Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for all severities.
Under investigation:
We are researching a detection and will publish one if
it is feasible.
In development:
We are coding a detection and will typically publish it
within a few days.
Recently published:
We have published the detection on the date indicated,
and it will typically be available in the KnowledgeBase
on shared platforms within a day.
Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.
Accellion is exposed to the following vulnerabilities: CVE-2021-27101 - SQL injection via a crafted Host header.
CVE-2021-27102 - OS command execution via a local web service call.
CVE-2021-27103 - SSRF via a crafted POST request.
CVE-2021-27104 - OS command execution via a crafted POST request.
Affected Versions
Accellion File Transfer Appliance versions prior to 9_12_416
QID Detection Logic(Unauthenticated):
This QID extract the version of Accellion from it's web UI.
Affected Versions:
Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions.
QID Detection Logic:
This QID checks the vulnerable version of Operation Bridge Manager.
Affected OS:
Fedora 33
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 33 Update
Affected OS:
Fedora 33
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 33 Update
Affected OS:
Fedora 32
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 32 Update
Includes the following SugarCRM products: Sugar Ultimate, Enterprise, and Professional.
QID detection logic:
QId detects the EOL versions of SugarCRM 8.0.x
Update to the latest version of SugarCRM
Python versions 3.0.0 through 3.9.0 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).
Affected Versions
Python versions 3.0.0 through 3.9.0
QID Detection Logic(Authenticated):
This checks for version information from patchlevel.h file.
Security Fix(es): QEMU: virtiofsd: potential privileged host device access from guest (CVE-2020-35517)
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0711 to address this issue and obtain more information.
Security Fix(es): bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0669 to address this issue and obtain more information.
Security Fix(es): bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625)
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0670 to address this issue and obtain more information.
Security Fix(es): bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625)
Affected Products:
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0671 to address this issue and obtain more information.
Security Fix(es): bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625)
Affected Products:
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0672 to address this issue and obtain more information.
Security Fix(es): bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0691 to address this issue and obtain more information.
Security Fix(es): jenkins: XSS vulnerability in notification bar (CVE-2021-21603) jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604) jenkins: Path traversal vulnerability in agent names (CVE-2021-21605) jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608) jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610) jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611) ant: insecure temporary file vulnerability (CVE-2020-1945) ant: insecure temporary file (CVE-2020-11979) jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602) jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606) jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607) jenkins: Filesystem traversal by privileged users (CVE-2021-21615) jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)
Affected Products:
Red Hat OpenShift Container Platform 4.5 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.5 for RHEL 7 x86_64
Red Hat OpenShift Container Platform for Power 4.5 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for Power 4.5 for RHEL 7 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 8 s390x
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.5 for RHEL 7 s390x
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0429 to address this issue and obtain more information.
Security Fix(es): kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444) kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) kernel: performance counters race condition use-after-free (CVE-2020-14351) kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.1 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.1 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0686 to address this issue and obtain more information.
Security Fix(es): kernel: bad kfree in auditfilter.c may lead to escalation of privilege (CVE-2020-0444) kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0689 to address this issue and obtain more information.
Security Fix(es): jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE)
attacks (CVE-2020-2304)
jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE)
attacks (CVE-2020-2305)
ant: Insecure temporary file vulnerability (CVE-2020-1945)
jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)
jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)
jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)
ant: Insecure temporary file (CVE-2020-11979)
python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)
Affected Products:
Red Hat OpenShift Container Platform 3.11 x86_64
Red Hat OpenShift Container Platform for Power 3.11 ppc64le
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0637 to address this issue and obtain more information.
Security Fix(es): podman: container users permissions are not respected in privileged containers (CVE-2021-20188)
Affected Products:
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0681 to address this issue and obtain more information.
Security Fix(es): podman: container users permissions are not respected in privileged containers (CVE-2021-20188)
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0705 to address this issue and obtain more information.
Security Fix(es): podman: container users permissions are not respected in privileged containers (CVE-2021-20188)
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0706 to address this issue and obtain more information.
Security Fix(es): podman: container users permissions are not respected in privileged containers (CVE-2021-20188)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0710 to address this issue and obtain more information.
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0684-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0679-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP3
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0682-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0683-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0681-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0685-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0663-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0675-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0676-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0659-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Web Scripting 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0674-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Web Scripting 12
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0673-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Server Applications 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0689-1 to address this issue and obtain further details.
Affected OS: EulerOS V2.0SP2
Affected Product:
Oracle Linux 6
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP2
ClickHouse is vulnerable to multiple vulnerabilities
Affected Versions:
Prior to ClickHouse version 19.14.3.3
QID Detection Logic:
This QID uses command clickhouse-client to get the version from the linux system
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP2
Affected Product:
Oracle Linux 7
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP3
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP3
Affected Versions:
All versions between 2016.3.0rc2 and 3002.5
QID Detection Logic:
This authenticated QID detects vulnerable salt-master versions by running the following command: salt-master --versions-report
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP2
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0670-1 to address this issue and obtain further details.
Affected Versions:
Google Chrome Prior to 89.0.4389.72
QID Detection Logic(Authenticated):
This QID checks for vulnerable versions of Google Chrome on Windows, MAC OS, and Linux OS.
Microsoft released the following details and the security updates.
CVE-2021-26855 is a server-side request forgery vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.
CVE-2021-26857 is an insecure deserialization vulnerability in the Unified Messaging service. Insecure deserialization is where untrusted user-controllable data is deserialized by a program.
CVE-2021-26858 and CVE-2021-27065 are post-authentication arbitrary file write vulnerability in Exchange. If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server.
KB Articles associated with this update are: KB5000978, KB5000871
Affected Versions:
Microsoft Exchange Server 2010 Service Pack 3
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 18
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2019 Cumulative Update 8
QID Detection Logic (authenticated):
The QID checks for the version of file Exsetup.exe.
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 7
Affected Product:
Oracle Linux 7
Affected Product:
Oracle Linux 6
Affected Product:
Oracle Linux 7
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Affected OS: EulerOS V2.0SP2
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Affected OS: EulerOS V2.0SP2
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0631-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
SUSE Linux Enterprise Module for Python2 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0630-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0628-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0652-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Web Scripting 12
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0649-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Web Scripting 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0648-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Web Scripting 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0651-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Python2 15-SP3
SUSE Linux Enterprise Module for Python2 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0654-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Web Scripting 12
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0650-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Advanced Systems Management 12
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0627-1 to address this issue and obtain further details.
Affected OS:
Fedora 33
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 33 Update
Affected OS:
Fedora 32
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 32 Update
Affected OS:
Fedora 33
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 33 Update
Affected OS:
Fedora 32
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 32 Update
Affected OS:
Fedora 32
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 32 Update
Affected OS:
Fedora 32
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 32 Update
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0653-1 to address this issue and obtain further details.
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 7
Vulnerable Component: BIG-IP ASM, APM,LTM
Affected Versions:
16.0.0 - 16.0.1
15.1.0 - 15.1.1
14.1.0 - 14.1.3
13.1.0 - 13.1.3
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Vulnerable Component: BIG-IP ASM, APM,LTM
Affected Versions:
16.0.0
15.0.0 - 15.1.0
14.1.0 - 14.1.2
13.1.0 - 13.1.3
12.1.0 - 12.1.5
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Security Fix(es): Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0655 to address this issue and obtain more information.
Security Fix(es): Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
Affected Products:
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0656 to address this issue and obtain more information.
Security Fix(es): Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0659 to address this issue and obtain more information.
Security Fix(es): Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0660 to address this issue and obtain more information.
Security Fix(es): xterm: crash when processing combining characters (CVE-2021-27135)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0650 to address this issue and obtain more information.
Security Fix(es): xterm: crash when processing combining characters (CVE-2021-27135)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0651 to address this issue and obtain more information.
Security Fix(es): Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0657 to address this issue and obtain more information.
Security Fix(es): Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0658 to address this issue and obtain more information.
Security Fix(es): Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
Affected Products:
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0661 to address this issue and obtain more information.
Security Fix(es): Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0662 to address this issue and obtain more information.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0608-1 to address this issue and obtain further details.
CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
CVE-2021-23978: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8
Affected Products :
Prior to Firefox ESR 78.8
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Firefox browser.
CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect
CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect
CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources
CVE-2021-23978: Memory safety bugs fixed in Thunderbird 78.8
Affected Products :
Prior to Thunderbird 78.8
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Firefox browser.
QID Detection Logic (unauthenticated):
The QID sends a GET /login.html request to verify if the TeamCity Server is running. The version extracted is displayed in the results section.
QID Detection Logic (authenticated):
OS: Linux
The QID check for running process to extract the install directory of TeamCity. The BUILD file and JetBrains TeamCity Server are checked to extract the version.
Update to the latest version of JetBrains TeamCity.
QID Detection Logic (unauthenticated):
The QID sends a GET /login.html request to verify if the TeamCity Server is running. The version extracted is displayed in the results section.
QID Detection Logic (authenticated):
OS: Linux
The QID check for running process to extract the install directory of TeamCity. The BUILD file and JetBrains TeamCity Server are checked to extract the version.
Update to the latest version of JetBrains TeamCity.
QID Detection Logic (unauthenticated):
The QID sends a GET /login.html request to verify if the TeamCity Server is running. The version extracted is displayed in the results section.
QID Detection Logic (authenticated):
OS: Linux
The QID check for running process to extract the install directory of TeamCity. The BUILD file and JetBrains TeamCity Server are checked to extract the version.
Update to the latest version of JetBrains TeamCity.
QID Detection Logic (unauthenticated):
The QID sends a GET /login.html request to verify if the TeamCity Server is running. The version extracted is displayed in the results section.
QID Detection Logic (authenticated):
OS: Linux
The QID check for running process to extract the install directory of TeamCity. The BUILD file and JetBrains TeamCity Server are checked to extract the version.
Update to the latest version of JetBrains TeamCity.
QID Detection Logic (unauthenticated):
The QID sends a GET /login.html request to verify if the TeamCity Server is running. The version extracted is displayed in the results section.
QID Detection Logic (authenticated):
OS: Linux
The QID check for running process to extract the install directory of TeamCity. The BUILD file and JetBrains TeamCity Server are checked to extract the version.
Update to the latest version of JetBrains TeamCity.
QID Detection Logic (unauthenticated):
The QID sends a GET /login.html request to verify if the TeamCity Server is running. The version extracted is displayed in the results section.
QID Detection Logic (authenticated):
OS: Linux
The QID check for running process to extract the install directory of TeamCity. The BUILD file and JetBrains TeamCity Server are checked to extract the version.
Update to the latest version of JetBrains TeamCity.
QID Detection Logic (unauthenticated):
The QID sends a GET /login.html request to verify if the TeamCity Server is running. The version extracted is displayed in the results section.
QID Detection Logic (authenticated):
OS: Linux
The QID check for running process to extract the install directory of TeamCity. The BUILD file and JetBrains TeamCity Server are checked to extract the version.
Update to the latest version of JetBrains TeamCity.
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8..
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Affected Versions:
VMware vCenter Server 6.5 prior to build 17590285
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware vCenter Server with build version using web service present on target.
Refer to VMware advisory VMSA-2021-0002 for more information.
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8..
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Affected Versions:
VMware vCenter Server 6.7 prior to build 17138064
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware vCenter Server with build version using web service present on target.
Refer to VMware advisory VMSA-2021-0002 for more information.
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8..
The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.
Affected Versions:
VMware vCenter Server 7.0 prior to build 17327517
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware vCenter Server with build version using web service present on target.
Refer to VMware advisory VMSA-2021-0002 for more information.
A flaw was found in Flatpak. The Flatpak portal D-Bus service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is outside the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-21261 )
</DIV>
Affected Versions:
Cisco AMP for Endpoints Prior to Version 7.3.3
Immunet Prior to Version 7.3.12
QID Detection Logic:
QID checks for the vulnerable version of Cisco AMP and Immunet
CVE-2021-23969: Content Security Policy violation report could have contained the destination of a redirect.
CVE-2021-23970: Multithreaded WASM triggered assertions validating separation of script domains.
CVE-2021-23968: Content Security Policy violation report could have contained the destination of a redirect.
CVE-2021-23974: noscript elements could have led to an HTML Sanitizer bypass.
CVE-2021-23971: A website's Referrer-Policy could have been be overridden, potentially resulting in the full URL being sent as a Referrer.
CVE-2021-23972: HTTP Auth phishing warning was omitted when a redirect is cached.
CVE-2021-23975: about:memory Measure function caused an incorrect pointer operation.
CVE-2021-23973: MediaError message property could have leaked information about cross-origin resources.
CVE-2021-23979: Memory safety bugs fixed in Firefox 86.
Affected Products:
Prior to Firefox ESR 86
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Firefox browser.
Libgcrypt is affected with buffer overflow vulnerability.
Affected Package: Libgcrypt
Affected version : Prior to 1.9.1
A vulnerability in the implementation of an internal file management service for
Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode
that are running Cisco NX-OS Software could allow an unauthenticated,
remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device.
Affected Products
Following Cisco products if they are running Cisco NX-OS Software Release 9.3(5) or Release 9.3(6):
Nexus 3000 Series Switches
Nexus 9000 Series Switches in standalone NX-OS mode
QID Detection Logic(Authenticated):
It checks for vulnerable version of Cisco NX-OS using show version Command.
Customers are advised to refer to cisco-sa-3000-9000-fileaction-QtLzDRy2 for more information.
OpenSLP as used in ESXi has a heap-overflow vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.
Affected Versions:
VMware ESXi 6.5 prior to build 17477841
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Refer to VMware advisory VMSA-2021-0002 for more information.
OpenSLP as used in ESXi has a heap-overflow vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.
Affected Versions:
VMware ESXi 6.7 prior to build 17499825
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Refer to VMware advisory VMSA-2021-0002 for more information.
OpenSLP as used in ESXi has a heap-overflow vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.
Affected Versions:
VMware ESXi 7.0 prior to build 17325551
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Refer to VMware advisory VMSA-2021-0002 for more information.
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an
unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
Affected Products
Following Cisco products if they are running a vulnerable release of Cisco NX-OS Software and have the NX-API configured:
MDS 9000 Series Multilayer Switches (CSCvv92342)
Nexus 3000 Series Switches (CSCvr82908)
Nexus 5500 Platform Switches (CSCvu67365)
Nexus 5600 Platform Switches (CSCvu67365)
Nexus 6000 Series Switches (CSCvu67365)
Nexus 7000 Series Switches (CSCvv92342)
Nexus 9000 Series Switches in standalone NX-OS mode (CSCvr82908)
Note: The NX-API feature is disabled by default.
QID Detection Logic(Authenticated):
It checks for vulnerable version of Cisco NX-OS using show version Command.
A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.
The attacker could view and modify the device configuration.
Customers are advised to refer to cisco-sa-nxos-nxapi-csrf-wRMzWL9z for more information.
A null-pointer-dereference flaw was found in mod_authz_svn of subversion. This flaw allows a remote, unauthenticated attacker to cause a denial of service in some server configurations. The highest threat from this vulnerability is to system availability. (CVE-2020-17525 )
</DIV>
Affected Versions:
Qualys Cloud Agent version prior to 2.1 for Windows
Qualys Cloud Agent version prior to 2.0 for Linux, AIX, MACOS
It is recommended that customers migrate to latest versions of the Qualys Cloud Agent. See Cloud Agent Platform Availability Matrix.
Security Fix(es): xterm: crash when processing combining characters (CVE-2021-27135)
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0611 to address this issue and obtain more information.
Security Fix(es): xterm: crash when processing combining characters (CVE-2021-27135)
Affected Products:
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0617 to address this issue and obtain more information.
Security Fix(es): jenkins: XSS vulnerability in notification bar (CVE-2021-21603) jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604) jenkins: Path traversal vulnerability in agent names (CVE-2021-21605) jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608) jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610) jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611) ant: insecure temporary file vulnerability (CVE-2020-1945) ant: insecure temporary file (CVE-2020-11979) jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602) jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606) jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607) jenkins: Filesystem traversal by privileged users (CVE-2021-21615) jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)
Affected Products:
Red Hat OpenShift Container Platform 4.6 for RHEL 8 x86_64
Red Hat OpenShift Container Platform 4.6 for RHEL 7 x86_64
Red Hat OpenShift Container Platform for Power 4.6 for RHEL 8 ppc64le
Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.6 for RHEL 8 s390x
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0423 to address this issue and obtain more information.
Security Fix(es): stunnel: client certificate not correctly verified when redirect and verifyChain options are used (CVE-2021-20230)
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0618 to address this issue and obtain more information.
Security Fix(es): stunnel: client certificate not correctly verified when redirect and verifyChain options are used (CVE-2021-20230)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0619 to address this issue and obtain more information.
Security Fix(es): stunnel: client certificate not correctly verified when redirect and verifyChain options are used (CVE-2021-20230)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Refer to Red Hat security advisory RHSA-2021:0620 to address this issue and obtain more information.
A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability. (CVE-2019-25013 )
</DIV>Affected Products:
SUSE Linux Enterprise Module for Desktop Applications 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0536-1 to address this issue and obtain further details.
Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code. (CVE-2018-17183 )
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183 . (CVE-2018-17961 )
Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. (CVE-2018-18073 )
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. (CVE-2018-18284 )
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type. (CVE-2018-19134 )
An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used. (CVE-2018-19409 )
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. (CVE-2018-19475 )
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. (CVE-2018-19476 )
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. (CVE-2018-19477 )
A flaw was found in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. (CVE-2019-14811 )
A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. (CVE-2019-14812 )
A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access t
</DIV>The Mozilla Foundation Security Advisory describes these flaws as:
During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. (CVE-2020-15685 )
When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. (CVE-2020-26976 )
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. (CVE-2021-23953 )
Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. (CVE-2021-23954 )
Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. (CVE-2021-23960 )
Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-23964 )
</DIV>A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. (CVE-2020-27825 )
A flaw was found in the Linux kernel's implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the backing store. The highest threat from this vulnerability is to integrity. In addition, this flaw affects the tcmu-runner package, where the affected SCSI command is called. (CVE-2020-28374 )
** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. (CVE-2021-3178 )
A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3347 )
nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348 )
</DIV>The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. (CVE-2016-10228 )
A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability. (CVE-2019-25013 )
A denial of service flaw was found in the way glibc's iconv function handled UCS4 text containing an irreversible character. This flaw causes an application compiled with glibc and using the vulnerable function to terminate with an assertion, resulting in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-29562 )
A signed comparison vulnerability was found in GNU libc in the ARMv7 implementation of memcpy(). The flaw affects the third argument to memcpy() that specifies the number of bytes to copy. An underflow on the third argument could lead to undefined behavior such as out-of-bounds memory write and potentially remote code execution. (CVE-2020-6096 )
</DIV>A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-29599 )
</DIV>Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. (CVE-2015-7697 )
Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. (CVE-2016-9844 )
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution. (CVE-2018-1000035 )
</DIV>Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links. (CVE-2020-36193 )
</DIV>FreePBX is vulnerable to Incorrect Access Control
Affected Versions:
FreePBX 13 prior to v13.0.197.14
FreePBX 14 prior to v14.0.13.12
FreePBX 15 prior to v15.0.16.27
QID Detection Logic:
This QID checks for the vulnerable version of FreePBX by sending get request to admin/config.php
Affected OS:
Fedora 32
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 32 Update
Affected OS:
Fedora 33
Note : The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 33 Update
Affected OS:
Fedora 33
Note : The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 33 Update
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Module for Live Patching 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0532-1 to address this issue and obtain further details.
Affected OS:
Fedora 32
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 32 Update
Affected OS:
Fedora 32
Note : "The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues."
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 32 Update
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0527-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Module for Web Scripting 12
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0522-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0521-1 to address this issue and obtain further details.
FreeBSD has released a security update.
Affected versions:
openssl prior to 1.1.1j,1
openssl-devel prior to 3.0.0a12
QID Detection Logic:(Authenticated)
It checks for versions of the packages to check for the vulnerable packages
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 7
Affected Product:
Oracle Linux 7
Affected Product:
Oracle Linux 6
Oracle Linux 7
Affected Product:
Oracle Linux 8
Affected OS: EulerOS V2.0SP3
Affected OS: EulerOS V2.0SP3
Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. (CVE-2020-1927)
Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by the use of uninitialized value in mod_proxy_ftp. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.(CVE-2020-1934)
Affected Versions:
IBM HTTP Server V9.0.0.0 through 9.0.5.3
IBM HTTP Server V8.5.0.0 through 8.5.5.17
IBM HTTP Server V8.0.0.0 through 8.0.0.15
IBM HTTP Server V7.0.0.0 through 7.0.0.45
QID Detection Logic (Un-Authenticated):
This checks for vulnerable version of IBM HTTP server.
It was discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations.
It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations.
It was discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel.
It was discovered that PowerPC RTAS implementation in the Linux kernel did not properly restrict memory accesses in some situations.
An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093)
An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19813, CVE-2019-19816)
A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2020-25669)
A privileged local attacker could use this to arbitrarily modify kernel memory, potentially bypassing kernel lockdown restrictions. (CVE-2020-27777)
Sugar is a complete CRM solution that automates core sales, customer service and marketing processes, with a focus on the individual.
A RCE (Remote Code Execution) vulnerability has been identified in the Install module. Using a specially crafted request, custom PHP code can be injected through the Install module because of missing input validation. Any user privileges can exploit this vulnerability.
Affected Versions:
SugarCRM 9.0 prior to 9.0.4
SugarCRM 8.0 prior to 8.0.7.
QID detection logic:
This unauthenticated QID checks "sugar_version.json" for vulnerable versions.
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8..
Affected Versions:
VMware vCenter Server 7.0 prior to build 17327517
VMware vCenter Server 6.7 prior to build 17138064
VMware vCenter Server 6.5 prior to build 17590285
QID Detection Logic (Unauthenticated):
This QID is sending POST request to " ui/vropspluginui/rest/services/uploadova" to detect if the target is vulnerable or not .
Refer to VMware advisory VMSA-2021-0002 for more information.
SAP NetWeaver Application Server Java and ABAP are exposed to following vulnerabilities:
Missing Authentication Check In SAP NetWeaver AS JAVA (P2P Cluster Communication) (CVE-2020-26829) Missing Encryption in SAP NetWeaver AS Java (Key Storage Service) (CVE-2020-26816).
Affected Versions
SAP NetWeaver AS JAVA Versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40 , 7.50.
SAP NetWeaver AS ABAP, Versions - 740, 750, 751, 752, 753, 754
QID Detection Logic(s):
Scan initiates HTTP request on Web Server and determines version based on the Server Header.
QID Detection Logic:
QID checks if the login page can be accessible using default credentials (username: admin, password: changeme).
A remote attacker could exploit this to perform sensitive actions and take control over the device.
Customers are advised not to use default credentials for Splunk.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0512-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0492-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0491-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0432-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP3
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0452-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Live Patching 15
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0438-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0437-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0434-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0503-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0504-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Server Applications 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0507-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0488-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0489-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Module for Web Scripting 12
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0498-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0477-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0478-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0479-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0451-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP3
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0446-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0443-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0436-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0440-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Python2 15-SP2
SUSE Linux Enterprise Module for Desktop Applications 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0483-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2021:0435-1 to address this issue and obtain further details.
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP9
Affected OS: EulerOS V2.0SP5
Security Fix(es): subversion: Remote unauthenticated denial of service in mod_authz_svn (CVE-2020-17525)
Affected Products :
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Refer to Red Hat security advisory RHSA-2021:0508 to address this issue and obtain more information.
Security Fix(es): subversion: Remote unauthenticated denial of service in mod_authz_svn (CVE-2020-17525)
Affected Products :
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Refer to Red Hat security advisory RHSA-2021:0509 to address this issue and obtain more information.
It was discovered that XStream was vulnerable to remote code execution.
It was discovered that XStream was vulnerable to server-side forgery attacks.
It was discovered that XStream was vulnerable to arbitrary file deletion on the localhost.
A remote attacker could run arbitrary shell commands by manipulating the processed input stream. (CVE-2020-26217)
A remote attacker could request data from internal resources that are not publicly available only by manipulating the processed input stream. (CVE-2020-26258)
A remote attacker could use this to delete arbitrary known files on the host as long as the executing process had sufficient rights only by manipulating the processed input stream. (CVE-2020-26259)
