SAP NetWeaver for ABAP Versions - 707, 737, 747, 757

    QID Detection Logic(s):
    Scan initiates HTTP request on Web Server and determines version based on the Server Header.

    Consequence
    Successful exploitation of these vulnerabilities may may lead to a high impact on the availability and integrity of the application.

    Solution
    Customers are advised to follow the SAP NetWeaver ABAP for remediation instructions.
    Patches
    SAP Security Advisory April 2023
  • CVE-2023-25752+
    QID: 710739
    Recently Published

    Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 202305-35)

    Severity
    Critical4
    Qualys ID
    710739
    Date Published
    June 6, 2023
    Vendor Reference
    GLSA 202305-35
    CVE Reference
    CVE-2023-25752, CVE-2023-29536, CVE-2023-25738, CVE-2023-28177, CVE-2023-29537, CVE-2023-25730, CVE-2023-29548, CVE-2023-25739, CVE-2023-28161, CVE-2023-0767, CVE-2023-25734, CVE-2023-1999, CVE-2023-25731, CVE-2023-28163, CVE-2023-29541, CVE-2023-1945, CVE-2023-28162, CVE-2023-25729, CVE-2023-25748, CVE-2023-25746, CVE-2023-29547, CVE-2023-28160, CVE-2023-25750, CVE-2023-29533, CVE-2023-25751, CVE-2023-29538, CVE-2023-25742, CVE-2023-25735, CVE-2023-28164, CVE-2023-29539, CVE-2023-29551, CVE-2023-29543, CVE-2023-28159, CVE-2023-29535, CVE-2023-29550, CVE-2023-29544, CVE-2023-25732, CVE-2023-29549, CVE-2023-25749, CVE-2023-25737, CVE-2023-25728, CVE-2023-28176, CVE-2023-29540
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Gentoo has released a security update for mozilla firefox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202305-35 for updates and patch information.
    Patches
    Gentoo GLSA 202305-35
  • CVE-2023-24998+
    QID: 710733
    Recently Published

    Gentoo Linux Apache Tomcat Multiple Vulnerabilities (GLSA 202305-37)

    Severity
    Critical4
    Qualys ID
    710733
    Date Published
    June 6, 2023
    Vendor Reference
    GLSA 202305-37
    CVE Reference
    CVE-2023-24998, CVE-2023-28709, CVE-2022-45143, CVE-2022-42252
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Gentoo has released a security update for apache tomcat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202305-37 for updates and patch information.
    Patches
    Gentoo GLSA 202305-37
  • CVE-2023-29257
    QID: 20347
    Recently Published

    IBM DB2 Remote Code Execution (RCE) Vulnerability (6985691) (6985677)

    Severity
    Critical4
    Qualys ID
    20347
    Date Published
    June 6, 2023
    Vendor Reference
    6985677, 6985691
    CVE Reference
    CVE-2023-29257
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    IBM Db2 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance.

    Affected Versions:
    IBM DB2 10.5 prior to version V10.5 FP11
    IBM DB2 11.1 prior to version V11.1.4 FP7
    IBM DB2 11.5 prior to version V11.5.7
    IBM DB2 11.5.8000 prior to version V11.5.8000.317
    QID Detection Logic: Authenticated (DB2): This QID queries the DB2 server to get the server version and fix pack level and checks to see if it's vulnerable.

    Authenticated (Windows): This QID checks for vulnerable versions of DB2 on windows OS

    Consequence
    Successful exploitation of the vulnerability may allow attacker to run remote code execution

    Solution
    Please refer to the following links 6985691 Please refer to the following links 6985677
    Patches
    6985677, 6985691
  • CVE-2023-28968
    QID: 44017
    Recently Published

    Juniper Network Operating System (Junos OS) Improper Memory Allocation Vulnerability (JSA70592)

    Severity
    Serious3
    Qualys ID
    44017
    Date Published
    June 6, 2023
    Vendor Reference
    JSA70592
    CVE Reference
    CVE-2023-28968
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    Juniper Junos is the network operating system used in Juniper Networks hardware systems.

    An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through.

    This issue affects:
    All versions prior to 19.1R3-S10
    19.2 versions prior to 19.2R3-S7
    19.3 versions prior to 19.3R3-S8
    19.4 versions prior to 19.4R3-S11
    20.1 version 20.1R1 and later versions prior to 20.2R3-S7
    20.3 version 20.3R1 and later versions prior to 20.4R3-S6
    21.1 versions prior to 21.1R3-S5
    21.2 versions prior to 21.2R3-S4
    21.3 versions prior to 21.3R3-S3
    21.4 versions prior to 21.4R3-S3
    22.1 versions prior to 22.1R3-S1
    22.2 versions prior to 22.2R2-S1, 22.2R3
    22.3 versions prior to 22.3R1-S2, 22.3R2

    NOTE:
    Juniper Networks any version of the JDPI-Decoder Engine prior to version 5.7.0-47 with the JDPI-Decoder enabled using any version of the AppID SigPack prior to version 1.550.2-31 (SigPack 3533) on Junos OS on SRX Series

    QID detection logic: (Authenticated)
    It checks for vulnerable Junos OS version.

    Consequence
    Successful exploitation of this vulnerability may allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through.
    Solution
    The following software releases have been updated to resolve this specific issue For more information please visit JSA70592

    Patches
    JSA70592
  • CVE-2021-38185+
    QID: 181827
    Recently Published

    Debian Security Update for cpio (DLA 3445-1)

    Severity
    Critical4
    Qualys ID
    181827
    Date Published
    June 5, 2023
    Vendor Reference
    DLA 3445-1
    CVE Reference
    CVE-2021-38185, CVE-2019-14866
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Debian has released a security update for cpio to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3445-1 for updates and patch information.
    Patches
    Debian DLA 3445-1
  • QID: 284011
    Recently Published

    Fedora Security Update for Open Secure Sockets Layer (OpenSSL) (FEDORA-2023-964eb00fc6)

    Severity
    Critical4
    Qualys ID
    284011
    Date Published
    June 5, 2023
    Vendor Reference
    FEDORA-2023-964eb00fc6
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for openssl to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-964eb00fc6
  • CVE-2023-32700
    QID: 284013
    Recently Published

    Fedora Security Update for texlive (FEDORA-2023-d261122726)

    Severity
    Critical4
    Qualys ID
    284013
    Date Published
    June 5, 2023
    Vendor Reference
    FEDORA-2023-d261122726
    CVE Reference
    CVE-2023-32700
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for texlive to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-d261122726
  • CVE-2023-24329
    QID: 284012
    Recently Published

    Fedora Security Update for python3.6 (FEDORA-2023-56cefa23df)

    Severity
    Critical4
    Qualys ID
    284012
    Date Published
    June 5, 2023
    Vendor Reference
    FEDORA-2023-56cefa23df
    CVE Reference
    CVE-2023-24329
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    Fedora has released a security update for python3.6 to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-56cefa23df
  • CVE-2023-2856+
    QID: 181823
    Recently Published

    Debian Security Update for wireshark (DLA 3443-1)

    Severity
    Critical4
    Qualys ID
    181823
    Date Published
    June 5, 2023
    Vendor Reference
    DLA 3443-1
    CVE Reference
    CVE-2023-2856, CVE-2023-2879, CVE-2023-2858, CVE-2023-2952
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    Debian has released a security update for wireshark to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3443-1 for updates and patch information.
    Patches
    Debian DLA 3443-1
  • CVE-2021-32862
    QID: 181822
    Recently Published

    Debian Security Update for nbconvert (DLA 3442-1)

    Severity
    Serious3
    Qualys ID
    181822
    Date Published
    June 5, 2023
    Vendor Reference
    DLA 3442-1
    CVE Reference
    CVE-2021-32862
    CVSS Scores
    Base 5.4 / Temporal 4.9
    Description
    Debian has released a security update for nbconvert to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3442-1 for updates and patch information.
    Patches
    Debian DLA 3442-1
  • CVE-2021-36980+
    QID: 754067
    Recently Published

    SUSE Enterprise Linux Security Update for openvswitch (SUSE-SU-2023:2360-1)

    Severity
    Urgent5
    Qualys ID
    754067
    Date Published
    June 5, 2023
    Vendor Reference
    SUSE-SU-2023:2360-1
    CVE Reference
    CVE-2021-36980, CVE-2022-32166, CVE-2022-4337, CVE-2022-4338
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for openvswitch to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2360-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2360-1
  • CVE-2023-2937+
    QID: 378546
    Recently Published

    Microsoft Edge Based on Chromium Prior to 114.0.1823.37 Multiple Vulnerabilities

    Severity
    Critical4
    Qualys ID
    378546
    Date Published
    June 5, 2023
    Vendor Reference
    Edge (chromium based) 114.0.1823.37
    CVE Reference
    CVE-2023-2937, CVE-2023-2932, CVE-2023-33143, CVE-2023-2935, CVE-2023-2930, CVE-2023-2934, CVE-2023-2941, CVE-2023-2939, CVE-2023-2936, CVE-2023-29345, CVE-2023-2931, CVE-2023-2940, CVE-2023-2933, CVE-2023-2929, CVE-2023-2938
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    EdgeChromium has released security update for Mac and Windows to fix the vulnerabilities.
    QID Detection Logic: (Authenticated).
    It checks package versions to check for the vulnerable packages.


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Customers are advised to upgrade to version 114.0.1823.37 or later
    Patches
    Edge (chromium based) 114.0.1823.37
  • CVE-2023-34151
    QID: 754068
    Recently Published

    SUSE Enterprise Linux Security Update for ImageMagick (SUSE-SU-2023:2357-1)

    Severity
    Critical4
    Qualys ID
    754068
    Date Published
    June 5, 2023
    Vendor Reference
    SUSE-SU-2023:2357-1
    CVE Reference
    CVE-2023-34151
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for imagemagick to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2357-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2357-1
  • CVE-2023-28204+
    QID: 284010
    Recently Published

    Fedora Security Update for webkitgtk (FEDORA-2023-23cc337543)

    Severity
    Critical4
    Qualys ID
    284010
    Date Published
    June 5, 2023
    Vendor Reference
    FEDORA-2023-23cc337543
    CVE Reference
    CVE-2023-28204, CVE-2023-32373
    CVSS Scores
    Base 8.6 / Temporal 8
    Description
    Fedora has released a security update for webkitgtk to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-23cc337543
  • CVE-2023-2612+
    QID: 199390
    Recently Published

    Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-6135-1)

    Severity
    Critical4
    Qualys ID
    199390
    Date Published
    June 5, 2023
    Vendor Reference
    USN-6135-1
    CVE Reference
    CVE-2023-2612, CVE-2023-31436, CVE-2023-1380, CVE-2023-32233, CVE-2023-30456
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6135-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6135-1
  • CVE-2023-32233
    QID: 160712
    Recently Published

    Oracle Enterprise Linux Security Update for kernel (ELSA-2023-3349)

    Severity
    Critical4
    Qualys ID
    160712
    Date Published
    June 5, 2023
    Vendor Reference
    ELSA-2023-3349
    CVE Reference
    CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Oracle Enterprise Linux has released a security update for kernel security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-3349
    Patches
    Oracle Linux ELSA-2023-3349
  • CVE-2022-4144+
    QID: 160711
    Recently Published

    Oracle Enterprise Linux Security Update for qemu (ELSA-2023-12368)

    Severity
    Critical4
    Qualys ID
    160711
    Date Published
    June 5, 2023
    Vendor Reference
    ELSA-2023-12368
    CVE Reference
    CVE-2022-4144, CVE-2023-0664
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Oracle Enterprise Linux has released a security update for qemu to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-12368
    Patches
    Oracle Linux ELSA-2023-12368
  • CVE-2023-32307
    QID: 181821
    Recently Published

    Debian Security Update for sofia-sip (DLA 3441-1)

    Severity
    Critical4
    Qualys ID
    181821
    Date Published
    June 5, 2023
    Vendor Reference
    DLA 3441-1
    CVE Reference
    CVE-2023-32307
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for sofia-sip to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3441-1 for updates and patch information.
    Patches
    Debian DLA 3441-1
  • CVE-2023-1544
    QID: 160713
    Recently Published

    Oracle Enterprise Linux Security Update for virt:kvm_utils2 (ELSA-2023-12358)

    Severity
    Serious3
    Qualys ID
    160713
    Date Published
    June 5, 2023
    Vendor Reference
    ELSA-2023-12358
    CVE Reference
    CVE-2023-1544
    CVSS Scores
    Base 6.3 / Temporal 5.5
    Description
    Oracle Enterprise Linux has released a security update for virt:kvm_utils2 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-12358
    Patches
    Oracle Linux ELSA-2023-12358
  • CVE-2022-23121
    QID: 181820
    Recently Published

    Debian Security Update for netatalk (DLA 3426-2)

    Severity
    Urgent5
    Qualys ID
    181820
    Date Published
    June 5, 2023
    Vendor Reference
    DLA 3426-2
    CVE Reference
    CVE-2022-23121
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released a security update for netatalk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3426-2 for updates and patch information.
    Patches
    Debian DLA 3426-2
  • CVE-2023-27492+
    QID: 160710
    Recently Published

    Oracle Enterprise Linux Security Update for olcne (ELSA-2023-23648)

    Severity
    Urgent5
    Qualys ID
    160710
    Date Published
    June 5, 2023
    Vendor Reference
    ELSA-2023-23648
    CVE Reference
    CVE-2023-27492, CVE-2023-27493, CVE-2023-27496, CVE-2023-27491, CVE-2023-27488, CVE-2023-27487
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    Oracle Enterprise Linux has released a security update for olcne to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-23648
    Patches
    Oracle Linux ELSA-2023-23648
  • CVE-2023-1874
    QID: 730815
    Recently Published

    WordPress Plugin WP Data Access Authenticated Privilege Escalation Vulnerability

    Severity
    Critical4
    Qualys ID
    730815
    Date Published
    June 5, 2023
    Vendor Reference
    WP Data Access Plugin Home Page
    CVE Reference
    CVE-2023-1874
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    WordPress Plugin WP Data Access Create professional responsive data tables within minutes.

    Due to a lack of authorization checks on the multiple_roles_update function and authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update.

    Affected versions:
    WP Data Access versions prior to 5.3.8

    QID Detection Logic :
    This unauthenticated detection depends on the BlindElephant engine to detect the vulnerable version of the WP Data Access WordPress plugin.

    Consequence
    Successful exploitation of this vulnerability may allow an authenticated attackers with minimal permissions to modify their user role by supplying the 'wpda_role[]' parameter during a profile update.
    Solution
    Customers are advised to upgrade to WP Data Access 5.3.8 or later version to remediate this vulnerability.
    Patches
    WP Data Access Plugin Home Page
  • CVE-2023-34151
    QID: 754063
    Recently Published

    SUSE Enterprise Linux Security Update for ImageMagick (SUSE-SU-2023:2345-1)

    Severity
    Critical4
    Qualys ID
    754063
    Date Published
    June 5, 2023
    Vendor Reference
    SUSE-SU-2023:2345-1
    CVE Reference
    CVE-2023-34151
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for imagemagick to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2345-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2345-1
  • CVE-2023-1829+
    QID: 199389
    Recently Published

    Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6133-1)

    Severity
    Critical4
    Qualys ID
    199389
    Date Published
    June 5, 2023
    Vendor Reference
    USN-6133-1
    CVE Reference
    CVE-2023-1829, CVE-2023-32269, CVE-2023-1872, CVE-2022-3707, CVE-2023-0459, CVE-2023-1513, CVE-2023-1118, CVE-2023-1078, CVE-2023-20938, CVE-2022-27672, CVE-2023-1075, CVE-2023-2162
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6133-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6133-1
  • CVE-2023-30456+
    QID: 199386
    Recently Published

    Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6131-1)

    Severity
    Critical4
    Qualys ID
    199386
    Date Published
    June 5, 2023
    Vendor Reference
    USN-6131-1
    CVE Reference
    CVE-2023-30456, CVE-2023-2612, CVE-2023-32233, CVE-2023-1380, CVE-2023-31436
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6131-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6131-1
  • CVE-2023-1652+
    QID: 199385
    Recently Published

    Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6134-1)

    Severity
    Critical4
    Qualys ID
    199385
    Date Published
    June 5, 2023
    Vendor Reference
    USN-6134-1
    CVE Reference
    CVE-2023-1652, CVE-2023-0394, CVE-2022-47929, CVE-2023-21102, CVE-2023-1118, CVE-2022-4129, CVE-2023-32269, CVE-2023-1281, CVE-2022-3707, CVE-2023-1513, CVE-2023-26545, CVE-2022-27672, CVE-2023-1075, CVE-2023-2162, CVE-2023-1074, CVE-2023-0458, CVE-2023-0459, CVE-2023-0386, CVE-2023-20938, CVE-2022-4842, CVE-2023-1829, CVE-2023-1073, CVE-2023-1872, CVE-2023-1078
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6134-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6134-1
  • CVE-2023-30456+
    QID: 199384
    Recently Published

    Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6132-1)

    Severity
    Critical4
    Qualys ID
    199384
    Date Published
    June 5, 2023
    Vendor Reference
    USN-6132-1
    CVE Reference
    CVE-2023-30456, CVE-2023-32269, CVE-2023-2612, CVE-2022-3707, CVE-2023-32233, CVE-2023-0459, CVE-2023-1513, CVE-2023-1118, CVE-2023-1078, CVE-2023-1380, CVE-2023-1075, CVE-2023-31436, CVE-2023-2162
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6132-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6132-1
  • CVE-2023-32324
    QID: 754066
    Recently Published

    SUSE Enterprise Linux Security Update for cups (SUSE-SU-2023:2346-1)

    Severity
    Critical4
    Qualys ID
    754066
    Date Published
    June 5, 2023
    Vendor Reference
    SUSE-SU-2023:2346-1
    CVE Reference
    CVE-2023-32324
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for cups to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2346-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2346-1
  • CVE-2023-32324
    QID: 754065
    Recently Published

    SUSE Enterprise Linux Security Update for cups (SUSE-SU-2023:2347-1)

    Severity
    Critical4
    Qualys ID
    754065
    Date Published
    June 5, 2023
    Vendor Reference
    SUSE-SU-2023:2347-1
    CVE Reference
    CVE-2023-32324
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for cups to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
    SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2347-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2347-1
  • CVE-2023-2650
    QID: 754064
    Recently Published

    SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:2343-1)

    Severity
    Critical4
    Qualys ID
    754064
    Date Published
    June 5, 2023
    Vendor Reference
    SUSE-SU-2023:2343-1
    CVE Reference
    CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for openssl-1_1 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2343-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2343-1
  • CVE-2023-32324
    QID: 199387
    Recently Published

    Ubuntu Security Notification for CUPS Vulnerability (USN-6128-1)

    Severity
    Critical4
    Qualys ID
    199387
    Date Published
    June 5, 2023
    Vendor Reference
    USN-6128-1
    CVE Reference
    CVE-2023-32324
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for cups to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6128-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6128-1
  • CVE-2023-32324
    QID: 181819
    Recently Published

    Debian Security Update for cups (DLA 3440-1)

    Severity
    Critical4
    Qualys ID
    181819
    Date Published
    June 5, 2023
    Vendor Reference
    DLA 3440-1
    CVE Reference
    CVE-2023-32324
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for cups to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3440-1 for updates and patch information.
    Patches
    Debian DLA 3440-1
  • CVE-2023-1981
    QID: 199388
    Recently Published

    Ubuntu Security Notification for Avahi Vulnerability (USN-6129-1)

    Severity
    Critical4
    Qualys ID
    199388
    Date Published
    June 5, 2023
    Vendor Reference
    USN-6129-1
    CVE Reference
    CVE-2023-1981
    CVSS Scores
    Base 5.5 / Temporal 5
    Description
    Ubuntu has released a security update for avahi to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6129-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6129-1
  • CVE-2022-2056+
    QID: 503030
    Recently Published

    Alpine Linux Security Update for tiff

    Severity
    Serious3
    Qualys ID
    503030
    Date Published
    June 5, 2023
    Vendor Reference
    tiff
    CVE Reference
    CVE-2022-2056, CVE-2022-2057, CVE-2022-2058, CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-34526
    CVSS Scores
    Base 6.5 / Temporal 5.9
    Description
    Alpine Linux has released a security update for tiff to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.15
    Alpine Linux 3.16


    Affected Package versions prior to 4.4.0-r3.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory tiff for updates and patch information.
    Patches
    Alpine Linux tiff-4.4.0-r3
  • QID: 754061
    Recently Published

    SUSE Enterprise Linux Security Update for kubernetes1.18 (SUSE-SU-2023:2288-1)

    Severity
    Critical4
    Qualys ID
    754061
    Date Published
    June 5, 2023
    Vendor Reference
    SUSE-SU-2023:2288-1
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for suse_enterprise_linux to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2288-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2288-1
  • CVE-2022-28737
    QID: 754060
    Recently Published

    SUSE Enterprise Linux Security Update for shim (SUSE-SU-2023:2084-1)

    Severity
    Critical4
    Qualys ID
    754060
    Date Published
    June 5, 2023
    Vendor Reference
    SUSE-SU-2023:2084-1
    CVE Reference
    CVE-2022-28737
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for shim to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2084-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2084-1
  • CVE-2023-32324
    QID: 503029
    Recently Published

    Alpine Linux Security Update for cups

    Severity
    Critical4
    Qualys ID
    503029
    Date Published
    June 5, 2023
    Vendor Reference
    cups
    CVE Reference
    CVE-2023-32324
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Alpine Linux has released a security update for cups to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.17


    Affected Package versions prior to 2.4.2-r2.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory cups for updates and patch information.
    Patches
    Alpine Linux cups-2.4.2-r2
  • CVE-2023-32324
    QID: 503028
    Recently Published

    Alpine Linux Security Update for cups

    Severity
    Critical4
    Qualys ID
    503028
    Date Published
    June 5, 2023
    Vendor Reference
    cups
    CVE Reference
    CVE-2023-32324
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Alpine Linux has released a security update for cups to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.16


    Affected Package versions prior to 2.4.2-r1.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory cups for updates and patch information.
    Patches
    Alpine Linux cups-2.4.2-r1
  • CVE-2023-32324
    QID: 503027
    Recently Published

    Alpine Linux Security Update for cups

    Severity
    Critical4
    Qualys ID
    503027
    Date Published
    June 5, 2023
    Vendor Reference
    cups
    CVE Reference
    CVE-2023-32324
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Alpine Linux has released a security update for cups to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.15


    Affected Package versions prior to 2.3.3-r7.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory cups for updates and patch information.
    Patches
    Alpine Linux cups-2.3.3-r7
  • QID: 284009
    Recently Published

    Fedora Security Update for edk2 (FEDORA-2023-ca393d660a)

    Severity
    Critical4
    Qualys ID
    284009
    Date Published
    June 5, 2023
    Vendor Reference
    FEDORA-2023-ca393d660a
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for edk2 to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-ca393d660a
  • QID: 284006
    Recently Published

    Fedora Security Update for wordpress (FEDORA-2023-f238593a42)

    Severity
    Critical4
    Qualys ID
    284006
    Date Published
    June 5, 2023
    Vendor Reference
    FEDORA-2023-f238593a42
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for wordpress to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-f238593a42
  • CVE-2023-29491
    QID: 754059
    Recently Published

    SUSE Enterprise Linux Security Update for ncurses (SUSE-SU-2023:2111-1)

    Severity
    Critical4
    Qualys ID
    754059
    Date Published
    June 5, 2023
    Vendor Reference
    SUSE-SU-2023:2111-1
    CVE Reference
    CVE-2023-29491
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    SUSE has released a security update for ncurses to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2111-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2111-1
  • CVE-2023-0341
    QID: 284008
    Recently Published

    Fedora Security Update for editorconfig (FEDORA-2023-6e5d4757df)

    Severity
    Critical4
    Qualys ID
    284008
    Date Published
    June 5, 2023
    Vendor Reference
    FEDORA-2023-6e5d4757df
    CVE Reference
    CVE-2023-0341
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Fedora has released a security update for editorconfig to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-6e5d4757df
  • CVE-2023-33297
    QID: 284007
    Recently Published

    Fedora Security Update for bitcoin (FEDORA-2023-3317c9b824)

    Severity
    Critical4
    Qualys ID
    284007
    Date Published
    June 5, 2023
    Vendor Reference
    FEDORA-2023-3317c9b824
    CVE Reference
    CVE-2023-33297
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for bitcoin to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-3317c9b824
  • CVE-2023-27539+
    QID: 160709
    Recently Published

    Oracle Enterprise Linux Security Update for pcs (ELSA-2023-3082)

    Severity
    Critical4
    Qualys ID
    160709
    Date Published
    June 5, 2023
    Vendor Reference
    ELSA-2023-3082
    CVE Reference
    CVE-2023-27539, CVE-2023-27530
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for pcs to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-3082
    Patches
    Oracle Linux ELSA-2023-3082
  • CVE-2023-23946+
    QID: 378542
    Recently Published

    GitLab Multiple Security Vulnerability (14-Feb-23)

    Severity
    Serious3
    Qualys ID
    378542
    Date Published
    June 5, 2023
    Vendor Reference
    Gitlab Release Notes
    CVE Reference
    CVE-2023-23946, CVE-2023-22490
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    GitLab Inc. is an open-core company that operates GitLab, a DevOps software package which can develop, secure, and operate software

    Affected Versions:
    GitLab affecting all versions before 15.8.2
    GitLab affecting all versions before 15.7.7
    GitLab EE affecting all versions 15.6.8
    QID Detection Logic:(Authenticated)
    It fires gitlab-rake gitlab:env:info command to check vulnerable version of GitLab.

    Consequence
    Successful exploitation of the vulnerability may lead to remote code and other multiple execution.

    Solution
    The vendor has released a patch for these vulnerabilities. For more information, please visit GitLab advisory
    Patches
    Gitlab Advisory
  • CVE-2023-20106+
    QID: 317332
    Recently Published

    Cisco Identity Services Engine (ISE) Multiple Vulnerabilities (cisco-sa-ise-file-delete-read-PK5ghDDd)

    Severity
    Serious3
    Qualys ID
    317332
    Date Published
    June 5, 2023
    Vendor Reference
    cisco-sa-ise-file-delete-read-PK5ghDDd
    CVE Reference
    CVE-2023-20106, CVE-2023-20171, CVE-2023-20172
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device.

    CVE-2023-20171 : A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to delete arbitrary files on an affected device.
    CVE-2023-20106: A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions.
    CVE-2023-20172: A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid Administrator-level privileges on the affected device.
    Note: These vulnerabilities can be exploited only by valid and authorized users of the Cisco ISE system. As a best practice, customers can restrict console access and admin web access. To configure the access restrictions, choose Administration > System > Admin Access > Settings > Access > IP Access. Affected Versions:
    from 3.1 prior to 3.1P6
    from 3.2 prior to 3.2P2

    QID Detection Logic (Authenticated):
    The check matches the Cisco ISE version and ise_patch retrieved via Unix Auth using "show version" command.

    Consequence
    A successful exploit could allow the attacker to delete arbitrary files on an affected device

    Solution

    Customers are advised to refer to cisco-sa-ise-file-delete-read-PK5ghDDd for more information.

    Patches
    cisco-sa-ise-file-delete-read-PK5ghDDd
  • CVE-2023-20087
    QID: 317331
    Recently Published

    Cisco Identity Services Engine (ISE) Arbitrary File Download Vulnerabilities (cisco-sa-ise-file-dwnld-Srcdnkd2) (CVE-2023-20087)

    Severity
    Serious3
    Qualys ID
    317331
    Date Published
    June 5, 2023
    Vendor Reference
    cisco-sa-ise-file-dwnld-Srcdnkd2
    CVE Reference
    CVE-2023-20087
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.

    Affected Versions:
    from 3.2 prior to 3.2P2
    QID Detection Logic (Authenticated):
    The check matches the Cisco ISE version and ise_patch retrieved via Unix Auth using "show version" command.

    Consequence
    A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.

    Solution

    Customers are advised to refer to cisco-sa-ise-file-dwnld-Srcdnkd2 for more information.

    Patches
    cisco-sa-ise-file-dwnld-Srcdnkd2
  • CVE-2023-0795+
    QID: 754062
    Recently Published

    SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:2334-1)

    Severity
    Serious3
    Qualys ID
    754062
    Date Published
    June 5, 2023
    Vendor Reference
    SUSE-SU-2023:2334-1
    CVE Reference
    CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804
    CVSS Scores
    Base 5.5 / Temporal 5
    Description
    SUSE has released a security update for tiff to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2334-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2334-1
  • CVE-2023-30777
    QID: 730813
    Recently Published

    WordPress Plugin Advanced Custom Fields Cross-Site Scripting (XSS) Vulnerability

    Severity
    Critical4
    Qualys ID
    730813
    Date Published
    June 5, 2023
    Vendor Reference
    Advanced Custom Fields (ACF) Plugin Release Notes
    CVE Reference
    CVE-2023-30777
    CVSS Scores
    Base 6.1 / Temporal 5.5
    Description
    Advanced Custom Fields (ACF) is a powerful and popular WordPress plugin. With ACF, users can easily create custom fields, add metadata, and manipulate data, allowing for more complex and customizable websites.

    The plugin has been found to have a vulnerability that can potentially allow Reflected Cross-Site Scripting (XSS) attacks. The vulnerability is caused by insufficient input sanitization and output escaping of the 'post_status' parameter. If successfully exploited, attackers can inject arbitrary web scripts that execute when a user performs a specific action, such as clicking on a malicious link. It is important to note that this vulnerability can be exploited without authentication, making it particularly dangerous for WordPress site owners.

    Affected versions:
    Advanced Custom Fields plugin versions 6.1.5 and below

    QID Detection Logic :
    This unauthenticated detection depends on the BlindElephant engine to detect the vulnerable version of the Advanced Custom Fields WordPress plugin.

    Consequence
    Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.

    Solution
    Customers are advised to upgrade to Advanced Custom Fields 6.1.6 or later version to remediate this vulnerability.
    Patches
    Advanced Custom Fields (ACF) Plugin Release Notes
  • CVE-2023-27554
    QID: 378508
    Recently Published

    IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability

    Severity
    Serious3
    Qualys ID
    378508
    Date Published
    June 5, 2023
    Vendor Reference
    6989451
    CVE Reference
    CVE-2023-27554
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability.

    Affected Versions:
    WebSphere Application Server Version 9.0.0.0 through 9.0.5.15
    WebSphere Application Server Version 8.5.0.0 through 8.5.5.23

    QID Detection Logic:(Authenticated)
    It reads the fix xml file and WebSphereApplicationServer.properties to detect the vulnerable version and also checks for fix pack version.

    Consequence
    This vulnerability allow a remote attacker to exploit this vulnerability to expose sensitive information or consume memory resources.
    Solution
    Upgrade to minimal fix pack levels6989451 or Apply Fix Pack 9.0.5.16 or later for 9.0 versions and 8.5.5.24 or later for 8.5 versions.
    Patches
    6989451
  • CVE-2023-27555
    QID: 20351
    Recently Published

    IBM DB2 Denial of Service (DoS) Vulnerability (6985683)

    Severity
    Serious3
    Qualys ID
    20351
    Date Published
    June 5, 2023
    Vendor Reference
    6985683
    CVE Reference
    CVE-2023-27555
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    IBM Db2 is vulnerable to a denial of service as the server may crash when when attempting to use ACR client affinity for unfenced DRDA federation wrappers.

    Affected Versions:
    IBM DB2 11.5 prior to version V11.5.7
    IBM DB2 11.5 prior to version V11.5.8
    Note: the configurations cannot be checked hence potential detection QID Detection Logic: Authenticated (DB2): This QID queries the DB2 server to get the server version and fix pack level and checks to see if it's vulnerable.

    Authenticated (Windows): This QID checks for vulnerable versions of DB2 on windows OS

    Consequence
    Successful exploitation may lead to denial of service

    Solution
    Please refer to the following links 6985683
    Patches
    6985683
  • CVE-2022-3602+
    QID: 330128
    Recently Published

    IBM AIX Multiple Vulnerabilities in Open Secure Sockets Layer (OpenSSL) (openssl_advisory37)

    Severity
    Critical4
    Qualys ID
    330128
    Date Published
    June 5, 2023
    Vendor Reference
    openssl_advisory37
    CVE Reference
    CVE-2022-3602, CVE-2022-3786, CVE-2022-3358
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    Vulnerabilities in OpenSSL could allow a remote attacker to cause a buffer overflow (CVE-2022-3602), cause a denial of service (CVE-2022-3786), or obtain sensitive information (CVE-2022-3358). OpenSSL is used by AIX as part of AIX's secure network communications.

    Affected Platform:
    AIX 7.3.1
    QID Detection Logic (Authenticated):
    The detection checks for installed packages version via command lslpp -L | grep -i openssl.base. It also checks for interim fixes installed The detection posts vulnerable if installed package version is less than patched version and interim fixes are also not installed.

    Consequence
    Successful exploitation of vulnerability may lead to arbritrary code execution, denial of service and information disclosure

    Solution
    The vendor has released fixes to openssl_advisory37 this vulnerability.
    Patches
    openssl_advisory37
  • CVE-2023-34362
    QID: 378543
    Recently Published

    IpSwitch MOVEit Transfer Critical Vulnerability (May 2023)

    Severity
    Urgent5
    Qualys ID
    378543
    Date Published
    June 2, 2023
    Vendor Reference
    MOVEit Transfer Critical Vulnerability
    CVE Reference
    CVE-2023-34362
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    MOVEit Transfer is a managed file transfer (MFT) solution developed by Ipswitch. It allows the enterprise to securely transfer files between business partners and customers using SFTP, SCP, and HTTP-based uploads.

    Affected Versions:
    MOVEit Transfer 2023.0.x versions prior to 2023.0.1
    MOVEit Transfer 2022.1.x versions prior to 2022.1.5
    MOVEit Transfer 2022.0.x versions prior to 2022.0.4
    MOVEit Transfer 2021.1.x versions prior to 2021.1.4
    MOVEit Transfer 2021.0.x versions prior to 2021.0.6

    QID Detection Logic: (Authenticated)
    This QID checks file version of SysStat.exe to check the vulnerable version of the product.

    Consequence
    Successful exploitation of this vulnerability could lead to privilege escalation and potential unauthorized access to the MOVEit environment.

    Solution
    Customers are advised to refer to the article 000234532 for more information regarding the vulnerability and its related patches and workarounds.

    Workaround:
    For workaround, please refer to MOVEit Advisory.

    Patches
    MOVEit Transfer Critical Vulnerability
  • CVE-2023-32700+
    QID: 181817
    Recently Published

    Debian Security Update for texlive-bin (DLA 3427-2)

    Severity
    Urgent5
    Qualys ID
    181817
    Date Published
    June 1, 2023
    Vendor Reference
    DLA 3427-2
    CVE Reference
    CVE-2023-32700, CVE-2019-18604
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released a security update for texlive-bin to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3427-2 for updates and patch information.
    Patches
    Debian DLA 3427-2
  • CVE-2023-2933+
    QID: 691176
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for chromium (fd87a250-ff78-11ed-8290-a8a1599412c6)

    Severity
    Critical4
    Qualys ID
    691176
    Date Published
    June 1, 2023
    Vendor Reference
    fd87a250-ff78-11ed-8290-a8a1599412c6
    CVE Reference
    CVE-2023-2933, CVE-2023-2936, CVE-2023-2934, CVE-2023-2938, CVE-2023-2937, CVE-2023-2931, CVE-2023-2935, CVE-2023-2932, CVE-2023-2930, CVE-2023-2940, CVE-2023-2929, CVE-2023-2939, CVE-2023-2941
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    FreeBSD has released a security update for chromium to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory fd87a250-ff78-11ed-8290-a8a1599412c6 for updates and patch information.
    Patches
    "FreeBSD" fd87a250-ff78-11ed-8290-a8a1599412c6
  • CVE-2022-4254
    QID: 181816
    Recently Published

    Debian Security Update for sssd (DLA 3436-2)

    Severity
    Critical4
    Qualys ID
    181816
    Date Published
    June 1, 2023
    Vendor Reference
    DLA 3436-2
    CVE Reference
    CVE-2022-4254
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    Debian has released a security update for sssd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3436-2 for updates and patch information.
    Patches
    Debian DLA 3436-2
  • CVE-2023-1999
    QID: 181815
    Recently Published

    Debian Security Update for libwebp (DLA 3439-1)

    Severity
    Critical4
    Qualys ID
    181815
    Date Published
    June 1, 2023
    Vendor Reference
    DLA 3439-1
    CVE Reference
    CVE-2023-1999
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for libwebp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3439-1 for updates and patch information.
    Patches
    Debian DLA 3439-1
  • CVE-2022-3564+
    QID: 241567
    Recently Published

    Red Hat Update for kernel security (RHSA-2023:3388)

    Severity
    Critical4
    Qualys ID
    241567
    Date Published
    June 1, 2023
    Vendor Reference
    RHSA-2023:3388
    CVE Reference
    CVE-2022-3564, CVE-2022-4378, CVE-2022-39188, CVE-2022-42703
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    The kernel packages contain the linux kernel, the core of any linux operating system...Security Fix(es):
      kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (cve-2022-3564).
      Kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (cve-2022-4378).
      Kernel: unmap_mapping_range() race with munmap() on vm_pfnmap mappings leads to stale tlb entry (cve-2022-39188).
      Kernel: use-after-free related to leaf anon_vma double reuse (cve-2022-42703).
    Affected Products:
      Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64.
      Red hat enterprise linux server - aus 8.6 x86_64.
      Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x.
      Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le.
      Red hat virtualization host 4 for rhel 8 x86_64.
      Red hat enterprise linux server - tus 8.6 x86_64.
      Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
      Red hat codeready linux builder for x86_64 - extended update support 8.6 x86_64.
      Red hat codeready linux builder for power, little endian - extended update support 8.6 ppc64le.
      Red hat codeready linux builder for arm 64 - extended update support 8.6 aarch64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3388 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3388
  • CVE-2022-36369
    QID: 241566
    Recently Published

    Red Hat Update for qatzip (RHSA-2023:3397)

    Severity
    Critical4
    Qualys ID
    241566
    Date Published
    June 1, 2023
    Vendor Reference
    RHSA-2023:3397
    CVE Reference
    CVE-2022-36369
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Qatzip is a user space library which builds on top of the intel quickassist technology user space library, to provide extended accelerated compression and decompression services by offloading the actual compression and decompression request(s) to the intel chipset series.
    Qatzip produces data using the standard gzip* format (rfc1952) with extended headers.
    The data can be decompressed with a compliant gzip* implementation.
    Qatzip is designed to take full advantage of the performance provided by intel quickassist technology...Security Fix(es):
      qatzip: local privilege escalation (cve-2022-36369).
    Affected Products:
      Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64.
      Red hat enterprise linux server - aus 8.6 x86_64.
      Red hat enterprise linux server - tus 8.6 x86_64.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
      Red hat codeready linux builder for x86_64 - extended update support 8.6 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3397 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3397
  • CVE-2023-31436+
    QID: 199382
    Recently Published

    Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6127-1)

    Severity
    Critical4
    Qualys ID
    199382
    Date Published
    June 1, 2023
    Vendor Reference
    USN-6127-1
    CVE Reference
    CVE-2023-31436, CVE-2023-32233, CVE-2023-2612, CVE-2023-30456, CVE-2023-1380
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6127-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6127-1
  • CVE-2023-2650
    QID: 691177
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (eb9a3c57-ff9e-11ed-a0d1-84a93843eb75)

    Severity
    Critical4
    Qualys ID
    691177
    Date Published
    June 1, 2023
    Vendor Reference
    eb9a3c57-ff9e-11ed-a0d1-84a93843eb75
    CVE Reference
    CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    FreeBSD has released a security update for openssl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory eb9a3c57-ff9e-11ed-a0d1-84a93843eb75 for updates and patch information.
    Patches
    "FreeBSD" eb9a3c57-ff9e-11ed-a0d1-84a93843eb75
  • CVE-2023-0465+
    QID: 181818
    Recently Published

    Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5417-1)

    Severity
    Critical4
    Qualys ID
    181818
    Date Published
    June 1, 2023
    Vendor Reference
    DSA 5417-1
    CVE Reference
    CVE-2023-0465, CVE-2023-0464, CVE-2023-0466, CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for openssl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5417-1 for updates and patch information.
    Patches
    Debian DSA 5417-1
  • CVE-2023-0119
    QID: 241569
    Recently Published

    Red Hat Update for Satellite 6.13.1 (RHSA-2023:3387)

    Severity
    Serious3
    Qualys ID
    241569
    Date Published
    June 1, 2023
    Vendor Reference
    RHSA-2023:3387
    CVE Reference
    CVE-2023-0119
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Red Hat has released a security update for satellite to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3387 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3387
  • CVE-2022-4304+
    QID: 241568
    Recently Published

    Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2023:3408)

    Severity
    Serious3
    Qualys ID
    241568
    Date Published
    June 1, 2023
    Vendor Reference
    RHSA-2023:3408
    CVE Reference
    CVE-2022-4304, CVE-2022-4450, CVE-2023-0215
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    Openssl is a toolkit that implements the secure sockets layer (ssl) and transport layer security (tls) protocols, as well as a full-strength general-purpose cryptography library...Security Fix(es):
      openssl: timing attack in rsa decryption implementation (cve-2022-4304).
      Openssl: double free after calling pem_read_bio_ex (cve-2022-4450).
      Openssl: use-after-free following bio_new_ndef (cve-2023-0215).
    Affected Products:
      Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64.
      Red hat enterprise linux server - aus 8.6 x86_64.
      Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x.
      Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le.
      Red hat enterprise linux server - tus 8.6 x86_64.
      Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3408 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3408
  • CVE-2023-27530+
    QID: 241565
    Recently Published

    Red Hat Update for pcs (RHSA-2023:3403)

    Severity
    Serious3
    Qualys ID
    241565
    Date Published
    June 1, 2023
    Vendor Reference
    RHSA-2023:3403
    CVE Reference
    CVE-2023-27530, CVE-2023-27539
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    The pcs packages provide a command-line configuration system for the pacemaker and corosync utilities...Security Fix(es):
      rubygem-rack: denial of service in multipart mime parsing (cve-2023-27530).
      Rubygem-rack: denial of service in header parsing (cve-2023-27539).
    Affected Products:
      Red Hat enterprise linux high availability for x86_64 - extended update support 8.6 x86_64.
      Red hat enterprise linux resilient storage for x86_64 - extended update support 8.6 x86_64.
      Red hat enterprise linux resilient storage for ibm power le - extended update support 8.6 ppc64le.
      Red hat enterprise linux high availability (for ibm power le) - extended update support 8.6 ppc64le.
      Red hat enterprise linux high availability for power le - update services for sap solutions 8.6 ppc64le.
      Red hat enterprise linux high availability for x86_64 - update services for sap solutions 8.6 x86_64.
      Red hat enterprise linux high availability (for ibm z systems) - extended update support 8.6 s390x.
      Red hat enterprise linux high availability (for arm 64) - extended update support 8.6 aarch64.
      Red hat enterprise linux resilient storage for ibm z systems - extended update support 8.6 s390x.
      Red hat enterprise linux high availability for x86_64 - telecommunications update service 8.6 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3403 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3403
  • CVE-2023-0795+
    QID: 503026
    Recently Published

    Alpine Linux Security Update for tiff

    Severity
    Serious3
    Qualys ID
    503026
    Date Published
    June 1, 2023
    Vendor Reference
    tiff
    CVE Reference
    CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804
    CVSS Scores
    Base 5.5 / Temporal 5
    Description
    Alpine Linux has released a security update for tiff to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.16


    Affected Package versions prior to 4.4.0-r2.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory tiff for updates and patch information.
    Patches
    Alpine Linux tiff-4.4.0-r2
  • CVE-2023-2700+
    QID: 199383
    Recently Published

    Ubuntu Security Notification for libvirt Vulnerabilities (USN-6126-1)

    Severity
    Serious3
    Qualys ID
    199383
    Date Published
    June 1, 2023
    Vendor Reference
    USN-6126-1
    CVE Reference
    CVE-2023-2700, CVE-2022-0897
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    Ubuntu has released a security update for libvirt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6126-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6126-1
  • CVE-2023-32685
    QID: 691178
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for kanboard (79514fcd-feb4-11ed-92b5-b42e991fc52e)

    Severity
    Medium2
    Qualys ID
    691178
    Date Published
    June 1, 2023
    Vendor Reference
    79514fcd-feb4-11ed-92b5-b42e991fc52e
    CVE Reference
    CVE-2023-32685
    CVSS Scores
    Base 4.4 / Temporal 3.9
    Description
    FreeBSD has released a security update for kanboard to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory 79514fcd-feb4-11ed-92b5-b42e991fc52e for updates and patch information.
    Patches
    "FreeBSD" 79514fcd-feb4-11ed-92b5-b42e991fc52e
  • CVE-2021-33391
    QID: 906928
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for tidy (13687-1)

    Severity
    Urgent5
    Qualys ID
    906928
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_13687-1
    CVE Reference
    CVE-2021-33391
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for tidy to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 13687-1
  • CVE-2022-27404
    QID: 906921
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (26757-1)

    Severity
    Urgent5
    Qualys ID
    906921
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26757-1
    CVE Reference
    CVE-2022-27404
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for qt5-qtbase to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26757-1
  • CVE-2023-26463
    QID: 906903
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for strongswan (26300-1)

    Severity
    Urgent5
    Qualys ID
    906903
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26300-1
    CVE Reference
    CVE-2023-26463
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for strongswan to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26300-1
  • CVE-2023-0668+
    QID: 754056
    Recently Published

    SUSE Enterprise Linux Security Update for wireshark (SUSE-SU-2023:2320-1)

    Severity
    Critical4
    Qualys ID
    754056
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2320-1
    CVE Reference
    CVE-2023-0668, CVE-2023-2855, CVE-2023-2856, CVE-2023-2857, CVE-2023-2858, CVE-2023-2859
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    SUSE has released a security update for wireshark to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2320-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2320-1
  • QID: 754054
    Recently Published

    SUSE Enterprise Linux Security Update for cni-plugins (SUSE-SU-2023:2324-1)

    Severity
    Critical4
    Qualys ID
    754054
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2324-1
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for suse_enterprise_linux to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2324-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2324-1
  • QID: 754053
    Recently Published

    SUSE Enterprise Linux Security Update for cni (SUSE-SU-2023:2325-1)

    Severity
    Critical4
    Qualys ID
    754053
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2325-1
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for suse_enterprise_linux to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2325-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2325-1
  • CVE-2023-1523
    QID: 199381
    Recently Published

    Ubuntu Security Notification for snapd Vulnerability (USN-6125-1)

    Severity
    Critical4
    Qualys ID
    199381
    Date Published
    June 1, 2023
    Vendor Reference
    USN-6125-1
    CVE Reference
    CVE-2023-1523
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Ubuntu has released a security update for snapd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6125-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6125-1
  • CVE-2023-1668
    QID: 906924
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for openvswitch (26031-1)

    Severity
    Critical4
    Qualys ID
    906924
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26031-1
    CVE Reference
    CVE-2023-1668
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for openvswitch to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26031-1
  • CVE-2022-41704+
    QID: 199377
    Recently Published

    Ubuntu Security Notification for Apache Batik Vulnerabilities (USN-6117-1)

    Severity
    Critical4
    Qualys ID
    199377
    Date Published
    June 1, 2023
    Vendor Reference
    USN-6117-1
    CVE Reference
    CVE-2022-41704, CVE-2022-42890, CVE-2020-11987, CVE-2022-40146, CVE-2022-38398, CVE-2019-17566, CVE-2022-38648
    CVSS Scores
    Base 8.2 / Temporal 7.4
    Description
    Ubuntu has released a security update for apache to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6117-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6117-1
  • CVE-2023-2610
    QID: 906936
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (26652-1)

    Severity
    Critical4
    Qualys ID
    906936
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26652-1
    CVE Reference
    CVE-2023-2610
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26652-1
  • CVE-2023-29491
    QID: 906935
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (26241-1)

    Severity
    Critical4
    Qualys ID
    906935
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26241-1
    CVE Reference
    CVE-2023-29491
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ncurses to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26241-1
  • CVE-2023-31436
    QID: 906926
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (26668-1)

    Severity
    Critical4
    Qualys ID
    906926
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26668-1
    CVE Reference
    CVE-2023-31436
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for hyperv-daemons to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26668-1
  • CVE-2019-9210
    QID: 906916
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for advancecomp (6303-1)

    Severity
    Critical4
    Qualys ID
    906916
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_6303-1
    CVE Reference
    CVE-2019-9210
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for advancecomp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6303-1
  • CVE-2023-2609
    QID: 906911
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (26695-1)

    Severity
    Critical4
    Qualys ID
    906911
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26695-1
    CVE Reference
    CVE-2023-2609
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26695-1
  • CVE-2023-31436
    QID: 906909
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26391-1)

    Severity
    Critical4
    Qualys ID
    906909
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26391-1
    CVE Reference
    CVE-2023-31436
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26391-1
  • CVE-2023-30630
    QID: 906908
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for dmidecode (26138-1)

    Severity
    Critical4
    Qualys ID
    906908
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26138-1
    CVE Reference
    CVE-2023-30630
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for dmidecode to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26138-1
  • CVE-2023-2235
    QID: 906906
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26389-1)

    Severity
    Critical4
    Qualys ID
    906906
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26389-1
    CVE Reference
    CVE-2023-2235
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26389-1
  • CVE-2019-9210
    QID: 906905
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for advancecomp (7167-1)

    Severity
    Critical4
    Qualys ID
    906905
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_7167-1
    CVE Reference
    CVE-2019-9210
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for advancecomp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7167-1
  • CVE-2023-2008
    QID: 906901
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26280-1)

    Severity
    Critical4
    Qualys ID
    906901
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26280-1
    CVE Reference
    CVE-2023-2008
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26280-1
  • CVE-2023-2248
    QID: 906896
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26390-1)

    Severity
    Critical4
    Qualys ID
    906896
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26390-1
    CVE Reference
    CVE-2023-2248
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26390-1
  • CVE-2023-2609
    QID: 906893
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (26686-1)

    Severity
    Critical4
    Qualys ID
    906893
    Date Published
    June 1, 2023
    Vendor Reference
    26686-1
    CVE Reference
    CVE-2023-2609
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26686-1
  • CVE-2023-31436
    QID: 906892
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (26659-1)

    Severity
    Critical4
    Qualys ID
    906892
    Date Published
    June 1, 2023
    Vendor Reference
    26659-1
    CVE Reference
    CVE-2023-31436
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for hyperv-daemons to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26659-1
  • CVE-2021-46879
    QID: 906890
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for fluent-bit (26126-1)

    Severity
    Critical4
    Qualys ID
    906890
    Date Published
    June 1, 2023
    Vendor Reference
    26126-1
    CVE Reference
    CVE-2021-46879
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for fluent-bit to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26126-1
  • CVE-2023-2248
    QID: 906889
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26384-1)

    Severity
    Critical4
    Qualys ID
    906889
    Date Published
    June 1, 2023
    Vendor Reference
    26384-1
    CVE Reference
    CVE-2023-2248
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26384-1
  • CVE-2023-2610
    QID: 906887
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (26651-1)

    Severity
    Critical4
    Qualys ID
    906887
    Date Published
    June 1, 2023
    Vendor Reference
    26651-1
    CVE Reference
    CVE-2023-2610
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26651-1
  • CVE-2023-29491
    QID: 906885
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (26225-1)

    Severity
    Critical4
    Qualys ID
    906885
    Date Published
    June 1, 2023
    Vendor Reference
    26225-1
    CVE Reference
    CVE-2023-29491
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ncurses to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26225-1
  • CVE-2021-46878
    QID: 906882
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for fluent-bit (26125-1)

    Severity
    Critical4
    Qualys ID
    906882
    Date Published
    June 1, 2023
    Vendor Reference
    26125-1
    CVE Reference
    CVE-2021-46878
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for fluent-bit to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26125-1
  • CVE-2022-1705+
    QID: 754047
    Recently Published

    SUSE Enterprise Linux Security Update for go1.18-openssl (SUSE-SU-2023:2312-1)

    Severity
    Critical4
    Qualys ID
    754047
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2312-1
    CVE Reference
    CVE-2022-1705, CVE-2022-1962, CVE-2022-24675, CVE-2022-27536, CVE-2022-27664, CVE-2022-28131, CVE-2022-28327, CVE-2022-2879, CVE-2022-2880, CVE-2022-29526, CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30634, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189, CVE-2022-41715, CVE-2022-41716, CVE-2022-41717, CVE-2022-41720, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    SUSE has released a security update for go1.18-openssl to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2312-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2312-1
  • CVE-2023-1118+
    QID: 199376
    Recently Published

    Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-6118-1)

    Severity
    Critical4
    Qualys ID
    199376
    Date Published
    June 1, 2023
    Vendor Reference
    USN-6118-1
    CVE Reference
    CVE-2023-1118, CVE-2023-1078, CVE-2023-2162, CVE-2023-1075, CVE-2023-0459, CVE-2023-32269, CVE-2022-3707, CVE-2023-1513
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6118-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6118-1
  • CVE-2022-27406
    QID: 906934
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (26759-1)

    Severity
    Critical4
    Qualys ID
    906934
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26759-1
    CVE Reference
    CVE-2022-27406
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for qt5-qtbase to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26759-1
  • CVE-2023-2004
    QID: 906914
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (26140-1)

    Severity
    Critical4
    Qualys ID
    906914
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26140-1
    CVE Reference
    CVE-2023-2004
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for freetype to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26140-1
  • CVE-2023-22795
    QID: 906907
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ruby (13562-1)

    Severity
    Critical4
    Qualys ID
    906907
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_13562-1
    CVE Reference
    CVE-2023-22795
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ruby to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 13562-1
  • CVE-2023-24607
    QID: 906899
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (26048-1)

    Severity
    Critical4
    Qualys ID
    906899
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26048-1
    CVE Reference
    CVE-2023-24607
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for qt5-qtbase to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26048-1
  • CVE-2023-2004
    QID: 906891
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (26091-1)

    Severity
    Critical4
    Qualys ID
    906891
    Date Published
    June 1, 2023
    Vendor Reference
    26091-1
    CVE Reference
    CVE-2023-2004
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for freetype to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26091-1
  • CVE-2023-28709
    QID: 754057
    Recently Published

    SUSE Enterprise Linux Security Update for tomcat (SUSE-SU-2023:2318-1)

    Severity
    Critical4
    Qualys ID
    754057
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2318-1
    CVE Reference
    CVE-2023-28709
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for tomcat to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2318-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2318-1
  • CVE-2023-2650
    QID: 754052
    Recently Published

    SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 (OpenSSL-1_1) (SUSE-SU-2023:2327-1)

    Severity
    Critical4
    Qualys ID
    754052
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2327-1
    CVE Reference
    CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for openssl-1_1 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2327-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2327-1
  • CVE-2023-2650
    QID: 754051
    Recently Published

    SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_1 (OpenSSL-1_1 ) (SUSE-SU-2023:2328-1)

    Severity
    Critical4
    Qualys ID
    754051
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2328-1
    CVE Reference
    CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for openssl-1_1 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2328-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2328-1
  • CVE-2023-2650
    QID: 754050
    Recently Published

    SUSE Enterprise Linux Security Update for compat-openssl098 (SUSE-SU-2023:2329-1)

    Severity
    Critical4
    Qualys ID
    754050
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2329-1
    CVE Reference
    CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for compat-openssl098 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
    SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2329-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2329-1
  • CVE-2023-2650
    QID: 754049
    Recently Published

    SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_0_0 (OpenSSL-1_0_0) (SUSE-SU-2023:2330-1)

    Severity
    Critical4
    Qualys ID
    754049
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2330-1
    CVE Reference
    CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for openssl-1_0_0 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise Server 12 SP4|SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2330-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2330-1
  • CVE-2023-2650
    QID: 754048
    Recently Published

    SUSE Enterprise Linux Security Update for Open Secure Sockets Layer-1_0_0 (OpenSSL1_0_0)(SUSE-SU-2023:2331-1)

    Severity
    Critical4
    Qualys ID
    754048
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2331-1
    CVE Reference
    CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for openssl-1_0_0 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2331-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2331-1
  • CVE-2023-31124+
    QID: 754046
    Recently Published

    SUSE Enterprise Linux Security Update for c-ares (SUSE-SU-2023:2313-1)

    Severity
    Critical4
    Qualys ID
    754046
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2313-1
    CVE Reference
    CVE-2023-31124, CVE-2023-31130, CVE-2023-31147, CVE-2023-32067
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for c-ares to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP1|SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    SUSE Linux Enterprise Server 15 SP2|SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2313-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2313-1
  • CVE-2023-2650
    QID: 503025
    Recently Published

    Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)

    Severity
    Critical4
    Qualys ID
    503025
    Date Published
    June 1, 2023
    Vendor Reference
    openssl
    CVE Reference
    CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Alpine Linux has released a security update for openssl to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.17


    Affected Package versions prior to 3.0.9-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory openssl for updates and patch information.
    Patches
    Alpine Linux openssl-3.0.9-r0
  • CVE-2023-2650
    QID: 503024
    Recently Published

    Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)

    Severity
    Critical4
    Qualys ID
    503024
    Date Published
    June 1, 2023
    Vendor Reference
    openssl3
    CVE Reference
    CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Alpine Linux has released a security update for openssl3 to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.15
    Alpine Linux 3.16


    Affected Package versions prior to 3.0.9-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory openssl3 for updates and patch information.
    Patches
    Alpine Linux openssl3-3.0.9-r0
  • CVE-2023-2650
    QID: 503023
    Recently Published

    Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)

    Severity
    Critical4
    Qualys ID
    503023
    Date Published
    June 1, 2023
    Vendor Reference
    openssl
    CVE Reference
    CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Alpine Linux has released a security update for openssl to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.15
    Alpine Linux 3.16


    Affected Package versions prior to 1.1.1u-r0.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory openssl for updates and patch information.
    Patches
    Alpine Linux openssl-1.1.1u-r0
  • CVE-2023-0464+
    QID: 503022
    Recently Published

    Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)

    Severity
    Critical4
    Qualys ID
    503022
    Date Published
    June 1, 2023
    Vendor Reference
    openssl
    CVE Reference
    CVE-2023-0464, CVE-2023-0465
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Alpine Linux has released a security update for openssl to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.15


    Affected Package versions prior to 1.1.1t-r2.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory openssl for updates and patch information.
    Patches
    Alpine Linux openssl-1.1.1t-r2
  • CVE-2022-2989
    QID: 906919
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for podman (10964-1)

    Severity
    Critical4
    Qualys ID
    906919
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_10964-1
    CVE Reference
    CVE-2022-2989
    CVSS Scores
    Base 7.1 / Temporal 6.4
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for podman to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 10964-1
  • CVE-2023-20958
    QID: 906910
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtbase (26758-1)

    Severity
    Critical4
    Qualys ID
    906910
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26758-1
    CVE Reference
    CVE-2023-20958
    CVSS Scores
    Base 7.1 / Temporal 6.4
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for qt5-qtbase to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26758-1
  • CVE-2023-2006
    QID: 906933
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26376-1)

    Severity
    Critical4
    Qualys ID
    906933
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26376-1
    CVE Reference
    CVE-2023-2006
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26376-1
  • CVE-2023-1872
    QID: 906915
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26167-1)

    Severity
    Critical4
    Qualys ID
    906915
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26167-1
    CVE Reference
    CVE-2023-1872
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26167-1
  • CVE-2023-28327
    QID: 906900
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26339-1)

    Severity
    Critical4
    Qualys ID
    906900
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26339-1
    CVE Reference
    CVE-2023-28327
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26339-1
  • CVE-2022-41724
    QID: 770188
    Recently Published

    Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3303)

    Severity
    Serious3
    Qualys ID
    770188
    Date Published
    June 1, 2023
    Vendor Reference
    RHSA-2023:3303
    CVE Reference
    CVE-2022-41724
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.

    Security Fix(es):
    • golang: crypto/tls: large handshake records may cause panics (cve-2022-41724)

    Affected Products:

    • Red Hat openshift container platform 4.13 for rhel 9 x86_64
    • Red Hat openshift container platform 4.13 for rhel 8 x86_64
    • Red Hat openshift container platform for power 4.13 for rhel 9 ppc64le
    • Red Hat openshift container platform for power 4.13 for rhel 8 ppc64le
    • Red Hat openshift container platform for ibm z and linuxone 4.13 for rhel 9 s390x
    • Red Hat openshift container platform for ibm z and linuxone 4.13 for rhel 8 s390x
    • Red Hat openshift container platform for arm 64 4.13 for rhel 9 aarch64
    • Red Hat openshift container platform for arm 64 4.13 for rhel 8 aarch64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3303 for updates and patch information.
    Patches
    Red Hat Enterprise Linux CoreOS RHSA-2023:3303
  • CVE-2022-41724
    QID: 241562
    Recently Published

    Red Hat OpenShift Container Platform 4.13 Security Update (RHSA-2023:3303)

    Severity
    Serious3
    Qualys ID
    241562
    Date Published
    June 1, 2023
    Vendor Reference
    RHSA-2023:3303
    CVE Reference
    CVE-2022-41724
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Red hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments...Security Fix(es):
      golang: crypto/tls: large handshake records may cause panics (cve-2022-41724).
    Affected Products:
      Red Hat openshift container platform 4.13 for rhel 9 x86_64.
      Red hat openshift container platform 4.13 for rhel 8 x86_64.
      Red hat openshift container platform for power 4.13 for rhel 9 ppc64le.
      Red hat openshift container platform for power 4.13 for rhel 8 ppc64le.
      Red hat openshift container platform for ibm z and linuxone 4.13 for rhel 9 s390x.
      Red hat openshift container platform for ibm z and linuxone 4.13 for rhel 8 s390x.
      Red hat openshift container platform for arm 64 4.13 for rhel 9 aarch64.
      Red hat openshift container platform for arm 64 4.13 for rhel 8 aarch64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3303 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3303
  • CVE-2023-1255+
    QID: 199379
    Recently Published

    Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-6119-1)

    Severity
    Serious3
    Qualys ID
    199379
    Date Published
    June 1, 2023
    Vendor Reference
    USN-6119-1
    CVE Reference
    CVE-2023-1255, CVE-2023-2650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for openssl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6119-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6119-1
  • CVE-2023-0361
    QID: 241563
    Recently Published

    Red Hat Update for gnutls (RHSA-2023:3361)

    Severity
    Serious3
    Qualys ID
    241563
    Date Published
    June 1, 2023
    Vendor Reference
    RHSA-2023:3361
    CVE Reference
    CVE-2023-0361
    CVSS Scores
    Base 7.4 / Temporal 6.7
    Description
    The gnutls packages provide the gnu transport layer security (gnutls) library, which implements cryptographic algorithms and protocols such as ssl, tls, and dtls...Security Fix(es):
      gnutls: timing side-channel in the tls rsa key exchange code (cve-2023-0361).
    Affected Products:
      Red Hat enterprise linux for x86_64 - extended update support 8.6 x86_64.
      Red hat enterprise linux server - aus 8.6 x86_64.
      Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x.
      Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le.
      Red hat enterprise linux server - tus 8.6 x86_64.
      Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64.
      Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le.
      Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
    .

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3361 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3361
  • CVE-2023-2194
    QID: 906918
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26317-1)

    Severity
    Serious3
    Qualys ID
    906918
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26317-1
    CVE Reference
    CVE-2023-2194
    CVSS Scores
    Base 6.7 / Temporal 5.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26317-1
  • CVE-2023-2513
    QID: 906884
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (26681-1)

    Severity
    Serious3
    Qualys ID
    906884
    Date Published
    June 1, 2023
    Vendor Reference
    26681-1
    CVE Reference
    CVE-2023-2513
    CVSS Scores
    Base 6.7 / Temporal 5.8
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for hyperv-daemons to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26681-1
  • CVE-2023-32573
    QID: 906917
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (26670-1)

    Severity
    Serious3
    Qualys ID
    906917
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26670-1
    CVE Reference
    CVE-2023-32573
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for qt5-qtsvg to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26670-1
  • CVE-2023-28856
    QID: 906904
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for redis (26290-1)

    Severity
    Serious3
    Qualys ID
    906904
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26290-1
    CVE Reference
    CVE-2023-28856
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for redis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26290-1
  • CVE-2023-28856
    QID: 906881
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for redis (26267-1)

    Severity
    Serious3
    Qualys ID
    906881
    Date Published
    June 1, 2023
    Vendor Reference
    26267-1
    CVE Reference
    CVE-2023-28856
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for redis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26267-1
  • CVE-2023-30772
    QID: 906929
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26308-1)

    Severity
    Serious3
    Qualys ID
    906929
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26308-1
    CVE Reference
    CVE-2023-30772
    CVSS Scores
    Base 6.4 / Temporal 5.6
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26308-1
  • CVE-2023-30772
    QID: 906886
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26309-1)

    Severity
    Serious3
    Qualys ID
    906886
    Date Published
    June 1, 2023
    Vendor Reference
    26309-1
    CVE Reference
    CVE-2023-30772
    CVSS Scores
    Base 6.4 / Temporal 5.6
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26309-1
  • CVE-2023-1998
    QID: 906902
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26368-1)

    Severity
    Serious3
    Qualys ID
    906902
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26368-1
    CVE Reference
    CVE-2023-1998
    CVSS Scores
    Base 5.6 / Temporal 5.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26368-1
  • CVE-2023-1998
    QID: 906894
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26372-1)

    Severity
    Serious3
    Qualys ID
    906894
    Date Published
    June 1, 2023
    Vendor Reference
    26372-1
    CVE Reference
    CVE-2023-1998
    CVSS Scores
    Base 5.6 / Temporal 5.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26372-1
  • CVE-2023-23005
    QID: 906932
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (25609-1)

    Severity
    Serious3
    Qualys ID
    906932
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_25609-1
    CVE Reference
    CVE-2023-23005
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 25609-1
  • CVE-2023-23000
    QID: 906927
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for hyperv-daemons (25901-1)

    Severity
    Serious3
    Qualys ID
    906927
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_25901-1
    CVE Reference
    CVE-2023-23000
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for hyperv-daemons to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 25901-1
  • CVE-2023-2162
    QID: 906923
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26341-1)

    Severity
    Serious3
    Qualys ID
    906923
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26341-1
    CVE Reference
    CVE-2023-2162
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26341-1
  • CVE-2023-2177
    QID: 906922
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26316-1)

    Severity
    Serious3
    Qualys ID
    906922
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26316-1
    CVE Reference
    CVE-2023-2177
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26316-1
  • CVE-2023-28328
    QID: 906920
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26338-1)

    Severity
    Serious3
    Qualys ID
    906920
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26338-1
    CVE Reference
    CVE-2023-28328
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26338-1
  • CVE-2023-22997
    QID: 906913
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (13824-1)

    Severity
    Serious3
    Qualys ID
    906913
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_13824-1
    CVE Reference
    CVE-2023-22997
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 13824-1
  • CVE-2023-2166
    QID: 906912
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26340-1)

    Severity
    Serious3
    Qualys ID
    906912
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26340-1
    CVE Reference
    CVE-2023-2166
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26340-1
  • CVE-2023-28425
    QID: 906897
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for redis (25674-1)

    Severity
    Serious3
    Qualys ID
    906897
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_25674-1
    CVE Reference
    CVE-2023-28425
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for redis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 25674-1
  • CVE-2023-2426
    QID: 906895
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (26394-1)

    Severity
    Serious3
    Qualys ID
    906895
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26394-1
    CVE Reference
    CVE-2023-2426
    CVSS Scores
    Base 5.5 / Temporal 5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26394-1
  • CVE-2023-2426
    QID: 906888
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (26403-1)

    Severity
    Serious3
    Qualys ID
    906888
    Date Published
    June 1, 2023
    Vendor Reference
    26403-1
    CVE Reference
    CVE-2023-2426
    CVSS Scores
    Base 5.5 / Temporal 5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26403-1
  • CVE-2020-0470
    QID: 754058
    Recently Published

    SUSE Enterprise Linux Security Update for libaom (SUSE-SU-2023:2314-1)

    Severity
    Serious3
    Qualys ID
    754058
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2314-1
    CVE Reference
    CVE-2020-0470
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    SUSE has released a security update for libaom to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2314-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2314-1
  • CVE-2023-0795+
    QID: 754055
    Recently Published

    SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2023:2321-1)

    Severity
    Serious3
    Qualys ID
    754055
    Date Published
    June 1, 2023
    Vendor Reference
    SUSE-SU-2023:2321-1
    CVE Reference
    CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804
    CVSS Scores
    Base 5.5 / Temporal 5
    Description
    SUSE has released a security update for tiff to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5|SUSE Linux Enterprise Server for SAP Applications 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2321-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2321-1
  • CVE-2023-22504
    QID: 730814
    In Development

    Atlassian Confluence Server Allowing Users with Read Access To Upload Attachment (CONFSERVER-83218)

    Severity
    Medium2
    Qualys ID
    730814
    Vendor Reference
    CONFSERVER-83218
    CVE Reference
    CVE-2023-22504
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Confluence is team collaboration software written in Java.



    Affected version:
    PLEASE FILL THE AFFECTED VERSIONS MANUALLY


    QID Detection Logic:(Unauthenticated)
    It checks for vulnerable version of Atlassian Confluence Server.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Customers are advised to refer to CONFSERVER-83218 for updates pertaining to this vulnerability.
    Patches
    CONFSERVER-83218
  • CVE-2023-21830+
    QID: 378541
    In Development

    IBM WebSphere Application Server Multiple Vulnerabilities (6980375)

    Severity
    Medium2
    Qualys ID
    378541
    Vendor Reference
    6980375
    CVE Reference
    CVE-2023-21830, CVE-2022-21426
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denial of service resulting in a low integrity impact using unknown attack vectors.

    An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.

    Affected Versions:
    WebSphere Application Server 8.5.0.0 through 8.5.5.23

    QID Detection Logic (Authenticated):
    This QID checks for the vulnerable version of IBM WebSphere Application Server and checks if the patches are installed or not.

    Consequence
    Successful exploitation could allow denial of service resulting in a low integrity impact using unknown attack vectors

    Solution
    The vendor has released patches. Please visit IBM WebSphere Application Server(6980375) for more information.
    Patches
    6980375
  • CVE-2023-0458
    QID: 906930
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26415-1)

    Severity
    Medium2
    Qualys ID
    906930
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26415-1
    CVE Reference
    CVE-2023-0458
    CVSS Scores
    Base 4.7 / Temporal 4.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26415-1
  • CVE-2023-1382
    QID: 906898
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26315-1)

    Severity
    Medium2
    Qualys ID
    906898
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26315-1
    CVE Reference
    CVE-2023-1382
    CVSS Scores
    Base 4.7 / Temporal 4.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26315-1
  • CVE-2023-0458
    QID: 906883
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26412-1)

    Severity
    Medium2
    Qualys ID
    906883
    Date Published
    June 1, 2023
    Vendor Reference
    26412-1
    CVE Reference
    CVE-2023-0458
    CVSS Scores
    Base 4.7 / Temporal 4.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases

    Patches
    CBL-Mariner Linux 26412-1
  • CVE-2023-2019
    QID: 906931
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (26378-1)

    Severity
    Medium2
    Qualys ID
    906931
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_26378-1
    CVE Reference
    CVE-2023-2019
    CVSS Scores
    Base 4.4 / Temporal 3.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 26378-1
  • CVE-2023-27477
    QID: 906925
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for rust (25857-1)

    Severity
    Medium2
    Qualys ID
    906925
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_25857-1
    CVE Reference
    CVE-2023-27477
    CVSS Scores
    Base 4.3 / Temporal 3.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for rust to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 25857-1
  • CVE-2020-28613+
    QID: 710741
    Recently Published

    Gentoo Linux CGAL Multiple Vulnerabilities (GLSA 202305-34)

    Severity
    Urgent5
    Qualys ID
    710741
    Date Published
    June 1, 2023
    Vendor Reference
    GLSA 202305-34
    CVE Reference
    CVE-2020-28613, CVE-2020-28619, CVE-2020-28611, CVE-2020-28614, CVE-2020-35633, CVE-2020-35629, CVE-2020-28604, CVE-2020-28606, CVE-2020-28620, CVE-2020-28615, CVE-2020-28625, CVE-2020-28631, CVE-2020-35635, CVE-2020-35636, CVE-2020-28617, CVE-2020-28608, CVE-2020-35631, CVE-2020-28629, CVE-2020-28602, CVE-2020-28633, CVE-2020-28636, CVE-2020-28603, CVE-2020-28610, CVE-2020-28605, CVE-2020-28627, CVE-2020-35634, CVE-2020-28607, CVE-2020-35632, CVE-2020-28623, CVE-2020-35630, CVE-2020-28635, CVE-2020-28634, CVE-2020-35628, CVE-2020-28601, CVE-2020-28621, CVE-2020-28624, CVE-2020-28630, CVE-2020-28622, CVE-2020-28618, CVE-2020-28632, CVE-2020-28628, CVE-2020-28616, CVE-2020-28626, CVE-2020-28612
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    Gentoo has released a security update for cgal to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202305-34 for updates and patch information.
    Patches
    Gentoo GLSA 202305-34
  • CVE-2022-43592+
    QID: 710740
    Recently Published

    Gentoo Linux OpenImageIO Multiple Vulnerabilities (GLSA 202305-33)

    Severity
    Urgent5
    Qualys ID
    710740
    Date Published
    June 1, 2023
    Vendor Reference
    GLSA 202305-33
    CVE Reference
    CVE-2022-43592, CVE-2022-41981, CVE-2022-43597, CVE-2022-43602, CVE-2022-43598, CVE-2022-36354, CVE-2022-43596, CVE-2022-41977, CVE-2022-43593, CVE-2022-41999, CVE-2022-43594, CVE-2022-38143, CVE-2022-43600, CVE-2022-43599, CVE-2022-41794, CVE-2022-43601, CVE-2022-41649, CVE-2022-41837, CVE-2022-41988, CVE-2022-43595, CVE-2022-41838, CVE-2022-4198, CVE-2022-41639, CVE-2022-43603, CVE-2022-41684
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    Gentoo has released a security update for openimageio to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202305-33 for updates and patch information.
    Patches
    Gentoo GLSA 202305-33
  • CVE-2021-4008+
    QID: 710738
    Recently Published

    Gentoo Linux X.Org X server, XWayland Multiple Vulnerabilities (GLSA 202305-30)

    Severity
    Critical4
    Qualys ID
    710738
    Date Published
    June 1, 2023
    Vendor Reference
    GLSA 202305-30
    CVE Reference
    CVE-2021-4008, CVE-2022-3550, CVE-2022-46283, CVE-2022-46342, CVE-2022-4283, CVE-2022-46344, CVE-2023-1393, CVE-2021-4010, CVE-2022-3553, CVE-2021-4009, CVE-2023-0494, CVE-2022-46343, CVE-2022-46341, CVE-2022-3551, CVE-2022-46340, CVE-2021-4011
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Gentoo has released a security update for x.org x server, xwayland to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202305-30 for updates and patch information.
    Patches
    Gentoo GLSA 202305-30
  • CVE-2022-42852+
    QID: 710737
    Recently Published

    Gentoo Linux WebKitGTK+ Multiple Vulnerabilities (GLSA 202305-32)

    Severity
    Critical4
    Qualys ID
    710737
    Date Published
    June 1, 2023
    Vendor Reference
    GLSA 202305-32
    CVE Reference
    CVE-2022-42852, CVE-2023-27932, CVE-2022-42867, CVE-2022-42863, CVE-2023-25358, CVE-2022-42856, CVE-2022-46699, CVE-2023-23518, CVE-2022-46692, CVE-2022-42823, CVE-2022-46698, CVE-2022-32923, CVE-2022-46700, CVE-2022-42824, CVE-2023-25360, CVE-2023-25362, CVE-2022-32888, CVE-2022-46691, CVE-2022-42826, CVE-2023-28205, CVE-2022-32891, CVE-2022-42799, CVE-2023-23517, CVE-2023-25361, CVE-2022-32885, CVE-2023-25363, CVE-2023-27954, CVE-2023-23529, CVE-2022-32886
    CVSS Scores
    Base 8.8 / Temporal 8.2
    Description
    Gentoo has released a security update for webkitgtk+ to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202305-32 for updates and patch information.
    Patches
    Gentoo GLSA 202305-32
  • CVE-2023-25752+
    QID: 710735
    Recently Published

    Gentoo Linux Mozilla Thunderbird Multiple Vulnerabilities (GLSA 202305-36)

    Severity
    Critical4
    Qualys ID
    710735
    Date Published
    June 1, 2023
    Vendor Reference
    GLSA 202305-36
    CVE Reference
    CVE-2023-25752, CVE-2023-29536, CVE-2023-25738, CVE-2023-25730, CVE-2023-29548, CVE-2023-25739, CVE-2023-0767, CVE-2023-25734, CVE-2023-0616, CVE-2023-25740, CVE-2023-1999, CVE-2023-28163, CVE-2023-29541, CVE-2023-1945, CVE-2023-28162, CVE-2023-25729, CVE-2023-25743, CVE-2023-25746, CVE-2023-28427, CVE-2023-25745, CVE-2023-29533, CVE-2023-25751, CVE-2023-25742, CVE-2023-25735, CVE-2023-28164, CVE-2023-29539, CVE-2023-25744, CVE-2023-29535, CVE-2023-29550, CVE-2023-25732, CVE-2023-25741, CVE-2023-25737, CVE-2023-25728, CVE-2023-28176
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description
    Gentoo has released a security update for mozilla thunderbird to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202305-36 for updates and patch information.
    Patches
    Gentoo GLSA 202305-36
  • CVE-2021-41072+
    QID: 710736
    Recently Published

    Gentoo Linux squashfs-tools Multiple Vulnerabilities (GLSA 202305-29)

    Severity
    Critical4
    Qualys ID
    710736
    Date Published
    June 1, 2023
    Vendor Reference
    GLSA 202305-29
    CVE Reference
    CVE-2021-41072, CVE-2021-40153
    CVSS Scores
    Base 8.1 / Temporal 7.3
    Description
    Gentoo has released a security update for squashfs-tools to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202305-29 for updates and patch information.
    Patches
    Gentoo GLSA 202305-29
  • CVE-2023-22490+
    QID: 378539
    Recently Published

    Alibaba Cloud Linux Security Update for git (ALINUX3-SA-2023:0047)

    Severity
    Critical4
    Qualys ID
    378539
    Date Published
    June 1, 2023
    Vendor Reference
    ALINUX3-SA-2023:0047
    CVE Reference
    CVE-2023-22490, CVE-2023-23946, CVE-2023-25815, CVE-2023-25652, CVE-2023-29007
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Alibaba Cloud Linux has released a security update for git to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Alibaba Cloud Linux security advisory ALINUX3-SA-2023:0047 for updates and patch information.
    Patches
    Alibaba Cloud Linux ALINUX3-SA-2023:0047
  • CVE-2023-26545+
    QID: 378537
    Recently Published

    Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0048)

    Severity
    Critical4
    Qualys ID
    378537
    Date Published
    June 1, 2023
    Vendor Reference
    ALINUX3-SA-2023:0048
    CVE Reference
    CVE-2023-26545, CVE-2023-1075, CVE-2023-30456, CVE-2023-0386, CVE-2022-47929, CVE-2023-1380, CVE-2023-28466, CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Alibaba Cloud Linux has released a security update for cloud-kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Alibaba Cloud Linux security advisory ALINUX3-SA-2023:0048 for updates and patch information.
    Patches
    Alibaba Cloud Linux ALINUX3-SA-2023:0048
  • CVE-2023-25652+
    QID: 378536
    Recently Published

    Alibaba Cloud Linux Security Update for git (ALINUX2-SA-2023:0024)

    Severity
    Critical4
    Qualys ID
    378536
    Date Published
    June 1, 2023
    Vendor Reference
    ALINUX2-SA-2023:0024
    CVE Reference
    CVE-2023-25652, CVE-2023-29007
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Alibaba Cloud Linux has released a security update for git to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Alibaba Cloud Linux security advisory ALINUX2-SA-2023:0024 for updates and patch information.
    Patches
    Alibaba Cloud Linux ALINUX2-SA-2023:0024
  • CVE-2023-32233
    QID: 378535
    Recently Published

    Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0025)

    Severity
    Critical4
    Qualys ID
    378535
    Date Published
    June 1, 2023
    Vendor Reference
    ALINUX2-SA-2023:0025
    CVE Reference
    CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Alibaba Cloud Linux has released a security update for cloud-kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Alibaba Cloud Linux security advisory ALINUX2-SA-2023:0025 for updates and patch information.
    Patches
    Alibaba Cloud Linux ALINUX2-SA-2023:0025
  • CVE-2023-32700
    QID: 199373
    Recently Published

    Ubuntu Security Notification for TeX Live Vulnerability (USN-6115-1)

    Severity
    Critical4
    Qualys ID
    199373
    Date Published
    June 1, 2023
    Vendor Reference
    USN-6115-1
    CVE Reference
    CVE-2023-32700
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Ubuntu has released a security update for tex to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6115-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6115-1
  • CVE-2022-29167
    QID: 199372
    Recently Published

    Ubuntu Security Notification for hawk Vulnerability (USN-6116-1)

    Severity
    Critical4
    Qualys ID
    199372
    Date Published
    June 1, 2023
    Vendor Reference
    USN-6116-1
    CVE Reference
    CVE-2022-29167
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for hawk to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6116-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6116-1
  • CVE-2021-3803
    QID: 199371
    Recently Published

    Ubuntu Security Notification for nth-check Vulnerability (USN-6114-1)

    Severity
    Critical4
    Qualys ID
    199371
    Date Published
    June 1, 2023
    Vendor Reference
    USN-6114-1
    CVE Reference
    CVE-2021-3803
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    Ubuntu has released a security update for nth-check to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6114-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6114-1
  • CVE-2022-25147
    QID: 378538
    Recently Published

    Alibaba Cloud Linux Security Update for apr-util (ALINUX3-SA-2023:0046)

    Severity
    Critical4
    Qualys ID
    378538
    Date Published
    June 1, 2023
    Vendor Reference
    ALINUX3-SA-2023:0046
    CVE Reference
    CVE-2022-25147
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Alibaba Cloud Linux has released a security update for apr-util to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Alibaba Cloud Linux security advisory ALINUX3-SA-2023:0046 for updates and patch information.
    Patches
    Alibaba Cloud Linux ALINUX3-SA-2023:0046
  • CVE-2023-0795+
    QID: 710734
    Recently Published

    Gentoo Linux LibTIFF Multiple Vulnerabilities (GLSA 202305-31)

    Severity
    Serious3
    Qualys ID
    710734
    Date Published
    June 1, 2023
    Vendor Reference
    GLSA 202305-31
    CVE Reference
    CVE-2023-0795, CVE-2023-0800, CVE-2023-0797, CVE-2023-0802, CVE-2023-0804, CVE-2022-48281, CVE-2023-0799, CVE-2023-0803, CVE-2023-0801, CVE-2023-0796, CVE-2023-0798
    CVSS Scores
    Base 5.5 / Temporal 5
    Description
    Gentoo has released a security update for libtiff to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Gentoo security advisory GLSA 202305-31 for updates and patch information.
    Patches
    Gentoo GLSA 202305-31
  • CVE-2023-22490+
    QID: 960936
    Recently Published

    Rocky Linux Security Update for git (RLSA-2023:3246)

    Severity
    Critical4
    Qualys ID
    960936
    Date Published
    June 1, 2023
    Vendor Reference
    RLSA-2023:3246
    CVE Reference
    CVE-2023-22490, CVE-2023-29007, CVE-2023-25652, CVE-2023-25815, CVE-2023-23946
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Rocky Linux has released a security update for git to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2023:3246 for updates and patch information.
    Patches
    RockyLinux RLSA-2023:3246
  • CVE-2022-40707+
    QID: 378531
    Recently Published

    Trend Micro Deep Security 20 and Cloud One Local Privilege Escalation Vulnerability

    Severity
    Serious3
    Qualys ID
    378531
    Date Published
    June 1, 2023
    Vendor Reference
    000291590
    CVE Reference
    CVE-2022-40707, CVE-2022-40708, CVE-2022-40709, CVE-2022-40710
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Trend Micro Deep Security provides advanced server security for physical, virtual, and cloud servers. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching.

    CVE-2022-40710: A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations.

    CVE-2022-40707 through 2022-40709: Out-of-bounds read vulnerabilities in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations.

    Affected versions:
    Versions 20 of the Trend Micro Deep Security Agent for Windows only.
    QID Detection Logic(Authenticated):
    This QID checks for vulnerable version of Trend Micro Deep Security Agent by checking the file version

    Consequence
    On successful exploitation the attacker may be able to elevate the privileges impacting confidentiality, integrity, and availability.
    Solution
    Upgrade Trend Micro Deep Security Agent to latest version. For further details refer to Trend Micro's Security Advisory . You can download the latest version from Trend Micro's Deep Security .
    Patches
    000291590
  • CVE-2023-24538
    QID: 906880
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (25992-1)

    Severity
    Urgent5
    Qualys ID
    906880
    Date Published
    June 1, 2023
    Vendor Reference
    Mariner_2.0_25992-1
    CVE Reference
    CVE-2023-24538
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 25992-1
  • QID: 106126
    Recently Published

    EOL/Obsolete Software: Node.js v0.12.x Detected

    Severity
    Urgent5
    Qualys ID
    106126
    Date Published
    June 1, 2023
    Vendor Reference
    nodejs
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside of a web browser.
    According to Node.js Released page Node.js v0.12.x is no longer supported from 2016-12-31 and will not be getting regular patches.

    QID Detection: (Authenticated) - Linux
    This QID executes the commands "npm version | grep -i node | head -1;npm config get prefix" and checks the version. Also, it checks the node.js version by checking the node binary for the underlying version.

    Consequence
    The system is at high risk of being exposed to security vulnerabilities because the vendor no longer provides updates.

    Solution

    Update to the latest version of Node.js.

  • QID: 106124
    Recently Published

    EOL/Obsolete Software: Node.js 17.x Detected

    Severity
    Urgent5
    Qualys ID
    106124
    Date Published
    June 1, 2023
    Vendor Reference
    nodejs
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside of a web browser.
    According to Node.js Released page Node.js 17.x is no longer supported from 2022-06-01 and will not be getting regular patches.

    QID Detection: (Authenticated) - Linux
    This QID executes the commands "npm version | grep -i node | head -1;npm config get prefix" and checks the version. Also, it checks the node.js version by checking the node binary for the underlying version.

    Consequence
    The system is at high risk of being exposed to security vulnerabilities because the vendor no longer provides updates.

    Solution

    Update to the latest version of Node.js.

  • QID: 106123
    Recently Published

    EOL/Obsolete Software: Node.js 15.x Detected

    Severity
    Urgent5
    Qualys ID
    106123
    Date Published
    June 1, 2023
    Vendor Reference
    nodejs
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside of a web browser.
    According to Node.js Released page Node.js 15.x is no longer supported from 2021-06-01 and will not be getting regular patches.

    QID Detection: (Authenticated) - Linux
    This QID executes the commands "npm version | grep -i node | head -1;npm config get prefix" and checks the version. Also, it checks the node.js version by checking the node binary for the underlying version.

    Consequence
    The system is at high risk of being exposed to security vulnerabilities because the vendor no longer provides updates.

    Solution

    Update to the latest version of Node.js.

  • QID: 106127
    Recently Published

    EOL/Obsolete Software: Node.js v0.10.x Detected

    Severity
    Urgent5
    Qualys ID
    106127
    Date Published
    June 1, 2023
    Vendor Reference
    nodejs
    CVSS Scores
    Base 10 / Temporal 9.1
    Description
    Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside of a web browser.
    According to Node.js Released page Node.js v0.10.x is no longer supported from 2016-10-31 and will not be getting regular patches.

    QID Detection: (Authenticated) - Linux
    This QID executes the commands "npm version | grep -i node | head -1;npm config get prefix" and checks the version. Also, it checks the node.js version by checking the node binary for the underlying version.

    Consequence
    The system is at high risk of being exposed to security vulnerabilities because the vendor no longer provides updates.

    Solution

    Update to the latest version of Node.js.

  • CVE-2020-27507
    QID: 181813
    Recently Published

    Debian Security Update for kamailio (DLA 3438-1)

    Severity
    Urgent5
    Qualys ID
    181813
    Date Published
    May 31, 2023
    Vendor Reference
    DLA 3438-1
    CVE Reference
    CVE-2020-27507
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    Debian has released a security update for kamailio to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3438-1 for updates and patch information.
    Patches
    Debian DLA 3438-1
  • CVE-2023-2940+
    QID: 378540
    Recently Published

    Google Chrome Prior to 114.0.5735.90 Multiple Vulnerabilities

    Severity
    Critical4
    Qualys ID
    378540
    Date Published
    May 31, 2023
    Vendor Reference
    Google Chrome 114.0.5735.90
    CVE Reference
    CVE-2023-2940, CVE-2023-2931, CVE-2023-2932, CVE-2023-2934, CVE-2023-2937, CVE-2023-2933, CVE-2023-2936, CVE-2023-2935, CVE-2023-2930, CVE-2023-2938, CVE-2023-2941, CVE-2023-2929, CVE-2023-2939
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Chrome has released security updates for Windows, Mac, and Linux to fix the vulnerabilities.


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Chrome security advisory 114.0.5735.90 for updates and patch information.
    Patches
    Google Chrome 114.0.5735.90
  • CVE-2023-29550+
    QID: 199378
    Recently Published

    Ubuntu Security Notification for SpiderMonkey Vulnerabilities (USN-6120-1)

    Severity
    Critical4
    Qualys ID
    199378
    Date Published
    May 31, 2023
    Vendor Reference
    USN-6120-1
    CVE Reference
    CVE-2023-29550, CVE-2023-32215, CVE-2023-25739, CVE-2023-32211, CVE-2023-25751, CVE-2023-29548, CVE-2023-29535, CVE-2023-25735, CVE-2023-29536
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Ubuntu has released a security update for spidermonkey to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6120-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6120-1
  • CVE-2023-32233
    QID: 241561
    Recently Published

    Red Hat Update for kernel-rt (RHSA-2023:3350)

    Severity
    Critical4
    Qualys ID
    241561
    Date Published
    May 31, 2023
    Vendor Reference
    RHSA-2023:3350
    CVE Reference
    CVE-2023-32233
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Red Hat has released a security update for kernel-rt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2023:3350 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2023:3350
  • CVE-2022-4139+
    QID: 199380
    Recently Published

    Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6124-1)

    Severity
    Critical4
    Qualys ID
    199380
    Date Published
    May 31, 2023
    Vendor Reference
    USN-6124-1
    CVE Reference
    CVE-2022-4139, CVE-2023-32233, CVE-2022-3586, CVE-2023-2612, CVE-2023-1670, CVE-2023-30456
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6124-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6124-1
  • CVE-2023-32233+
    QID: 199375
    Recently Published

    Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6123-1)

    Severity
    Critical4
    Qualys ID
    199375
    Date Published
    May 31, 2023
    Vendor Reference
    USN-6123-1
    CVE Reference
    CVE-2023-32233, CVE-2023-2612, CVE-2023-1670, CVE-2023-26606, CVE-2023-30456
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6123-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6123-1
  • CVE-2023-32233+
    QID: 199374
    Recently Published

    Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6122-1)

    Severity
    Critical4
    Qualys ID
    199374
    Date Published
    May 31, 2023
    Vendor Reference
    USN-6122-1
    CVE Reference
    CVE-2023-32233, CVE-2023-2612
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6122-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6122-1
  • CVE-2023-28488
    QID: 181814
    Recently Published

    Debian Security Update for connman (DSA 5416-1)

    Severity
    Serious3
    Qualys ID
    181814
    Date Published
    May 31, 2023
    Vendor Reference
    DSA 5416-1
    CVE Reference
    CVE-2023-28488
    CVSS Scores
    Base 6.5 / Temporal 5.9
    Description
    Debian has released a security update for connman to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5416-1 for updates and patch information.
    Patches
    Debian DSA 5416-1
  • CVE-2022-35843
    QID: 44037
    Recently Published

    FortiOS SSH Authentication Bypass Vulnerability (FG-IR-22-255) (Unauthenticated check)

    Severity
    Critical4
    Qualys ID
    44037
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-255
    CVE Reference
    CVE-2022-35843
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. Affected Versions:
    FortiOS version 7.2.0 through 7.2.1
    FortiOS version 7.0.0 through 7.0.7
    FortiOS version 6.4.0 through 6.4.9
    FortiOS version 6.2 through 6.2.12

    QID Detection Logic (UnAuthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation of the vulnerability may allow Improper access control.

    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-255
    Patches
    FG-IR-22-255
  • CVE-2022-42476
    QID: 44058
    Recently Published

    FortiOS Path Traversal Vulnerability (FG-IR-22-401) (Unauthenticated Check)

    Severity
    Critical4
    Qualys ID
    44058
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-401
    CVE Reference
    CVE-2022-42476
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description
    A relative path traversal vulnerability [CWE-23] in FortiOS and FortiProxy may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

    Affected Versions:
    FortiOS version 7.2.0 through 7.2.3
    FortiOS version 7.0.0 through 7.0.8
    FortiOS version 6.4.0 through 6.4.11
    FortiOS version 6.2.0 through 6.2.12

    QID Detection Logic (unauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable OS may allow privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.

    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-401
    Patches
    FG-IR-22-401
  • CVE-2022-41335
    QID: 44040
    Recently Published

    Fortinet FortiOS Authenticated Path Traversal Vulnerability (FG-IR-22-391) (Unauthenticated Check)

    Severity
    Critical4
    Qualys ID
    44040
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-391
    CVE Reference
    CVE-2022-41335
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Fortinet FortiOS versions is vulnerable to path traversal vulnerability.

    Affected Versions:
    FortiOS version 7.2.0 through 7.2.2
    FortiOS version 7.0.0 through 7.0.8
    FortiOS version 6.4.0 through 6.4.10
    FortiOS version 6.2.0 through 6.2.12

    QID Detection Logic (Unauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation of the vulnerability may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests.

    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-363
    Patches
    FG-IR-22-363
  • CVE-2021-44171
    QID: 44046
    Recently Published

    FortiOS - Privilege Escalation Vulnerability via switch-control CLI command (FG-IR-21-242) (Unauthenticated Check)

    Severity
    Critical4
    Qualys ID
    44046
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-242
    CVE Reference
    CVE-2021-44171
    CVSS Scores
    Base 8 / Temporal 7
    Description
    An improper neutralization of special elements used in an OS command (OS Command Injection) vulnerability [CWE-78] in FortiOS may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.

    Affected Products

    FortiOS version 6.0.0 through 6.0.14
    FortiOS version 6.4.0 through 6.4.8
    FortiOS version 6.2.0 through 6.2.10
    FortiOS version 7.0.0 through 7.0.3

    QID Detection Logic (Unauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable version may allow an authenticated attacker to execute privileged commands on a linked FortiSwitch via diagnose system CLI commands

    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-21-242

    Patches
    FG-IR-21-242
  • CVE-2020-8741+
    QID: 378534
    In Development

    Dell Client Security Update for Intel Driver Vulnerabilities (DSA-2021-237)

    Severity
    Critical4
    Qualys ID
    378534
    Vendor Reference
    dsa-2021-237
    CVE Reference
    CVE-2020-8741, CVE-2021-0110
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Dell has released an advisory to address CVE-2020-8741 and CVE-2021-0110 CVE-2020-8741: Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

    CVE-2021-0110: Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers may allow unauthenticated user to potentially enable denial of service via local access.

    Affected Products:
    Dell Latitude 5420 Prior to Driver Version 1.41.1193.0

    Note: This QID only covers Dell Latitude 5420 Model

    QID Detection Logic
    : This QID checks if Vulnerable version of driver installed on windows system.

    Consequence
    Successful exploitation may allow an authenticated user to potentially enable escalation of privilege via local access.

    Solution
    Customers are recommended to update bios firmware. Refer to dsa-2021-237 for driver updates.
    Patches
    dsa-2021-237
  • CVE-2022-35842
    QID: 44045
    Recently Published

    FortiOS - Telnet on the SSL-Virtual Private Network (VPN) Interface results in Information Leak Vulnerability (FG-IR-22-223) (Unauthenticated Check)

    Severity
    Critical4
    Qualys ID
    44045
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-223
    CVE Reference
    CVE-2022-35842
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to gain information about LDAP and SAML settings configured in FortiOS.

    Affected Products:
    FortiOS version 7.2.0
    FortiOS version 7.0.0 through 7.0.6
    FortiOS version 6.4.0 through 6.4.9

    QID Detection Logic (Unauthenticated):
    Detection checks for vulnerable versions of FortiOS.

    Consequence
    Successful exploitation of the vulnerability may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests.

    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-363
    Patches
    FG-IR-22-363
  • CVE-2023-24329
    QID: 284004
    Recently Published

    Fedora Security Update for python2.7 (FEDORA-2023-953c2607d8)

    Severity
    Critical4
    Qualys ID
    284004
    Date Published
    May 31, 2023
    Vendor Reference
    FEDORA-2023-953c2607d8
    CVE Reference
    CVE-2023-24329
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    Fedora has released a security update for python2.7 to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-953c2607d8
  • CVE-2022-39948
    QID: 44042
    Recently Published

    Fortinet FortiGate FortiOS Man-in-the-Middle (MITM) Attack Vulnerability (FG-IR-22-257) (Unauthenticated Check)

    Severity
    Critical4
    Qualys ID
    44042
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-257
    CVE Reference
    CVE-2022-39948
    CVSS Scores
    Base 7.4 / Temporal 6.4
    Description
    An improper certificate validation vulnerability in FortiOS may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS ) Affected Versions:
    FortiOS version 7.2.0 through 7.2.3
    FortiOS version 7.0.0 through 7.0.7
    FortiOS version 6.4 all versions
    FortiOS version 6.2 all versions
    FortiOS version 6.0 all versions

    QID Detection Logic (unauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation of this vulnerability may allow an authenticated attacker may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiOS device and remote servers hosting threat feeds (when the latter are configured as Fabric connectors in FortiOS )
    Solution
    Fortinet has released a patch addressing the vulnerability. For more information please refer to FG-IR-22-257
    Patches
    FG-IR-22-257
  • CVE-2021-43072
    QID: 44041
    Recently Published

    Fortinet FortiOS Buffer Overflow Vulnerability (FG-IR-21-206) (Unauthenticated check)

    Severity
    Critical4
    Qualys ID
    44041
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-206
    CVE Reference
    CVE-2021-43072
    CVSS Scores
    Base 7.3 / Temporal 6.4
    Description
    A buffer copy without checking size of input may allow a privileged attacker to execute arbitrary code or command via crafted CLI operations with the TFTP protocol.

    Affected Products:
    FortiOS version 6.0.0 through 6.0.14
    FortiOS version 6.2.0 through 6.2.10
    FortiOS version 6.4.0 through 6.4.8
    FortiOS version 7.0.0 through 7.0.5

    QID Detection Logic(UnAuthenticated):
    QID checks the vulnerable version
    Consequence
    It may allow a privileged attacker to execute unauthorized arbitrary code or commands via crafted CLI.

    Solution
    Customers are advised to refer to FG-IR-21-206 for more information.
    Patches
    FG-IR-21-206
  • CVE-2022-41330
    QID: 44038
    Recently Published

    Fortinet FortiOS Cross-Site Scripting (XSS) Vulnerability (FG-IR-22-363) (Unauthenticated Check)

    Severity
    Critical4
    Qualys ID
    44038
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-363
    CVE Reference
    CVE-2022-41330
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    Multiple improper sanitization of user input during web page generation leads to Cross-site Scripting vulnerabilities in FortiOS administrative interface.

    Affected Versions:
    FortiOS version 7.2.0 through 7.2.3
    FortiOS version 7.0.0 through 7.0.9
    FortiOS version 6.4.0 through 6.4.11
    FortiOS version 6.2.0 through 6.2.12

    QID Detection Logic (NoAuth):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation of the vulnerability may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP or HTTPS GET requests.

    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-363
    Patches
    FG-IR-22-363
  • CVE-2022-43947
    QID: 44033
    Recently Published

    Fortinet FortiOS Improper Access Control Vulnerability (FG-IR-22-444) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44033
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-444
    CVE Reference
    CVE-2022-43947
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiOS may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.

    Affected Versions:
    FortiOS version 7.2.0 through 7.2.3
    FortiOS version 7.0.0 through 7.0.10
    FortiOS version 6.4.0 through 6.4.12
    FortiOS 6.2 all versions

    QID Detection Logic (NoAuth):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    A Brute force attack allows attacker to obtain private user information such as usernames, passwords, passphrases, or Personal Identification Numbers (PINs).

    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-444
    Patches
    FG-IR-22-444
  • CVE-2021-44168
    QID: 44054
    Recently Published

    Fortigate FortiOS Arbitrary File Download Vulnerability (FG-IR-21-201) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44054
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-201
    CVE Reference
    CVE-2021-44168
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    CVE-2021-44168: FortiOS may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.

    Affected Products:
    FortiOS versions 6.0.13 and below
    FortiOS versions 6.2.9 and below
    FortiOS versions 6.4.7 and below
    FortiOS versions 7.0.2 and below

    QID Detection Logic (Uauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation of the vulnerability could allow an attacker to download arbitrary files on the devices.
    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-21-201

    Patches
    FG-IR-21-201
  • CVE-2022-22299
    QID: 44052
    Recently Published

    FortiOS Format String Vulnerability in Command Line Interpreter (FG-IR-21-235) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44052
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-235
    CVE Reference
    CVE-2022-22299
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    A format string vulnerability [CWE-134] in the command line interpreter of FortiOS may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.

    Affected Products:
    FortiOS version 6.0.0 through 6.0.14
    FortiOS version 6.2.0 through 6.2.10
    FortiOS version 6.4.0 through 6.4.8
    FortiOS version 7.0.0 through 7.0.2

    QID Detection Logic (Unauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable FortiOS may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-21-235

    Patches
    FG-IR-21-235
  • CVE-2021-26110
    QID: 44049
    Recently Published

    FortiOS Privilege Escalation Vulnerability (FG-IR-20-131) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44049
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-20-131
    CVE Reference
    CVE-2021-26110
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    An improper access control vulnerability [CWE-284] in FortiOS and FortiProxy autod daemon may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.

    Affected Products:
    FortiOS version 7.0.0
    FortiOS versions 6.4.6 and below
    FortiOS versions 6.2.9 and below
    FortiOS versions 6.0.12 and below
    FortiOS versions 5.6.x
    FortiOS-6K7K version 6.4.2
    FortiOS-6K7K version 6.2.6 and below

    QID Detection Logic (Unauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable version of FortiOS may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.

    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-20-131

    Patches
    FG-IR-20-131
  • CVE-2019-17655
    QID: 44053
    Recently Published

    FortiOS Secure Sockets Layer (SSL) Virtual Private Network (VPN) Information Disclosure Vulnerability (FG-IR-19-217) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44053
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-19-217
    CVE Reference
    CVE-2019-17655
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    A cleartext storage in a file or on disk vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in SSL VPN user's credentials.

    Affected Products:
    FortiOS 6.2.0 to 6.2.2, 6.0.9 and below

    QID Detection Logic (No Auth) :
    Detection checks for vulnerable version of FortiOS.

    Consequence
    To successfully exploit this weakness, another unrelated weakness (eg: a system file leaking vulnerability) would therefore need to be exploited first.
    Solution

    Vendor has released fix to address these vulnerabilities. Upgrade to FortiOS versions 6.0.10 or 6.2.3 or above
    Refer to FG-IR-19-217 for further details.

    Patches
    FG-IR-19-217
  • CVE-2022-41328
    QID: 44051
    Recently Published

    FortiOS Path Traversal Vulnerability (FG-IR-22-369) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44051
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-369
    CVE Reference
    CVE-2022-41328
    CVSS Scores
    Base 7.1 / Temporal 6.4
    Description
    A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands.

    Affected Versions:
    FortiOS version 7.2.0 through 7.2.3
    FortiOS version 7.0.0 through 7.0.9
    FortiOS version 6.4.0 through 6.4.11
    FortiOS 6.2 all versions
    FortiOS 6.0 all versions

    QID Detection Logic (No Auth):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable versions of FortiOS may allow a privileged attacker to read and write arbitrary files via crafted CLI commands.
    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-369
    Patches
    FG-IR-22-369
  • CVE-2022-33196+
    QID: 284005
    Recently Published

    Fedora Security Update for microcode_ctl (FEDORA-2023-b28dc472b0)

    Severity
    Serious3
    Qualys ID
    284005
    Date Published
    May 31, 2023
    Vendor Reference
    FEDORA-2023-b28dc472b0
    CVE Reference
    CVE-2022-33196, CVE-2022-21216, CVE-2022-38090, CVE-2022-33972
    CVSS Scores
    Base 6.8 / Temporal 5.9
    Description
    Fedora has released a security update for microcode_ctl to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-b28dc472b0
  • CVE-2021-44170
    QID: 44043
    Recently Published

    FortiOS Stack-Based Buffer Overflow Vulnerability (FG-IR-21-179) (Unauthenticated check)

    Severity
    Serious3
    Qualys ID
    44043
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-179
    CVE Reference
    CVE-2021-44170
    CVSS Scores
    Base 6.7 / Temporal 5.8
    Description
    A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS and FortiProxy may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.

    Affected Products:
    FortiOS version 6.0.0 through 6.0.14
    FortiOS version 6.2.0 through 6.2.10
    FortiOS version 6.4.0 through 6.4.8
    FortiOS version 7.0.0 through 7.0.2

    QID Detection Logic (Authenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.
    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-21-179

    Patches
    FG-IR-21-179
  • CVE-2021-41019
    QID: 44057
    Recently Published

    FortiOS Information Disclosure Vulnerability (FG-IR-21-074) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44057
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-074
    CVE Reference
    CVE-2021-41019
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

    Affected Products:
    FortiOS version 7.0.1 and below
    FortiOS version 6.4.6 and below
    FortiOS version 6.2.9 and below

    QID Detection Logic (Authenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable version of FortiOS may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-21-074

    Patches
    FG-IR-21-074
  • CVE-2021-43081
    QID: 44036
    Recently Published

    FortiOS Cross-Site Scripting (XSS) Vulnerability in Web Filter Block Override Form (FG-IR-21-230) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44036
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-230
    CVE Reference
    CVE-2021-43081
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiProxy and FortiOS web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

    Affected Products:
    FortiOS version 7.0.3 and below
    FortiOS version 6.4.8 and below
    FortiOS version 6.2.10 and below
    FortiOS version 6.0.14 to 6.0.0

    QID Detection Logic (Authenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable FortiOS may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-21-230

    Patches
    FG-IR-21-230
  • CVE-2022-22305
    QID: 44050
    Recently Published

    FortiOS - Improper Certificate Validation Vulnerability (FG-IR-18-292) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44050
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-18-292
    CVE Reference
    CVE-2022-22305
    CVSS Scores
    Base 5.8 / Temporal 5.1
    Description

    An improper certificate validation vulnerability [CWE-295] in FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.

    Affected Products:
    FortiOS versions 6.2.x
    FortiOS versions 6.0.x
    FortiOS versions 5.6.x

    QID Detection Logic (Authenticated):
    Detection checks for vulnerable versions of FortiOS.

    Consequence

    Vulnerable version may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.

    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-18-292

    Patches
    FG-IR-18-292
  • CVE-2021-41032
    QID: 44056
    Recently Published

    FortiOS Improper Inter-Virtual domains (VDOM) Access Control Vulnerability (FG-IR-21-147) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44056
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-147
    CVE Reference
    CVE-2021-41032
    CVSS Scores
    Base 5.4 / Temporal 4.7
    Description
    An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.

    Affected Products:
    FortiOS version 6.2.0 through 6.2.10

    QID Detection Logic (Authenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable version of FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.
    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-21-147

    Patches
    FG-IR-21-147
  • CVE-2023-22641
    QID: 44047
    Recently Published

    Fortinet FortiOS Unauthorized Code Vulnerability (FG-IR-22-479) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44047
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-479
    CVE Reference
    CVE-2023-22641
    CVSS Scores
    Base 5.4 / Temporal 4.7
    Description
    A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiOS and FortiProxy sslvpnd may allow an authenticated attacker to redirect users to any arbitrary website via a crafted URL.

    Affected Versions:
    FortiOS version 7.2.0 through 7.2.3
    FortiOS version 7.0.0 through 7.0.9
    FortiOS version 6.4.0 through 6.4.12
    FortiOS all versions 6.2, 6.0

    QID Detection Logic (No Auth):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation of the vulnerability may allow an unauthenticated attacker to perform an Execute unauthorized code or commands.

    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-479
    Patches
    FG-IR-22-479
  • CVE-2022-42472
    QID: 44044
    Recently Published

    FortiOS Header Injection In Proxy Vulnerability (FG-IR-22-362) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44044
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-362
    CVE Reference
    CVE-2022-42472
    CVSS Scores
    Base 5.4 / Temporal 4.7
    Description
    An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] in FortiOS and FortiProxy may allow an authenticated and remote attacker to inject arbitrary headers.
    Affected Versions:
    FortiOS version 7.2.0 through 7.2.2
    FortiOS version 7.0.0 through 7.0.8
    FortiOS 6.4 all versions
    FortiOS 6.2 all versions
    FortiOS 6.0 all versions

    QID Detection Logic (unauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation of the vulnerability may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-362
    Patches
    FG-IR-22-362
  • CVE-2022-22306
    QID: 44034
    Recently Published

    FortiOS Lack of Certificate Verification Vulnerability (FG-IR-21-239) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44034
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-239
    CVE Reference
    CVE-2022-22306
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    An improper certificate validation vulnerability [CWE-295] in FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.

    Affected Products:
    FortiOS version 6.0.0 through 6.0.14
    FortiOS version 6.2.0 through 6.2.10
    FortiOS version 6.4.0 through 6.4.8
    FortiOS version 7.0.0

    QID Detection Logic (Authenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable FortiOS may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.
    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-21-239

    Patches
    FG-IR-21-239
  • CVE-2021-43206
    QID: 44055
    Recently Published

    FortiOS Information Disclosure Vulnerability in Web Proxy Error Pages (FG-IR-21-231) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44055
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-231
    CVE Reference
    CVE-2021-43206
    CVSS Scores
    Base 4.3 / Temporal 3.8
    Description
    A server-generated error message containing sensitive information vulnerability [CWE-550] in FortiOS and FortiProxy web proxy may allow a malicious webserver to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.

    Affected Products:
    FortiOS version 7.0.3 and below
    FortiOS version 6.4.9 and below
    FortiOS version 6.2.10 and below
    FortiOS version 6.0.14 and below

    QID Detection Logic (Authenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Vulnerable FortiOS may allow a malicious web server to retrieve a web proxy's client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages.
    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-21-231

    Patches
    FG-IR-21-231
  • CVE-2022-23442
    QID: 44048
    Recently Published

    FortiOS Inter-Virtual domains (VDOM) Information Leakage Vulnerability (FG-IR-22-036) (Unauthenticated Check)

    Severity
    Serious3
    Qualys ID
    44048
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-036
    CVE Reference
    CVE-2022-23442
    CVSS Scores
    Base 4.3 / Temporal 3.8
    Description
    An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.

    Affected Products:
    FortiOS version 7.0.0 through 7.0.5
    FortiOS version 6.4.0 through 6.4.8
    FortiOS version 6.2.0 through 6.2.11

    QID Detection Logic (Unauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands.
    Solution

    Vendor has released fixes to address this vulnerability
    For more details refer advisory FG-IR-22-036

    Patches
    FG-IR-22-036
  • CVE-2022-38378
    QID: 44039
    Recently Published

    Fortinet FortiOS Escalation of Privilege Vulnerability (FG-IR-22-346) (Unauthenticated Check)

    Severity
    Medium2
    Qualys ID
    44039
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-22-346
    CVE Reference
    CVE-2022-38378
    CVSS Scores
    Base 6 / Temporal 5.2
    Description
    An improper privilege management vulnerability in FortiOS and FortiProxy may allow an administrator that has access to the admin profile section to modify their own profile and upgrade their privileges to Read Write via CLI or GUI commands. Affected Versions:
    FortiOS version 7.2.0
    FortiOS version 7.0.0 through 7.0.7
    FortiOS 6.4 all versions
    FortiOS 6.2 all versions
    FortiOS 6.0 all versions

    QID Detection Logic (Unauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation of this vulnerability may cause Escalation of Privilege

    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-22-346
    Patches
    FG-IR-22-346
  • CVE-2022-40680
    QID: 44032
    Recently Published

    FortiOS - Stored Cross-Site Scripting (XSS) Vulnerability (FG-IR-21-248) (Unauthenticated Check)

    Severity
    Medium2
    Qualys ID
    44032
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-248
    CVE Reference
    CVE-2022-40680
    CVSS Scores
    Base 5.4 / Temporal 4.7
    Description
    A improper neutralization of input during web page generation (cross-site scripting) [CWE-79] in FortiOS may allow a privileged attacker to perform a stored XSS attack via storing malicious payloads in replacement messages. Affected Versions:
    FortiOS version 7.0.0 through 7.0.3
    FortiOS version 6.4.0 through 6.4.9
    FortiOS version 6.2.2 through 6.2.12
    FortiOS version 6.0.7 through 6.0.15

    QID Detection Logic (Authenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation of the vulnerability may allow a privileged attacker to perform a stored XSS attack via storing malicious payloads in replacement messages.
    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-21-248
    Patches
    FG-IR-21-248
  • CVE-2021-43074
    QID: 44035
    Recently Published

    FortiOS Padding Oracle In Cookie Encryption Vulnerability (FG-IR-21-126) (Unauthenticated Check)

    Severity
    Medium2
    Qualys ID
    44035
    Date Published
    May 31, 2023
    Vendor Reference
    FG-IR-21-126
    CVE Reference
    CVE-2021-43074
    CVSS Scores
    Base 4.3 / Temporal 3.8
    Description
    An improper verification of cryptographic signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter. Affected Versions:
    FortiOS versions 7.0.3 and below
    FortiOS versions 6.4.8 and below
    FortiOS 6.2 all versions
    FortiOS 6.0 all versions

    QID Detection Logic (Unauthenticated):
    Detection checks for vulnerable version of FortiOS.

    Consequence
    Successful exploitation of the vulnerability may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.
    Solution
    Fortinet has released patch addressing the vulnerability. For more information please refer to FG-IR-21-126
    Patches
    FG-IR-21-126
  • CVE-2019-14889+
    QID: 181812
    Recently Published

    Debian Security Update for libssh (DLA 3437-1)

    Severity
    Critical4
    Qualys ID
    181812
    Date Published
    May 30, 2023
    Vendor Reference
    DLA 3437-1
    CVE Reference
    CVE-2019-14889, CVE-2023-1667
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Debian has released a security update for libssh to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3437-1 for updates and patch information.
    Patches
    Debian DLA 3437-1
  • CVE-2018-16838+
    QID: 181811
    Recently Published

    Debian Security Update for sssd (DLA 3436-1)

    Severity
    Critical4
    Qualys ID
    181811
    Date Published
    May 30, 2023
    Vendor Reference
    DLA 3436-1
    CVE Reference
    CVE-2018-16838, CVE-2021-3621, CVE-2022-4254, CVE-2019-3811
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    Debian has released a security update for sssd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3436-1 for updates and patch information.
    Patches
    Debian DLA 3436-1
  • CVE-2023-30861
    QID: 199370
    Recently Published

    Ubuntu Security Notification for Flask Vulnerability (USN-6111-1)

    Severity
    Critical4
    Qualys ID
    199370
    Date Published
    May 30, 2023
    Vendor Reference
    USN-6111-1
    CVE Reference
    CVE-2023-30861
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for flask to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6111-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6111-1
  • CVE-2022-32221
    QID: 330139
    In Development

    IBM AIX Security restrictions bypass due to curl (curl_advisory)

    Severity
    Critical4
    Qualys ID
    330139
    Vendor Reference
    curl_advisory
    CVE Reference
    CVE-2022-32221
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    AIX is vulnerable to security restrictions bypass due to curl (CVE-2022-32221).

    Affected Platform:
    AIX 7.3 TL1 (Technology level 1)
    QID Detection Logic (Authenticated):
    The detection checks for installed packages version via command lslpp -L | grep -i oss.lib.libcurl. It also checks for interim fixes installed The detection posts vulnerable if installed package version is less than patched version and interim fixes are also not installed.

    Consequence
    Vulnerability in cURL libcurl could allow a remote attacker to bypass security restriction and impacts integrity and availability

    Solution
    The vendor has released fixes to curl_advisory this vulnerability.
    Patches
    curl_advisory
  • CVE-2021-3570
    QID: 199369
    Recently Published

    Ubuntu Security Notification for Linux PTP Vulnerability (USN-6097-1)

    Severity
    Critical4
    Qualys ID
    199369
    Date Published
    May 30, 2023
    Vendor Reference
    USN-6097-1
    CVE Reference
    CVE-2021-3570
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Ubuntu has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-6097-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-6097-1
  • CVE-2023-22970
    QID: 284003
    Recently Published

    Fedora Security Update for bottles (FEDORA-2023-328397d034)

    Severity
    Critical4
    Qualys ID
    284003
    Date Published
    May 30, 2023
    Vendor Reference
    FEDORA-2023-328397d034
    CVE Reference
    CVE-2023-22970
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for bottles to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-328397d034
  • CVE-2023-27908
    QID: 378529
    Recently Published

    Autodesk Installer Privilege Escalation Vulnerability (ADSK-SA-2023-0010)

    Severity
    Critical4
    Qualys ID
    378529
    Date Published
    May 30, 2023
    Vendor Reference
    ADSK-SA-2023-0010
    CVE Reference
    CVE-2023-27908
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    Autodesk is a global leader in design and make technology that serves customers across the architecture, engineering, construction, design, manufacturing, and entertainment industries.

    Affected versions:
    Autodesk Installer version 1.29.0.90 or late up to 1.39.0.215

    QID Detection Logic:(Authenticated)
    It checks for Installer.exe file version to check the vulnerable version of Autodesk Installer.

    Consequence
    Successful exploit would directly impact the confidentiality, integrity or availability

    Solution
    Customers can refer ADSK-SA-2023-0010 .
    Patches
    ADSK-SA-2023-0010
  • CVE-2022-22365
    QID: 378517
    Recently Published

    IBM WebSphere Application Server Spoofing Vulnerability (6587947)

    Severity
    Medium2
    Qualys ID
    378517
    Date Published
    May 30, 2023
    Vendor Reference
    6587947
    CVE Reference
    CVE-2022-22365
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    IBM WebSphere Application Server is vulnerable to spoofing vulnerability.

    Affected Versions:
    WebSphere Application Server V9.0.0.0 through 9.0.5.12
    WebSphere Application Server V8.5.0.0 through 8.5.5.21
    WebSphere Application Server V8.0.0.0 through 8.0.0.15
    WebSphere Application Server V7.0.0.0 through 7.0.0.45

    QID Detection Logic (Authenticated):
    This QID checks for the vulnerable version of IBM WebSphere Application Server and checks if the patches are installed or not.

    Consequence
    Successful exploitation could allow spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames.

    Solution
    The vendor has released patches. Please visit IBM WebSphere Application Server(6587947) for more information.
    Patches
    6587947
  • CVE-2016-9310+
    QID: 44030
    Recently Published

    Juniper Network Operating System (Junos OS) Multiple NTP Vulnerabilities (JSA11171)

    Severity
    Critical4
    Qualys ID
    44030
    Date Published
    May 30, 2023
    Vendor Reference
    JSA11171
    CVE Reference
    CVE-2016-9310, CVE-2013-5211, CVE-2016-9042, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464
    CVSS Scores
    Base 8.8 / Temporal 7.9
    Description
    Juniper Junos is the network operating system used in Juniper Networks hardware systems.

    Multiple NTP vulnerabilities have been resolved in Juniper Networks Junos OS and Junos OS Evolved by updating third party software where vulnerabilities were found during external security research.

    Affected Junos versions:
    Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series
    12.3X48 versions prior to 12.3X48-D95 on SRX Series
    14.1X53 versions prior to 14.1X53-D53
    15.1 versions prior to 15.1R7-S6 on EX Series
    15.1X49 versions prior to 15.1X49-D190 on SRX Series
    16.1 versions prior to 16.1R7-S6
    16.2 versions prior to 16.2R3
    17.1 versions prior to 17.1R2-S11, 17.1R3-S1
    17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3
    17.3 versions prior to 17.3R2-S5, 17.3R3-S6
    17.4 versions prior to 17.4R2-S7, 17.4R3
    18.1 versions prior to 18.1R3-S8
    18.2 versions prior to 18.2R2-S7, 18.2R3-S1
    18.3 versions prior to 18.3R1-S5, 18.3R2-S2, 18.3R3
    18.4 versions prior to 18.4R1-S4, 18.4R2-S1, 18.4R3
    19.1 versions prior to 19.1R1-S3, 19.1R2
    19.2 versions prior to 19.2R1-S1, 19.2R2
    QID detection logic: (Authenticated)
    It checks for vulnerable Junos OS version.

    Note: This QID does not checks for only affected versions hence set to practice.

    Consequence
    Successful exploitation of these vulnerabilities could lead to addition or modification of data, or Denial of Service (DoS).

    Solution
    Please refer JSA11171

    Patches
    JSA11171
  • QID: 45568
    Recently Published

    Linux Live-Kpatch Patch Detected Detected

    Severity
    Minimal1
    Qualys ID
    45568
    Date Published
    May 30, 2023
    CVSS Scores
    Base / Temporal
    Description

    kpatch is a feature of the Linux kernel that implements live patching of a running kernel, which allows kernel patches to be applied while the kernel is still running. By avoiding the need for rebooting the system with a new kernel that contains the desired patches, kpatch aims to maximize the system uptime and availability.
    QID Detection Logic (Authenticated)(Alibaba Cloud Linux):

    This QID will check the Fixed CVEs post kpatch applied by executing command- livepatch-mgr list --installed --running.
    QID Detection Logic (Authenticated)(Suse Linux):

    This QID will detect livepatch, kernel-livepatch versions, fixed CVEs ,bug fixes and enhancements ID post live patch applied.
    This QID will execute command for Linux enterprise server prior to 15 - " kgr -v patches"
    This QID will execute command for Linux enterprise server 15 and later- " klp -v patches"
    QID Detection Logic(Authenticated):(RHEL Linux)

    Detection logic will check Loaded patch and Installed patch modules details be executing command "kpatch list" and fixed CVEs details post kpatch applied by executing command "rpm -qf --changelog $(kpatch info $(kpatch list | grep enabled | cut -d' ' -f1) | grep filename | sed -e 's/^filename: *//' -e 's/var/usr/') | grep --color=never CVE".
    NOTE: This QID will check kpatch for only RHEL, SUSE and Alibaba cloud Linux.

    Consequence
    NA
    Solution
    NA
  • CVE-2023-2255+
    QID: 181810
    Recently Published

    Debian Security Update for libreoffice (DSA 5415-1)

    Severity
    Critical4
    Qualys ID
    181810
    Date Published
    May 29, 2023
    Vendor Reference
    DSA 5415-1
    CVE Reference
    CVE-2023-2255, CVE-2023-0950
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released a security update for libreoffice to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5415-1 for updates and patch information.
    Patches
    Debian DSA 5415-1
  • CVE-2023-0458+
    QID: 355312
    Recently Published

    Amazon Linux Security Advisory for kernel : ALAS2023-2023-127

    Severity
    Critical4
    Qualys ID
    355312
    Date Published
    May 29, 2023
    Vendor Reference
    ALAS-2023-127
    CVE Reference
    CVE-2023-0458, CVE-2023-26545, CVE-2022-2196
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description

    A regression exists in the linux kernel within kvm: nvmx that allowed for speculative execution attacks.
    L2 can carry out spectre v2 attacks on l1 due to l1 thinking it doesn't need retpolines or ibpb after running l2 due to kvm (l0) advertising eibrs support to l1.
    An attacker at l2 with code execution can execute code on an indirect branch on the host machine.
    We recommend upgrading to kernel 6.2 or past commit 2e7eab81425a (cve-2022-2196) in the linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. (
    ( CVE-2023-26545)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS-2023-127 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2023 ALAS-2023-127
  • CVE-2023-1032+
    QID: 355314
    Recently Published

    Amazon Linux Security Advisory for kernel : ALAS2023-2023-138

    Severity
    Critical4
    Qualys ID
    355314
    Date Published
    May 29, 2023
    Vendor Reference
    ALAS-2023-138
    CVE Reference
    CVE-2023-1032, CVE-2023-1829, CVE-2023-1077, CVE-2023-1998, CVE-2023-1118
    CVSS Scores
    Base 7.8 / Temporal 7
    Description

    Kernel: type confusion in pick_next_rt_entity(), which can result in memory corruption. (
    ( CVE-2023-1077) a flaw use after free in the linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device.
    A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (
    ( CVE-2023-1118)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS-2023-138 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2023 ALAS-2023-138
  • CVE-2022-31623+
    QID: 355313
    Recently Published

    Amazon Linux Security Advisory for mariadb105 : ALAS2023-2023-155

    Severity
    Critical4
    Qualys ID
    355313
    Date Published
    May 29, 2023
    Vendor Reference
    ALAS-2023-155
    CVE Reference
    CVE-2022-31623, CVE-2022-32091, CVE-2022-31622, CVE-2022-38791, CVE-2022-47015
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description

    Mariadb v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. (
    ( CVE-2022-32091) in mariadb before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. (
    ( CVE-2022-38791) mariadb server before 10.3.34 thru 10.9.3 is vulnerable to denial of service.
    It is possible for function spider_db_mbase::print_warnings to dereference a null pointer. (
    ( CVE-2022-47015)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS-2023-155 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2023 ALAS-2023-155
  • CVE-2023-28486+
    QID: 355311
    Recently Published

    Amazon Linux Security Advisory for sudo : ALAS2023-2023-135

    Severity
    Critical4
    Qualys ID
    355311
    Date Published
    May 29, 2023
    Vendor Reference
    ALAS-2023-135
    CVE Reference
    CVE-2023-28486, CVE-2023-27320, CVE-2023-28487
    CVSS Scores
    Base 7.2 / Temporal 6.5
    Description

    Sudo before 1.9.13p2 has a double free in the per-command chroot feature. (
    ( CVE-2023-27320)



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
    Solution
    Please refer to Amazon advisory: ALAS-2023-135 for affected packages and patching details, or update with your package manager.
    Patches
    amazon linux 2023 ALAS-2023-135
  • CVE-2023-1231+
    QID: 754045
    Recently Published

    OpenSUSE Security Update for opera (openSUSE-SU-2023:0114-1)

    Severity
    Urgent5
    Qualys ID
    754045
    Date Published
    May 29, 2023
    Vendor Reference
    openSUSE-SU-2023:0114-1
    CVE Reference
    CVE-2023-1231, CVE-2023-1229, CVE-2023-1227, CVE-2023-1226, CVE-2023-1221, CVE-2023-1228, CVE-2023-1214, CVE-2023-1219, CVE-2023-1236, CVE-2023-2137, CVE-2023-2724, CVE-2023-1530, CVE-2023-1528, CVE-2023-1215, CVE-2023-1532, CVE-2023-1218, CVE-2023-1233, CVE-2023-2135, CVE-2023-2722, CVE-2023-1533, CVE-2023-1531, CVE-2023-1216, CVE-2023-1220, CVE-2023-2133, CVE-2023-2033, CVE-2023-2721, CVE-2023-2134, CVE-2023-1224, CVE-2023-1232, CVE-2023-1234, CVE-2023-1235, CVE-2023-1217, CVE-2023-1230, CVE-2023-2136, CVE-2023-1213, CVE-2023-1529, CVE-2023-1225, CVE-2023-1222, CVE-2023-1223, CVE-2023-1534, CVE-2023-2725, CVE-2023-2726, CVE-2023-2723
    CVSS Scores
    Base 9.8 / Temporal 9.1
    Description
    OpenSUSE has released a security update for opera to fix the vulnerabilities.

    Affected Products:
    openSUSE Leap 15.4:NonFree

    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to openSUSE security advisory openSUSE-SU-2023:0114-1 for updates and patch information.
    Patches
    OpenSuse openSUSE-SU-2023:0114-1
  • CVE-2023-2283+
    QID: 284002
    Recently Published

    Fedora Security Update for libssh (FEDORA-2023-5fa5ca2043)

    Severity
    Critical4
    Qualys ID
    284002
    Date Published
    May 29, 2023
    Vendor Reference
    FEDORA-2023-5fa5ca2043
    CVE Reference
    CVE-2023-2283, CVE-2023-1667
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for libssh to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-5fa5ca2043
  • CVE-2021-32142+
    QID: 181809
    Recently Published

    Debian Security Update for libraw (DSA 5412-1)

    Severity
    Critical4
    Qualys ID
    181809
    Date Published
    May 29, 2023
    Vendor Reference
    DSA 5412-1
    CVE Reference
    CVE-2021-32142, CVE-2023-1729
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Debian has released a security update for libraw to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5412-1 for updates and patch information.
    Patches
    Debian DSA 5412-1
  • CVE-2023-31124+
    QID: 284001
    Recently Published

    Fedora Security Update for c (FEDORA-2023-ae97529c00)

    Severity
    Critical4
    Qualys ID
    284001
    Date Published
    May 29, 2023
    Vendor Reference
    FEDORA-2023-ae97529c00
    CVE Reference
    CVE-2023-31124, CVE-2023-31147, CVE-2023-31130, CVE-2023-32067
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for c to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-ae97529c00
  • CVE-2022-47015
    QID: 691175
    Recently Published

    Free Berkeley Software Distribution (FreeBSD) Security Update for mariadb (5d1b1a0a-fd36-11ed-a0d1-84a93843eb75)

    Severity
    Serious3
    Qualys ID
    691175
    Date Published
    May 29, 2023
    Vendor Reference
    5d1b1a0a-fd36-11ed-a0d1-84a93843eb75
    CVE Reference
    CVE-2022-47015
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    FreeBSD has released a security update for mariadb to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to FreeBSD security advisory 5d1b1a0a-fd36-11ed-a0d1-84a93843eb75 for updates and patch information.
    Patches
    "FreeBSD" 5d1b1a0a-fd36-11ed-a0d1-84a93843eb75
  • CVE-2019-13389+
    QID: 181808
    Recently Published

    Debian Security Update for rainloop (DLA 3435-1)

    Severity
    Serious3
    Qualys ID
    181808
    Date Published
    May 29, 2023
    Vendor Reference
    DLA 3435-1
    CVE Reference
    CVE-2019-13389, CVE-2022-29360
    CVSS Scores
    Base 6.1 / Temporal 5.5
    Description
    Debian has released a security update for rainloop to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3435-1 for updates and patch information.
    Patches
    Debian DLA 3435-1
  • CVE-2023-25076
    QID: 181804
    Recently Published

    Debian Security Update for sniproxy (DSA 5413-1)

    Severity
    Urgent5
    Qualys ID
    181804
    Date Published
    May 29, 2023
    Vendor Reference
    DSA 5413-1
    CVE Reference
    CVE-2023-25076
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    Debian has released a security update for sniproxy to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5413-1 for updates and patch information.
    Patches
    Debian DSA 5413-1
  • CVE-2021-40570+
    QID: 181803
    Recently Published

    Debian Security Update for gpac (DSA 5411-1)

    Severity
    Urgent5
    Qualys ID
    181803
    Date Published
    May 29, 2023
    Vendor Reference
    DSA 5411-1
    CVE Reference
    CVE-2021-40570, CVE-2021-40944, CVE-2023-0866, CVE-2021-40567, CVE-2023-1449, CVE-2021-45764, CVE-2022-47663, CVE-2021-46039, CVE-2021-40609, CVE-2022-47091, CVE-2021-40572, CVE-2022-45202, CVE-2023-2838, CVE-2022-47095, CVE-2021-40559, CVE-2021-40606, CVE-2021-33363, CVE-2021-41459, CVE-2021-46044, CVE-2021-46045, CVE-2023-23144, CVE-2021-45292, CVE-2023-23143, CVE-2021-41457, CVE-2022-45283, CVE-2021-45267, CVE-2021-33361, CVE-2021-46040, CVE-2022-24578, CVE-2021-33365, CVE-2021-36414, CVE-2021-40564, CVE-2021-40565, CVE-2022-1222, CVE-2020-35980, CVE-2021-45760, CVE-2023-1452, CVE-2021-45297, CVE-2023-1448, CVE-2021-33366, CVE-2022-36190, CVE-2021-40568, CVE-2022-47657, CVE-2022-27145, CVE-2021-46041, CVE-2021-40608, CVE-2022-47659, CVE-2023-0770, CVE-2022-47660, CVE-2021-4043, CVE-2021-40574, CVE-2021-46051, CVE-2021-45263, CVE-2022-29537, CVE-2021-40575, CVE-2023-2839, CVE-2021-40592, CVE-2021-40562, CVE-2023-0818, CVE-2021-45767, CVE-2023-23145, CVE-2021-46049, CVE-2021-46047, CVE-2022-3957, CVE-2021-21852, CVE-2023-0819, CVE-2022-2454, CVE-2023-2840, CVE-2022-27147, CVE-2021-46043, CVE-2023-2837, CVE-2022-36191, CVE-2022-3222, CVE-2021-41456, CVE-2022-4202, CVE-2021-45262, CVE-2021-36412, CVE-2021-40576, CVE-2021-45831, CVE-2022-47086, CVE-2022-47662, CVE-2022-43255, CVE-2021-45763, CVE-2021-40569, CVE-2022-26967, CVE-2022-38530, CVE-2022-24577, CVE-2022-1795, CVE-2023-1654, CVE-2022-45343, CVE-2021-46046, CVE-2021-45762, CVE-2021-33364, CVE-2022-47094, CVE-2021-40571, CVE-2021-46038, CVE-2021-40566, CVE-2021-36417, CVE-2021-45291, CVE-2022-47661, CVE-2021-40563, CVE-2021-46042, CVE-2022-24574, CVE-2022-1035, CVE-2022-1441
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    Debian has released a security update for gpac to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5411-1 for updates and patch information.
    Patches
    Debian DSA 5411-1
  • CVE-2022-27493+
    QID: 160708
    Recently Published

    Oracle Enterprise Linux Security Update for istio (ELSA-2023-12354)

    Severity
    Critical4
    Qualys ID
    160708
    Date Published
    May 29, 2023
    Vendor Reference
    ELSA-2023-12354
    CVE Reference
    CVE-2022-27493, CVE-2022-27491, CVE-2022-27488, CVE-2022-27492, CVE-2022-27496, CVE-2022-27487
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Oracle Enterprise Linux has released a security update for istio to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-12354
    Patches
    Oracle Linux ELSA-2023-12354
  • QID: 284000
    Recently Published

    Fedora Security Update for rust (FEDORA-2023-1d0d71b6aa)

    Severity
    Critical4
    Qualys ID
    284000
    Date Published
    May 29, 2023
    Vendor Reference
    FEDORA-2023-1d0d71b6aa
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for rust to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-1d0d71b6aa
  • CVE-2023-2253
    QID: 181807
    Recently Published

    Debian Security Update for docker-registry (DSA 5414-1)

    Severity
    Critical4
    Qualys ID
    181807
    Date Published
    May 29, 2023
    Vendor Reference
    DSA 5414-1
    CVE Reference
    CVE-2023-2253
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for docker-registry to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5414-1 for updates and patch information.
    Patches
    Debian DSA 5414-1
  • CVE-2023-29491
    QID: 503021
    Recently Published

    Alpine Linux Security Update for ncurses

    Severity
    Critical4
    Qualys ID
    503021
    Date Published
    May 29, 2023
    Vendor Reference
    ncurses
    CVE Reference
    CVE-2023-29491
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Alpine Linux has released a security update for ncurses to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.17


    Affected Package versions prior to 6.3_p20221119-r1.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory ncurses for updates and patch information.
    Patches
    Alpine Linux ncurses-6.3_p20221119-r1
  • CVE-2023-29491
    QID: 503020
    Recently Published

    Alpine Linux Security Update for ncurses

    Severity
    Critical4
    Qualys ID
    503020
    Date Published
    May 29, 2023
    Vendor Reference
    ncurses
    CVE Reference
    CVE-2023-29491
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Alpine Linux has released a security update for ncurses to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.16


    Affected Package versions prior to 6.3_p20220521-r1.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory ncurses for updates and patch information.
    Patches
    Alpine Linux ncurses-6.3_p20220521-r1
  • CVE-2023-29491
    QID: 503019
    Recently Published

    Alpine Linux Security Update for ncurses

    Severity
    Critical4
    Qualys ID
    503019
    Date Published
    May 29, 2023
    Vendor Reference
    ncurses
    CVE Reference
    CVE-2023-29491
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Alpine Linux has released a security update for ncurses to fix the vulnerabilities.

    Affected versions:
    Alpine Linux 3.15


    Affected Package versions prior to 6.3_p20211120-r2.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Alpine Linux advisory ncurses for updates and patch information.
    Patches
    Alpine Linux ncurses-6.3_p20211120-r2
  • CVE-2021-32142+
    QID: 181806
    Recently Published

    Debian Security Update for libraw (DLA 3433-1)

    Severity
    Critical4
    Qualys ID
    181806
    Date Published
    May 29, 2023
    Vendor Reference
    DLA 3433-1
    CVE Reference
    CVE-2021-32142, CVE-2023-1729
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Debian has released a security update for libraw to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3433-1 for updates and patch information.
    Patches
    Debian DLA 3433-1
  • CVE-2023-33204+
    QID: 181805
    Recently Published

    Debian Security Update for sysstat (DLA 3434-1)

    Severity
    Critical4
    Qualys ID
    181805
    Date Published
    May 29, 2023
    Vendor Reference
    DLA 3434-1
    CVE Reference
    CVE-2023-33204, CVE-2022-39377
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Debian has released a security update for sysstat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3434-1 for updates and patch information.
    Patches
    Debian DLA 3434-1
  • CVE-2023-24329
    QID: 283998
    Recently Published

    Fedora Security Update for python3.11 (FEDORA-2023-63c69aa712)

    Severity
    Critical4
    Qualys ID
    283998
    Date Published
    May 29, 2023
    Vendor Reference
    FEDORA-2023-63c69aa712
    CVE Reference
    CVE-2023-24329
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    Fedora has released a security update for python3.11 to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-63c69aa712
  • CVE-2023-32681
    QID: 283999
    Recently Published

    Fedora Security Update for python (FEDORA-2023-078e257f1c)

    Severity
    Serious3
    Qualys ID
    283999
    Date Published
    May 29, 2023
    Vendor Reference
    FEDORA-2023-078e257f1c
    CVE Reference
    CVE-2023-32681
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    Fedora has released a security update for python to fix the vulnerabilities.

    Affected OS:
    Fedora 37


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 37 for updates and patch information.
    Patches
    Fedora 37 FEDORA-2023-078e257f1c
  • CVE-2023-24540
    QID: 960938
    Recently Published

    Rocky Linux Security Update for go-toolset:Rocky (RLSA-2023:3319)

    Severity
    Urgent5
    Qualys ID
    960938
    Date Published
    May 29, 2023
    Vendor Reference
    RLSA-2023:3319
    CVE Reference
    CVE-2023-24540
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for go-toolset:Rocky to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2023:3319 for updates and patch information.
    Patches
    RockyLinux RLSA-2023:3319
  • CVE-2023-24540
    QID: 941127
    Recently Published

    AlmaLinux Security Update for go-toolset:rhel8 (ALSA-2023:3319)

    Severity
    Urgent5
    Qualys ID
    941127
    Date Published
    May 29, 2023
    Vendor Reference
    ALSA-2023:3319
    CVE Reference
    CVE-2023-24540
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    AlmaLinux has released a security update for go-toolset:rhel8 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2023:3319 for updates and patch information.
    Patches
    AlmaLinux ALSA-2023:3319
  • CVE-2023-24540
    QID: 941126
    Recently Published

    AlmaLinux Security Update for go-toolset and golang (ALSA-2023:3318)

    Severity
    Urgent5
    Qualys ID
    941126
    Date Published
    May 29, 2023
    Vendor Reference
    ALSA-2023:3318
    CVE Reference
    CVE-2023-24540
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    AlmaLinux has released a security update for go-toolset and golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2023:3318 for updates and patch information.
    Patches
    AlmaLinux ALSA-2023:3318
  • CVE-2023-24540
    QID: 160703
    Recently Published

    Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2023-3319)

    Severity
    Urgent5
    Qualys ID
    160703
    Date Published
    May 29, 2023
    Vendor Reference
    ELSA-2023-3319
    CVE Reference
    CVE-2023-24540
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Oracle Enterprise Linux has released a security update for go-toolset:ol8 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-3319
    Patches
    Oracle Linux ELSA-2023-3319
  • CVE-2023-24540
    QID: 160702
    Recently Published

    Oracle Enterprise Linux Security Update for go-toolset and golang (ELSA-2023-3318)

    Severity
    Urgent5
    Qualys ID
    160702
    Date Published
    May 29, 2023
    Vendor Reference
    ELSA-2023-3318
    CVE Reference
    CVE-2023-24540
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Oracle Enterprise Linux has released a security update for go-toolset and golang to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-3318
    Patches
    Oracle Linux ELSA-2023-3318
  • CVE-2023-27530+
    QID: 960940
    Recently Published

    Rocky Linux Security Update for pcs (RLSA-2023:2652)

    Severity
    Critical4
    Qualys ID
    960940
    Date Published
    May 29, 2023
    Vendor Reference
    RLSA-2023:2652
    CVE Reference
    CVE-2023-27530, CVE-2023-2319, CVE-2023-27539
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for pcs to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2023:2652 for updates and patch information.
    Patches
    RockyLinux RLSA-2023:2652
  • CVE-2022-42927+
    QID: 296098
    Recently Published

    Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)

    Severity
    Critical4
    Qualys ID
    296098
    Vendor Reference
    CPUOCt2022
    CVE Reference
    CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932, CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45416, CVE-2022-45418, CVE-2022-45420, CVE-2022-45421, CVE-2015-20107, CVE-2022-37454, CVE-2022-31628, CVE-2022-31629, CVE-2022-31630, CVE-2022-37454, CVE-2018-7160, CVE-2022-32212, CVE-2022-32213, CVE-2022-32215, CVE-2022-32222, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-3786, CVE-2022-43548, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-40674, CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42932, CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45413, CVE-2022-45415, CVE-2022-45416, CVE-2022-45417, CVE-2022-45418, CVE-2022-45419, CVE-2022-45420, CVE-2022-45421, CVE-2022-41323, CVE-2022-42252, CVE-2023-21900
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    The target does not have Solaris 11.4 SRU 52.132.2 applied. The Support Repository Updates provide patch bundles/updates that primarily contain bug fixes for the system and third party software.

    QID Detection Logic (Authenticated):
    This QID lists installed patch to check if the patches are missing.

    NOTE: Revision 3: Published on 2022-12-20

    Consequence
    Exploitation could allow an attacker to compromise a vulnerable system.

    Solution
    Apply Solaris 11.4 SRU 52. Refer to Oracle Solaris 11.4 SRU 52.132.2 for more information.
    Patches
    CPUOCT2022
  • CVE-2021-25749+
    QID: 754042
    Recently Published

    SUSE Enterprise Linux Security Update for kubernetes1.23 (SUSE-SU-2023:2292-1)

    Severity
    Critical4
    Qualys ID
    754042
    Date Published
    May 29, 2023
    Vendor Reference
    SUSE-SU-2023:2292-1
    CVE Reference
    CVE-2021-25749, CVE-2022-3162, CVE-2022-3294
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released a security update for kubernetes1.23 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 15 SP3|SUSE Linux Enterprise Server for SAP Applications 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2023:2292-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2023:2292-1
  • CVE-2022-27491+
    QID: 160707
    Recently Published

    Oracle Enterprise Linux Security Update for istio (ELSA-2023-12356)

    Severity
    Critical4
    Qualys ID
    160707
    Date Published
    May 29, 2023
    Vendor Reference
    ELSA-2023-12356
    CVE Reference
    CVE-2022-27491, CVE-2022-27496, CVE-2022-27488, CVE-2022-27492, CVE-2022-27487, CVE-2022-27493
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Oracle Enterprise Linux has released a security update for istio to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-12356
    Patches
    Oracle Linux ELSA-2023-12356
  • CVE-2022-27491+
    QID: 160706
    Recently Published

    Oracle Enterprise Linux Security Update for olcne (ELSA-2023-23649)

    Severity
    Critical4
    Qualys ID
    160706
    Date Published
    May 29, 2023
    Vendor Reference
    ELSA-2023-23649
    CVE Reference
    CVE-2022-27491, CVE-2022-27496, CVE-2022-27488, CVE-2022-27492, CVE-2022-27487, CVE-2022-27493
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Oracle Enterprise Linux has released a security update for olcne to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2023-23649
    Patches
    Oracle Linux ELSA-2023-23649
  • CVE-2022-27491+
    QID: 160705
    Recently Published

    Oracle Enterprise Linux Security Update for istio (ELSA-2023-12355)

    Severity
    Critical4
    Qualys ID
    160705
    Date Published
    May 29, 2023
    Vendor Reference
    ELSA-2023-12355
    CVE Refere