Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for all severities.
Disclaimer: The Vulnerability Detection Pipeline is intended to give users an early insight into some of the CVEs the Qualys Research Team is investigating. It may not show all the CVEs that are actively being investigated. Specific CVE feature requests filed via a Qualys Support case may or may not show up on this page. Please reach out to Qualys Support for status of such support cases.
Under investigation:
We are researching a detection and will publish one if
it is feasible.
In development:
We are coding a detection and will typically publish it
within a few days.
Recently published:
We have published the detection on the date indicated,
and it will typically be available in the KnowledgeBase
on shared platforms within a day.
Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.
Affected OS:
Fedora 36
Affected OS:
Fedora 35
Affected OS:
Fedora 34
Affected OS:
Fedora 34
Affected OS:
Fedora 35
Affected OS:
Fedora 36
Affected OS:
Fedora 35
Affected OS:
Fedora 35
Affected OS:
Fedora 34
On affected versions of dotCMS, a pre-auth remote code execution vulnerability was found which was achievable by performing a directory traversal attack during file upload.
Affected versions:
dotCMS versions: 22.01 and below
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to "/api/v1/appconfiguration" endpoint and checks the response body to confirm if the host is running vulnerable version of dotCMS Server.
If upgrading is not possible, please refer to mitigation details mentioned on dotCMS Issue SI-62
CVE-2022-0434: The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks.
Affected Version:
Page View Count plugin versions prior to 2.4.15
QID Detection Logic(Unauthenticated): This unauthenticated detection will send a malicious query to post_ids parameter and tries to fetch the email from the system or detection also depends on the BlindElephant engine to detect the vulnerable version of the Page View Count plugin.
Mozilla Firefox ESR is prone to
CVE-2022-1802: Prototype pollution in Top-Level Await implementation
CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution
Affected Products:
Prior to Firefox ESR 91.9.1
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Firefox browser.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Mozilla Firefox is prone to
CVE-2022-1802: Prototype pollution in Top-Level Await implementation
CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution
Affected Products:
Prior to Firefox 100.0.2
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Firefox browser.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Patch is NOT available for the package.
Affected OS:
Fedora 36
Patch is NOT available for the package.
Affected Products
Cisco devices if they are running Cisco IOS XR Software version 7.3.3
QID Detection Logic (Authenticated):
The check matches Cisco IOS XR version retrieved via Unix Auth using "show version" command, along with a check for docker container with the name NOSi and check for Cisco SMU CSCwb82689
Customers are advised to refer to cisco-sa-iosxr-redis-ABJyE5xK for more information.Workaround:
There are no workarounds that address this vulnerability. However, administrators may choose to perform one of the following mitigations:
Disable SNMP: This vulnerability is exploited by doing an SNMP query of a special MIB OID range. If SNMP is disabled, this vulnerability cannot be exploited. For mitigation of this vulnerability if SNMP is enabled on the device, contact Cisco TAC for assistance with the OIDs.
Configure an access control list: Administrators can also configure an access control list (ACL) on an SNMP community to filter incoming SNMP requests to ensure that SNMP queries are performed only by trusted SNMP clients. For information about configuring ACLs, see the Cisco Guide to Harden Cisco IOS XR Devices.
QID Detection Logic:(Authenticated)
This QID checks for vulnerable version of Microsoft Access Database Engine installed on the target.
QID Detection Logic:(Authenticated)
This QID checks for vulnerable version of Microsoft Access Database Engine installed on the target.
Affected Versions:
Dot CMS versions prior to 22.03, 5.3.8.10, 21.06.7
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable version of Dot CMS by sending a GET request to /api/v1/appconfiguration endpoint.
Vendor has released patch, for more information please refer to SI-62
Workaround:
Affected versions of WordPress Core have multiple vulnerabilities:
CVE-2017-5610 : Press This UI Available to Unauthorized Users
CVE-2017-5611 : WP_Query SQL Injection
CVE-2017-5612 : Cross-Site Scripting (XSS) in posts list table
Affected Versions:
WordPress versions prior to 4.7.2
QID Detection Logic:
This QID checks for vulnerable version of WordPress installed on the target.
Patch is NOT available for the package.
Affected OS:
Fedora 36
Affected OS:
Fedora 35
Affected OS:
Fedora 34
Affected OS:
Fedora 36
Affected OS:
Fedora 35
Affected OS:
Fedora 34
Affected OS:
Fedora 34
Patch is NOT available for the package.
CVE-2016-4437: Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Affected Versions:
Apache Shiro versions prior to 1.2.5
QID Detection Logic(Unauthenticated):
This QID checks for vulnerable Apache Shiro by sending a specially crafted payload for command execution or make a query that will trigger Qualys Periscope detection mechanism.
Patch is NOT available for the package.
CVE-2022-1256: A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links.
Affected versions:
McAfee Agent Prior to 5.7.6
QID Detection Logic(Authenticated):
The QID checks for vulnerable version of McAfee Agent by checking the version information at HKLM\SOFTWARE\McAfee\Agent registry key for 32/64 bit.
The function wp_targeted_link_rel() can be used in a particular way to result in a Stored Cross-Site Scripting (XSS) vulnerability.
Affected Versions:
WordPress versions prior to 5.3.1
QID Detection Logic:
This QID checks for vulnerable version of WordPress installed on the target.
In wp-includes/comment-template.php, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.
Affected Versions:
WordPress versions prior to 5.4.2
QID Detection Logic:
This QID checks for vulnerable version of WordPress installed on the target.
Affected Versions:
VMware Workspace ONE Access (Access) versions 21.08.0.1, 21.08.0.0, 21.10.0.1, and 21.10.0.0
VMware Identity Manager (vIDM) versions 3.3.6, 3.3.5, 3.3.4, and 3.3.3
QID Detection Logic (Authenticated):
This QID checks for vulnerable versions of VMware Identity Manager and VMware Workspace ONE Access with build version on the target.
Refer to VMware advisory VMSA-2022-0014 and VMware KB VM_KB_ 88438 for more information.
Workaround:
Refer to VMware KB KB88433 for more information.
Affected versions of this package are vulnerable to improper authentication. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
Affected Versions:
Joomla 3.0.0 to 3.10.6
Joomla 4.0.0 to 4.1.0
QID Detection Logic:(Unauthenticated)
This QID checks for vulnerable version of Joomla installed on the target.
Affected versions of this package are vulnerable to Information Exposure by showing an error message with the path of the source code of the web application. This is possible by uploading a file with a name of an excess length, triggering the error.
Affected Versions:
Joomla 3.0.0 to 3.10.6
Joomla 4.0.0 to 4.1.0
QID Detection Logic:(Unauthenticated)
This QID checks for vulnerable version of Joomla installed on the target.
Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the Joomla\Archive\Tar::extract() function, as a result of improper verification of the destination path.
Affected Versions:
Joomla 3.0.0 to 3.10.6
Joomla 4.0.0 to 4.1.0
QID Detection Logic:(Unauthenticated)
This QID checks for vulnerable version of Joomla installed on the target.
the kernel packages contain the linux kernel, the core of any linux operating system.
Security Fix(es):Affected Products:
the kernel-rt packages provide the real time linux kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):Affected Products:
Affected Versions:
Zoom Client for Meetings for Windows prior to version 5.9.7
QID Detection Logic:
This authenticated QID detects vulnerable Zoom Client for Windows prior to version 5.9.7
Affected Versions:
Zoom Rooms for Conference Room for Windows prior to version 5.10.0
QID Detection Logic:
This authenticated QID detects vulnerable Zoom Rooms for Windows prior to version 5.10.0
Affected Versions:
Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3
QID Detection Logic:
This authenticated QID detects vulnerable Zoom Plugins for Microsoft Outlook prior to version 5.10.3 on Windows
CVE-2021-34424: Process memory exposure in Zoom Client and other products
CVE-2021-34423:Buffer overflow in Zoom Client and other products
Affected Versions:
Zoom VDI Windows Meeting Clients prior to version 5.9.6
QID Detection Logic:
This authenticated QID detects vulnerable Zoom VDI Windows Meeting Clients prior to version 5.9.6 on Windows
A denial of service and an information disclosure vulnerability exists in .NET 5.0, .NET 6.0 and .NET Core 3.1.
Affected Versions:
PowerShell Version 7.0 Prior to 7.0.11
PowerShell Version 7.2 Prior to 7.2.4
QID Detection Logic: (Authenticated)
Operating System: Windows
The QID checks for vulnerable version of file pwsh.exe and QID checks for vulnerable version of PowerShell Core by running command pwsh --version on linux systems.
NOTE: The Windows check will only work for msi installations.
Affected OS:
Fedora 36
Affected Products
Cisco Expressway Series and Cisco TelePresence VCS prior to version 14.0.7
QID Detection Logic (Unauthenticated):
The check matches version of Cisco TelePresence Video Communication Server Expressway on the exposed banner information under the SIP banner.
Customers are advised to refer to cisco-sa-expressway-filewrite-bsFVwueV for more information.
CVE-2022-1257: Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db.
Affected versions:
McAfee Agent Prior to 5.7.6
QID Detection Logic(Authenticated):
The QID checks for vulnerable version of McAfee Agent by checking the version information at HKLM\SOFTWARE\McAfee\Agent registry key for 32/64 bit and /opt/McAfee/agent/bin/msaconfig in Linux to detect the version.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Affected Versions:
Apple MacOS Monterey version before 12.4
QID Detection Logic:
This QID checks for vulnerable versions of Monterey using sw_vers.
For more information regarding the update can be found at HT213257.
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 35
Affected OS:
Fedora 34
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
the container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):Affected Products:
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 35
Affected OS:
Fedora 36
mozilla firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):Affected Products:
the gzip packages contain the gzip (gnu zip) data compression utility.
Gzip is used to compress regular files.
It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.
Affected Products:
mozilla thunderbird is a standalone mail and newsgroup client.
Security Fix(es):Affected Products:
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 34
Affected OS:
Fedora 36
this is a kernel live patch module which is automatically loaded by the rpm post-install script to modify the code of a running kernel.
Security Fix(es):Affected Products:
Traffic is disrupted while the bd process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.
Vulnerable Component:
BIG-IP APM,ASM
Affected Versions:
16.1.0 - 16.1.2
15.1.0 - 15.1.4
14.1.0 - 14.1.4
13.1.0 - 13.1.4
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Traffic is disrupted while the Traffic Management Microkernel (TMM) process restarts. This vulnerability allows a remote attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only. CGNAT deployments are more likely to be affected. VCMP guests running on embedded Packet Velocity Acceleration (ePVA) platforms provisioned with only 2 CPU cores are not vulnerable.
Vulnerable Component:
BIG-IP APM,ASM,LTM
Affected Versions:
16.1.0 - 16.1.2
15.1.0 - 15.1.5
14.1.0 - 14.1.4
13.1.0 - 13.1.4
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.
Vulnerable Component:
BIG-IP APM,ASM,LTM
Affected Versions:
16.1.0 - 16.1.2
15.1.0 - 15.1.4
14.1.0 - 14.1.4
13.1.0 - 13.1.5
12.1.0 - 12.1.6
11.6.1 - 11.6.5
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
System performance can degrade until the process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.
Vulnerable Component: BIG-IP APM,ASM,LTM
Affected Versions:
16.1.0 - 16.1.2
15.1.0 - 15.1.4
14.1.0 - 14.1.4
13.1.0 - 13.1.4
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 36
subversion (svn) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.
Security Fix(es):Affected Products:
.net is a managed-software framework.
It implements a subset of the .net framework apis and several new apis, and it includes a clr implementation.
Affected Products:
the rsync utility enables the users to copy and synchronize files locally or across a network.
Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files.
The rsync utility is also used as a mirroring tool.
Affected Products:
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Affected OS:
Fedora 34
An attacker may exploit this vulnerability by causing an authenticated user granted the Administrator role to send a crafted URL that is then reflected back and executed by the user's web browser. If successful, an attacker can run JavaScript in the context of the currently logged-in user. In the case of an administrative user with access to the Advanced Shell (bash), an attacker can leverage successful exploitation of this vulnerability to compromise the BIG-IP system. This is a control plane issue; there is no data plane exposure.
Vulnerable Component:
BIG-IP APM
Affected Versions:
16.1.0 - 16.1.2
15.1.0 - 15.1.5
14.1.0 - 14.1.4
13.1.0.8 - 13.1.5
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Affected OS:
Fedora 36
Affected OS:
Fedora 36
Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):Affected Products:
Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):Affected Products:
Following security issues are observed :
A use after free issue was addressed with improved memory management.
CVE-2022-26702
A memory corruption issue was addressed with improved input validation.
CVE-2022-26751
An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2022-26736
An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2022-26763
A memory corruption issue was addressed with improved state management.
CVE-2022-26744
An integer overflow issue was addressed with improved input validation.
CVE-2022-26711
A race condition was addressed with improved locking.
CVE-2022-26701
A memory corruption issue was addressed with improved state management.
CVE-2022-26768
A memory corruption issue was addressed with improved state management.
CVE-2022-26771
A memory corruption issue was addressed with improved validation.
CVE-2022-26714
A use after free issue was addressed with improved memory management.
CVE-2022-26757
A memory corruption issue was addressed with improved validation.
CVE-2022-26764
A race condition was addressed with improved state handling.
CVE-2022-26765
An access issue was addressed with additional sandbox restrictions on third-party applications.
CVE-2022-26706
A use after free issue was addressed with improved memory management.
CVE-2022-23308
Notes
Available for
This issue was addressed with improved checks.
CVE-2022-22673
A logic issue was addressed with improved state management.
CVE-2022-26731
A certificate parsing issue was addressed with improved checks.
CVE-2022-26766
An authorization issue was addressed with improved state management.
CVE-2022-26703
A memory corruption issue was addressed with improved state management.
WebKit Bugzilla
A use after free issue was addressed with improved memory management.
WebKit Bugzilla
A memory corruption issue was addressed with improved state management.
WebKit Bugzilla
A logic issue in the handling of concurrent media was addressed with improved state handling.
WebKit Bugzilla
A memory corruption issue was addressed with improved validation.
CVE-2022-26745
A memory corruption issue was addressed with improved state management.
CVE-2022-26760
This issue was addressed with improved checks.
CVE-2015-4142
A memory corruption issue was addressed with improved memory handling.
CVE-2022-26762
Affected Devices
iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Affected Versions:
vRealize Automation version prior to 8.1.0 build 18457068
vRealize Automation version prior to 8.2.0 build 18430722
vRealize Automation version prior to 8.3.0 build 18430451
QID Detection Logic(Authenticated):
This QID checks for vulnerable versions of VMware vRealize Log Insight Automation.
Affected Versions:
Apple MacOS Big Sur version before 11.6.6
QID Detection Logic:
This QID checks for vulnerable version of Big sur.
For more information regarding the update can be found at HT213256.
Affected versions:
Prior to Apple macOS Security Update 2022-004 Catalina.
QID Detection Logic (Authenticated):
This QID looks for the missing security patches from Catalina
More information regarding the update can be found at HT213255.
Citrix Virtual Apps and Desktops 7 1903,1906,and 1909 has reached its end of life on 28-Mar 2019, 29-Jul 2019 and 19-Sep-2019
Affected Versions:
Citrix Virtual Apps and Desktops 7 1903
Citrix Virtual Apps and Desktops 7 1906
Citrix Virtual Apps and Desktops 7 1909
QID Detection Logic (Authenticated)
This checks for vulnerable version of Citrix Virtual Apps and Desktops.
Affected versions:
Apple Safari Versions Prior to 15.5
QID Detection Logic (Authenticated)
This QID checks for vulnerable versions of Apple Safari.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
CVE-2022-24765: On multi-user machines Git users might find themselves unexpectedly in a Git worktree
CVE-2022-26747: An app may be able to gain elevated privileges
Affected Versions:
Apple Xcode all versions prior to 13.4
Note: Xcode 13.4 is only available for: macOS Monterey 12 or later
QID Detection Logic (Authenticated): This checks for vulnerable versions of Apple Xcode under the Apple System Information.
Download XCode from here
For more information please refer to HT213261
CVE-2022-0778:The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli
Affected Products:
FortiManager Versions 6.2.0 through 6.2.9
FortiManager Versions 6.4.0 through 6.4.7
FortiManager Versions7.0.0 through 7.0.3
FortiAnalyzer Versions 6.2.0 through 6.2.9
FortiAnalyzer Versions 6.4.0 through 6.4.7
FortiAnalyzer Versions7.0.0 through 7.0.3
QID Detection Logic(Authenticated):
QID will fire the command to get system status and will match the affected versions.
Customers are advised to refer to FG-IR-22-059 for more information.
CVE-2022-23852:Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23990:Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Affected Versions:
IBM DB2 prior to V9.7 FP11
IBM DB2 prior to V10.1 FP6
IBM DB2 prior to V10.5 FP11
IBM DB2 prior to V11.1.4 FP 7
QID Detection Logic:
Authenticated (DB2):
This QID queries the DB2 server to get the server version and fix pack level and checks to see if it's vulnerable.
Authenticated (Windows): This QID checks for vulnerable version of DB2 on windows OS
Please refer to the following links 6573293
Affected Versions:
16.1.0 - 16.1.2
15.1.0 - 15.1.5
14.1.0 - 14.1.4
13.1.0 - 13.1.4
12.1.0 - 12.1.6
11.6.1 - 11.6.5
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Following security issues were discovered:
CVE-2021-30339,CVE-2021-30341,CVE-2021-30347,CVE-2021-30342,CVE-2021-30343,CVE-2021-35112,CVE-2021-35081 ,CVE-2021-0707,CVE-2021-39800,CVE-2021-39801,CVE-2021-39802,CVE-2021-30350,CVE-2021-30344,CVE-2021-30340,CVE-2021-30334,CVE-2021-35130,CVE-2021-39807,CVE-2021-39662,CVE-2022-20004,CVE-2022-20005,CVE-2022-20006,CVE-2022-20007,CVE-2022-20113,CVE-2022-20114,CVE-2022-20116,CVE-2022-20010,CVE-2022-20011,CVE-2022-20115,CVE-2021-39670,CVE-2022-20112 ,CVE-2021-1020,CVE-2021-1021,CVE-2021-39700
Affected Products :
Galaxy Fold, Galaxy Fold 5G, Galaxy Z Fold2, Galaxy Z Fold2 5G, Galaxy Z Fold3 5G, Galaxy Z Flip, Galaxy Z Flip 5G, Galaxy Z Flip3 5G
Galaxy S10 5G, Galaxy S10 Lite
Galaxy S20, Galaxy S20 5G, Galaxy S20+, Galaxy S20+ 5G, Galaxy S20 Ultra, Galaxy S20 Ultra 5G, Galaxy S20 FE, Galaxy S20 FE 5G, Galaxy S21 5G, Galaxy S21+ 5G, Galaxy S21 Ultra 5G, Galaxy S21 FE 5G, Galaxy S22, Galaxy S22+, Galaxy S22 Ultra
Galaxy Note10, Galaxy Note10 5G, Galaxy Note10+, Galaxy Note10+ 5G, Galaxy Note10 Lite, Galaxy Note20, Galaxy Note20 5G, Galaxy Note20 Ultra, Galaxy Note20 Ultra 5G
Enterprise Models: Galaxy A52, Galaxy A52 5G, Galaxy A52s 5G, Galaxy A53 5G, Galaxy XCover4s, Galaxy Xcover FieldPro, Galaxy Xcover Pro, Galaxy Xcover5
Following security issues were discovered:
CVE-2021-35081,CVE-2021-0694, CVE-2021-39795, CVE-2021-39803, CVE-2021-39804, CVE-2021-39794, CVE-2021-39796, CVE-2021-39808, CVE-2021-39809, CVE-2021-30334, CVE-2021-35130, CVE-2021-0707, CVE-2021-39800, CVE-2021-39801, CVE-2021-39776,CVE-2021-39771, CVE-2021-35071, CVE-2021-39739, CVE-2021-39741, CVE-2021-39748, CVE-2021-39759, CVE-2021-39760, CVE-2021-39762, CVE-2021-39763, CVE-2021-39764, CVE-2021-39774, CVE-2021-39777, CVE-2021-39781, CVE-2021-39746, CVE-2021-39757, CVE-2021-39786
Affected Devices :
HUAWEI P series: P30 Pro, P30, P20 Pro, P20
HUAWEI Mate series: Mate 20 X, Mate 20 Pro, Mate 20, Mate 20 RS, Mate 10 Pro, Mate 10, PORSCHE DESIGN HUAWEI Mate RS
Following security issues were discovered:
CVE-2022-20118,CVE-2022-20121,CVE-2022-20119,CVE-2022-20117,CVE-2021-4083,CVE-2022-20120,CVE-2021-35092,CVE-2021-35085,CVE-2021-35084,CVE-2021-35079,CVE-2021-35098
Affected Products :
Pixel 4 XL, Pixel 4, Pixel 3a XL, Pixel 3a, Pixel 3 XL, Pixel 3, Pixel 2 XL, Pixel 2
Following security issues were discovered:
CVE-2021-39700,CVE-2021-39662,CVE-2021-35080,CVE-2022-20011,CVE-2022-20010,CVE-2021-35087,CVE-2021-35086,CVE-2022-20109,CVE-2022-22064,CVE-2022-22065,CVE-2022-22068,CVE-2021-35116,CVE-2021-35072,CVE-2021-35073,CVE-2021-35076,CVE-2021-35078,CVE-2022-22072,CVE-2021-39670,CVE-2022-20004,CVE-2022-20005,CVE-2021-35090,CVE-2021-22600,CVE-2021-35096,CVE-2021-35094,CVE-2022-20008,CVE-2022-20009,CVE-2022-20084,CVE-2022-20114,CVE-2022-20115,CVE-2022-20112,CVE-2022-20113,CVE-2022-20110,CVE-2022-20116,CVE-2022-22057,CVE-2022-20007,CVE-2022-0847
Patch is NOT available for the package.
Affected OS:
Fedora 35
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
Affected Versions:
VMware Cloud Director versions before 10.3.3
VMware Cloud Director versions before 10.2.2.3
VMware Cloud Director versions before 10.1.4.1
QID Detection Logic (Authenticated):
This QID checks for vulnerable versions of VMware Cloud Director with build version on the target.
Refer to VMware advisory VMSA-2022-0013
Workaround:
Refer to VMware KB VM_KB_ 88176 for more information.
Affected Version:
All versions prior to 14.8.6
All versions from 14.9 prior to 14.9.4
All versions from 14.10 prior to 14.10.1
QID Detection Logic:(Authenticated)
It fires gitlab-rake gitlab:env:info command to check vulnerable version of GitLab.
Affected versions:
GeForce All versions prior to 512.77 on R510 Driver Branch
Studio All drivers on R510 Driver Branch
NVIDIA RTX/Quadro, NVS All driver versions prior to 473.47 on R510 Driver Branch
NVIDIA RTX/Quadro, NVS All driver versions prior to 512.78 on R470 Driver Branch
Tesla All driver versions on R510 Driver Branch
Tesla All driver versions prior to 473.47 on R470 Driver Branch
Tesla All driver versions prior to 453.51 on R450 Driver Branch
QID detection logic (authenticated):
The QID checks for vulnerable versions of nvcpl.dll.
Customers are advised to refer NVIDIA Driver Downloads for more information related to these vulnerabilities.
Patch is NOT available for the package.
Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow an attacker with access to the configuration or the backup file to decrypt the sensitive data via knowledge of the hard-coded key.
Affected Versions:
Affected Products
FortiClientWindows version 6.0.X
FortiClientWindows version 6.2.X
FortiClientWindows version 6.4.0 through 6.4.6
FortiClientWindows version 7.0.0 through 7.0.2
QID Detection Logic (Authenticated) :
This checks for vulnerable version of FortiClient.exe.
AFFECTED PRODUCTS
The following versions of WebAccess/SCADA, a SCADA software platform, are affected:
WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1.
QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys
Customers are advised to refer to CERT MITIGATIONS section ICSA-18-352-02 for affected packages and patching details.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
AFFECTED PRODUCTS
The following versions of V-Server, a data collection and management service, are affected:
V-Server 4.0.3.0 and prior.
QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys
Customers are advised to refer to CERT MITIGATIONS section ICSA-18-254-01 for affected packages and patching details.
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Affected OS:
Fedora 35
Affected OS:
Fedora 34
Affected OS:
Fedora 35
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
Patch is NOT available for the package.
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
Affected OS:
Fedora 34
Affected OS:
Fedora 35
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
Patch is NOT available for the package.
Patch is NOT available for the package.
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
