Vulnerability Detection Pipeline

Upcoming and New QIDs

Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for all severities.

Disclaimer: The Vulnerability Detection Pipeline is intended to give users an early insight into some of the CVEs the Qualys Research Team is investigating. It may not show all the CVEs that are actively being investigated. Specific CVE feature requests filed via a Qualys Support case may or may not show up on this page. Please reach out to Qualys Support for status of such support cases.

Detection Status

  • Under investigation: We are researching a detection and will publish one if it is feasible.
  • In development: We are coding a detection and will typically publish it within a few days.
  • Recently published: We have published the detection on the date indicated, and it will typically be available in the KnowledgeBase on shared platforms within a day.

Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.

Last updated:
1400 results
CVE
Title
Severity
  • CVE-2022-26110+
    In Development

    Debian Security Update for condor (DSA 5144-1)

    Severity
    Urgent5
    Qualys ID
    179305
    Vendor Reference
    DSA 5144-1
    CVE Reference
    CVE-2022-26110, CVE-2019-18823
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released a security update for condor to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5144-1 for updates and patch information.
    Patches
    Debian DSA 5144-1
  • CVE-2022-1802+
    In Development

    Debian Security Update for firefox-esr (DSA 5143-1)

    Severity
    Critical4
    Qualys ID
    179304
    Vendor Reference
    DSA 5143-1
    CVE Reference
    CVE-2022-1802, CVE-2022-1529
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for firefox-esr to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5143-1 for updates and patch information.
    Patches
    Debian DSA 5143-1
  • CVE-2022-29824
    In Development

    Debian Security Update for libxml2 (DSA 5142-1)

    Severity
    Serious3
    Qualys ID
    179303
    Vendor Reference
    DSA 5142-1
    CVE Reference
    CVE-2022-29824
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Debian has released a security update for libxml2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5142-1 for updates and patch information.
    Patches
    Debian DSA 5142-1
  • CVE-2022-28919
    In Development

    Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-a66124e04f)

    Severity
    Serious3
    Qualys ID
    282750
    Vendor Reference
    FEDORA-2022-a66124e04f
    CVE Reference
    CVE-2022-28919
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    Fedora has released a security update for php to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-a66124e04f
  • CVE-2022-28919
    In Development

    Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-59f0ad964c)

    Severity
    Serious3
    Qualys ID
    282749
    Vendor Reference
    FEDORA-2022-59f0ad964c
    CVE Reference
    CVE-2022-28919
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    Fedora has released a security update for php to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-59f0ad964c
  • CVE-2022-28919
    In Development

    Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-44f5e9e219)

    Severity
    Serious3
    Qualys ID
    282748
    Vendor Reference
    FEDORA-2022-44f5e9e219
    CVE Reference
    CVE-2022-28919
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    Fedora has released a security update for php to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-44f5e9e219
  • CVE-2022-29155
    In Development

    SUSE Enterprise Linux Security Update for openldap2 (SUSE-SU-2022:1771-1)

    Severity
    Urgent5
    Qualys ID
    752160
    Vendor Reference
    SUSE-SU-2022:1771-1
    CVE Reference
    CVE-2022-29155
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for openldap2 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1771-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1771-1
  • CVE-2022-23218+
    In Development

    Oracle Enterprise Linux Security Update for glibc (ELSA-2022-9421)

    Severity
    Urgent5
    Qualys ID
    159851
    Vendor Reference
    ELSA-2022-9421
    CVE Reference
    CVE-2022-23218, CVE-2022-23219
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Oracle Enterprise Linux has released a security update for glibc to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9421
    Patches
    Oracle Linux ELSA-2022-9421
  • CVE-2022-1729
    In Development

    Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9409)

    Severity
    Critical4
    Qualys ID
    159852
    Vendor Reference
    ELSA-2022-9409
    CVE Reference
    CVE-2022-1729
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle Enterprise Linux has released a security update for unbreakable enterprise kernel to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9409
    Patches
    Oracle Linux ELSA-2022-9409
  • CVE-2022-1729
    In Development

    Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9413)

    Severity
    Critical4
    Qualys ID
    159850
    Vendor Reference
    ELSA-2022-9413
    CVE Reference
    CVE-2022-1729
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle Enterprise Linux has released a security update for unbreakable enterprise kernel-container to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9413
    Patches
    Oracle Linux ELSA-2022-9413
  • CVE-2022-1729
    In Development

    Oracle Enterprise Linux Security Update for unbreakable enterprise kernel-container (ELSA-2022-9412)

    Severity
    Critical4
    Qualys ID
    159849
    Vendor Reference
    ELSA-2022-9412
    CVE Reference
    CVE-2022-1729
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle Enterprise Linux has released a security update for unbreakable enterprise kernel-container to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9412
    Patches
    Oracle Linux ELSA-2022-9412
  • CVE-2022-1729
    In Development

    Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9410)

    Severity
    Critical4
    Qualys ID
    159848
    Vendor Reference
    ELSA-2022-9410
    CVE Reference
    CVE-2022-1729
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle Enterprise Linux has released a security update for unbreakable enterprise kernel to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9410
    Patches
    Oracle Linux ELSA-2022-9410
  • CVE-2022-29117+
    In Development

    Fedora Security Update for dotnet6.0 (FEDORA-2022-256d559f0c)

    Severity
    Critical4
    Qualys ID
    282747
    Vendor Reference
    FEDORA-2022-256d559f0c
    CVE Reference
    CVE-2022-29117, CVE-2022-29145, CVE-2022-23267
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for dotnet6.0 to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-256d559f0c
  • CVE-2022-29117+
    In Development

    Fedora Security Update for dotnet6.0 (FEDORA-2022-d69fee9f38)

    Severity
    Critical4
    Qualys ID
    282746
    Vendor Reference
    FEDORA-2022-d69fee9f38
    CVE Reference
    CVE-2022-29117, CVE-2022-29145, CVE-2022-23267
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for dotnet6.0 to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-d69fee9f38
  • CVE-2022-29117+
    In Development

    Fedora Security Update for dotnet6.0 (FEDORA-2022-9a1d5ea33c)

    Severity
    Critical4
    Qualys ID
    282745
    Vendor Reference
    FEDORA-2022-9a1d5ea33c
    CVE Reference
    CVE-2022-29117, CVE-2022-29145, CVE-2022-23267
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for dotnet6.0 to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-9a1d5ea33c
  • CVE-2022-24903+
    In Development

    Debian Security Update for rsyslog (DLA 3016-1)

    Severity
    Critical4
    Qualys ID
    179302
    Vendor Reference
    DLA 3016-1
    CVE Reference
    CVE-2022-24903, CVE-2018-16881
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for rsyslog to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3016-1 for updates and patch information.
    Patches
    Debian DLA 3016-1
  • CVE-2022-1769+
    In Development

    Fedora Security Update for vim (FEDORA-2022-74b9e404c1)

    Severity
    Serious3
    Qualys ID
    282744
    Vendor Reference
    FEDORA-2022-74b9e404c1
    CVE Reference
    CVE-2022-1769, CVE-2022-1674, CVE-2022-1733
    CVSS Scores
    Base 6.6 / Temporal 5.8
    Description
    Fedora has released a security update for vim to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-74b9e404c1
  • CVE-2022-27405+
    In Development

    Fedora Security Update for freetype (FEDORA-2022-80e1724780)

    Severity
    Urgent5
    Qualys ID
    282743
    Vendor Reference
    FEDORA-2022-80e1724780
    CVE Reference
    CVE-2022-27405, CVE-2022-27404, CVE-2022-27406
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released a security update for freetype to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-80e1724780
  • CVE-2022-27405+
    In Development

    Fedora Security Update for freetype (FEDORA-2022-5e45671294)

    Severity
    Urgent5
    Qualys ID
    282742
    Vendor Reference
    FEDORA-2022-5e45671294
    CVE Reference
    CVE-2022-27405, CVE-2022-27404, CVE-2022-27406
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released a security update for freetype to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-5e45671294
  • CVE-2022-29155
    In Development

    Debian Security Update for openldap (DSA 5140-1)

    Severity
    Urgent5
    Qualys ID
    179300
    Vendor Reference
    DSA 5140-1
    CVE Reference
    CVE-2022-29155
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released a security update for openldap to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5140-1 for updates and patch information.
    Patches
    Debian DSA 5140-1
  • CVE-2022-26352
    In Development

    dotCMS Remote Code Execution Vulnerability (CVE-2022-26352)

    Severity
    Urgent5
    Qualys ID
    150517
    Vendor Reference
    SI-62
    CVE Reference
    CVE-2022-26352
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    dotCMS is an open source content management system written in Java for managing content and content driven sites and applications.

    On affected versions of dotCMS, a pre-auth remote code execution vulnerability was found which was achievable by performing a directory traversal attack during file upload.

    Affected versions:
    dotCMS versions: 22.01 and below

    QID Detection Logic (Unauthenticated):
    This QID sends a HTTP GET request to "/api/v1/appconfiguration" endpoint and checks the response body to confirm if the host is running vulnerable version of dotCMS Server.

    Consequence
    An attacker can upload arbitrary files to the system. By uploading a JSP file to the tomcats root directory, it is possible to achieve code execution, leading to command execution. An attacker can ultimately execute arbitrary commands on the underlying system.

    Solution
    Vendor has released a fix for this vulnerability, Customers are advised to upgrade to dotCMS.

    If upgrading is not possible, please refer to mitigation details mentioned on dotCMS Issue SI-62

    Patches
    SI-62
  • CVE-2017-13735+
    In Development

    SUSE Enterprise Linux Security Update for dcraw (SUSE-SU-2022:1749-1)

    Severity
    Urgent5
    Qualys ID
    752153
    Vendor Reference
    SUSE-SU-2022:1749-1
    CVE Reference
    CVE-2017-13735, CVE-2017-14608, CVE-2018-19655, CVE-2018-5805, CVE-2018-5806, CVE-2018-19567, CVE-2018-19565, CVE-2018-19566, CVE-2021-3624, CVE-2018-19568, CVE-2018-5801
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    SUSE has released a security update for dcraw to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1749-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1749-1
  • CVE-2022-0434
    In Development

    WordPress Plugin Page View Count SQL Injection Vulnerability

    Severity
    Critical4
    Qualys ID
    730497
    Vendor Reference
    Page View Count Release Notes
    CVE Reference
    CVE-2022-0434
    CVSS Scores
    Base 9.8 / Temporal 8.8
    Description
    WordPress Page View Count plugin is simple to set up plugin that gives site visitors and site owners the ability to quickly and easily see how many people have visited that page or post.

    CVE-2022-0434: The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks.

    Affected Version:
    Page View Count plugin versions prior to 2.4.15

    QID Detection Logic(Unauthenticated): This unauthenticated detection will send a malicious query to post_ids parameter and tries to fetch the email from the system or detection also depends on the BlindElephant engine to detect the vulnerable version of the Page View Count plugin.

    Consequence
    Successful exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary SQL queries on the target system.
    Solution
    Customers are requested to update to Page View Count Plugin 2.4.15 or later to mitigate this vulnerability.

    Patches
    Page View Count Release Notes
  • CVE-2021-26342+
    In Development

    SUSE Enterprise Linux Security Update for kernel-firmware (SUSE-SU-2022:1751-1)

    Severity
    Critical4
    Qualys ID
    752158
    Vendor Reference
    SUSE-SU-2022:1751-1
    CVE Reference
    CVE-2021-26342, CVE-2021-26312, CVE-2021-0071, CVE-2021-26348, CVE-2021-33139, CVE-2021-26372, CVE-2021-26349, CVE-2021-26376, CVE-2021-26375, CVE-2021-46744, CVE-2021-26373, CVE-2021-26388, CVE-2021-26378, CVE-2021-26339, CVE-2021-26364, CVE-2021-33155, CVE-2021-26350, CVE-2021-26347
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released a security update for kernel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1751-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1751-1
  • In Development

    SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:1764-1)

    Severity
    Critical4
    Qualys ID
    752159
    Vendor Reference
    SUSE-SU-2022:1764-1
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for suse_enterprise_linux to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1764-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1764-1
  • CVE-2022-21151
    In Development

    SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2022:1744-1)

    Severity
    Critical4
    Qualys ID
    752157
    Vendor Reference
    SUSE-SU-2022:1744-1
    CVE Reference
    CVE-2022-21151
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for ucode-intel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1744-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1744-1
  • CVE-2022-29914+
    In Development

    SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1757-1)

    Severity
    Critical4
    Qualys ID
    752152
    Vendor Reference
    SUSE-SU-2022:1757-1
    CVE Reference
    CVE-2022-29914, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29916, CVE-2022-29917
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for firefox to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1757-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1757-1
  • CVE-2022-21151
    In Development

    SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2022:1747-1)

    Severity
    Critical4
    Qualys ID
    752151
    Vendor Reference
    SUSE-SU-2022:1747-1
    CVE Reference
    CVE-2022-21151
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for ucode-intel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1747-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1747-1
  • CVE-2022-29914+
    In Development

    SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1748-1)

    Severity
    Critical4
    Qualys ID
    752150
    Vendor Reference
    SUSE-SU-2022:1748-1
    CVE Reference
    CVE-2022-29914, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29916, CVE-2022-29917
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for firefox to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1748-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1748-1
  • CVE-2022-1802+
    In Development

    Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2022-19)

    Severity
    Critical4
    Qualys ID
    376626
    Vendor Reference
    MFSA2022-19
    CVE Reference
    CVE-2022-1802, CVE-2022-1529
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.

    Mozilla Firefox ESR is prone to
    CVE-2022-1802: Prototype pollution in Top-Level Await implementation
    CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

    Affected Products:
    Prior to Firefox ESR 91.9.1

    QID Detection Logic (Authenticated) :
    This checks for vulnerable version of Firefox browser.


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Vendor has released fix to address these vulnerabilities. Refer to MFSA2022-19 or later
    Patches
    MFSA2022-19
  • CVE-2022-1802+
    In Development

    Mozilla Firefox Multiple Vulnerabilities (MFSA2022-19)

    Severity
    Critical4
    Qualys ID
    376625
    Vendor Reference
    MFSA2022-19
    CVE Reference
    CVE-2022-1802, CVE-2022-1529
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.

    Mozilla Firefox is prone to
    CVE-2022-1802: Prototype pollution in Top-Level Await implementation
    CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution

    Affected Products:
    Prior to Firefox 100.0.2

    QID Detection Logic (Authenticated) :
    This checks for vulnerable version of Firefox browser.


    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Vendor has released fix to address these vulnerabilities. Refer to MFSA2022-19 or later
    Patches
    MFSA2022-19
  • CVE-2022-29914+
    In Development

    Debian Security Update for thunderbird (DSA 5141-1)

    Severity
    Critical4
    Qualys ID
    179299
    Vendor Reference
    DSA 5141-1
    CVE Reference
    CVE-2022-29914, CVE-2022-29909, CVE-2022-29911, CVE-2022-1520, CVE-2022-29912, CVE-2022-29916, CVE-2022-29917, CVE-2022-29913
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for thunderbird to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5141-1 for updates and patch information.
    Patches
    Debian DSA 5141-1
  • CVE-2022-0492
    In Development

    CentOS Security Update for kernel (CESA-2022:4642)

    Severity
    Critical4
    Qualys ID
    257171
    Vendor Reference
    CESA-2022:4642
    CVE Reference
    CVE-2022-0492
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CentOS has released a security update for kernel security update to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to CentOS security advisory CESA-2022:4642 for updates and patch information.
    Patches
    centos 7 CESA-2022:4642
  • CVE-2022-0492
    In Development

    Oracle Enterprise Linux Security Update for kernel (ELSA-2022-4642)

    Severity
    Critical4
    Qualys ID
    159846
    Vendor Reference
    ELSA-2022-4642
    CVE Reference
    CVE-2022-0492
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Oracle Enterprise Linux has released a security update for kernel security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-4642
    Patches
    Oracle Linux ELSA-2022-4642
  • CVE-2022-28739
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for ruby (9746)

    Severity
    Critical4
    Qualys ID
    901583
    Vendor Reference
    9746
    CVE Reference
    CVE-2022-28739
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for ruby to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-29824+
    In Development

    SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2022:1750-1)

    Severity
    Critical4
    Qualys ID
    752156
    Vendor Reference
    SUSE-SU-2022:1750-1
    CVE Reference
    CVE-2022-29824, CVE-2022-23308
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for libxml2 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP3
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server for SAP Applications 15
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1750-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1750-1
  • CVE-2022-30333
    In Development

    SUSE Enterprise Linux Security Update for unrar (SUSE-SU-2022:1760-1)

    Severity
    Critical4
    Qualys ID
    752155
    Vendor Reference
    SUSE-SU-2022:1760-1
    CVE Reference
    CVE-2022-30333
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for unrar to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1760-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1760-1
  • CVE-2022-29970
    In Development

    Oracle Enterprise Linux Security Update for pcs (ELSA-2022-9416)

    Severity
    Critical4
    Qualys ID
    159847
    Vendor Reference
    ELSA-2022-9416
    CVE Reference
    CVE-2022-29970
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for pcs to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-9416
    Patches
    Oracle Linux ELSA-2022-9416
  • CVE-2022-1769+
    In Development

    Fedora Security Update for vim (FEDORA-2022-d6d1ac4ca7)

    Severity
    Serious3
    Qualys ID
    282741
    Vendor Reference
    FEDORA-2022-d6d1ac4ca7
    CVE Reference
    CVE-2022-1769, CVE-2022-1733
    CVSS Scores
    Base 6.6 / Temporal 5.8
    Description
    Fedora has released a security update for vim to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-d6d1ac4ca7
  • CVE-2021-3611
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (9745)

    Severity
    Serious3
    Qualys ID
    901584
    Vendor Reference
    9745
    CVE Reference
    CVE-2021-3611
    CVSS Scores
    Base 6.5 / Temporal 6
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for qemu-kvm to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-20821
    In Development

    Cisco Internetwork Operating System (IOS) XR Software Health Check Open Port Vulnerability (cisco-sa-iosxr-redis-ABJyE5xK)

    Severity
    Serious3
    Qualys ID
    317189
    Vendor Reference
    cisco-sa-iosxr-redis-ABJyE5xK
    CVE Reference
    CVE-2022-20821
    CVSS Scores
    Base 6.5 / Temporal 6
    Description
    A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container.

    Affected Products
    Cisco devices if they are running Cisco IOS XR Software version 7.3.3

    QID Detection Logic (Authenticated):
    The check matches Cisco IOS XR version retrieved via Unix Auth using "show version" command, along with a check for docker container with the name NOSi and check for Cisco SMU CSCwb82689

    Consequence
    A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.
    Solution

    Customers are advised to refer to cisco-sa-iosxr-redis-ABJyE5xK for more information.Workaround:
    There are no workarounds that address this vulnerability. However, administrators may choose to perform one of the following mitigations:
    Disable SNMP: This vulnerability is exploited by doing an SNMP query of a special MIB OID range. If SNMP is disabled, this vulnerability cannot be exploited. For mitigation of this vulnerability if SNMP is enabled on the device, contact Cisco TAC for assistance with the OIDs.
    Configure an access control list: Administrators can also configure an access control list (ACL) on an SNMP community to filter incoming SNMP requests to ensure that SNMP queries are performed only by trusted SNMP clients. For information about configuring ACLs, see the Cisco Guide to Harden Cisco IOS XR Devices.

    Patches
    cisco-sa-iosxr-redis-ABJyE5xK
  • CVE-2021-28153
    In Development

    SUSE Enterprise Linux Security Update for glib2 (SUSE-SU-2022:1758-1)

    Severity
    Serious3
    Qualys ID
    752154
    Vendor Reference
    SUSE-SU-2022:1758-1
    CVE Reference
    CVE-2021-28153
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    SUSE has released a security update for glib2 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1758-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1758-1
  • CVE-2020-16116+
    In Development

    Debian Security Update for ark (DLA 3015-1)

    Severity
    Medium2
    Qualys ID
    179301
    Vendor Reference
    DLA 3015-1
    CVE Reference
    CVE-2020-16116, CVE-2020-24654
    CVSS Scores
    Base 3.3 / Temporal 2.9
    Description
    Debian has released a security update for ark to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3015-1 for updates and patch information.
    Patches
    Debian DLA 3015-1
  • In Development

    EOL/Obsolete Software: Microsoft Access Database Engine 2007 Detected

    Severity
    Urgent5
    Qualys ID
    106060
    Vendor Reference
    Access Database Engine 2007
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    Microsoft Access Database Engine technology allows for the communication and data exchange between files that are proprietary to the Microsoft Office package and other applications. Support for Access Database Engine 2007 ended on Oct 10, 2017

    QID Detection Logic:(Authenticated)
    This QID checks for vulnerable version of Microsoft Access Database Engine installed on the target.

    Consequence
    The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.
    Solution
    Customer are advised to update Microsoft Access Database Engine to the latest versions.
    For more information visit Microsoft Access Database Engine
  • In Development

    EOL/Obsolete Software: Microsoft Access Database Engine 2010 Detected

    Severity
    Urgent5
    Qualys ID
    106061
    Vendor Reference
    Access Database Engine 2010
    CVSS Scores
    Base 8.8 / Temporal 8.1
    Description
    Microsoft Access Database Engine technology allows for the communication and data exchange between files that are proprietary to the Microsoft Office package and other applications. Support for Access Database Engine 2010 ended on Oct 13, 2020

    QID Detection Logic:(Authenticated)
    This QID checks for vulnerable version of Microsoft Access Database Engine installed on the target.

    Consequence
    The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.
    Solution
    Customer are advised to update Microsoft Access Database Engine to the latest versions.
    For more information visit Microsoft Access Database Engine
  • CVE-2022-26352
    In Development

    Dot CMS Multipart File Directory Traversal and Remote Code Execution (RCE) Vulnerability

    Severity
    Urgent5
    Qualys ID
    730495
    Vendor Reference
    SI-62
    CVE Reference
    CVE-2022-26352
    CVSS Scores
    Base 10 / Temporal 9
    Description
    When files are uploaded into dotCMS via the content API, but before they become content, dotCMS writes the file down in a temp directory. In the case of this vulnerability, dotCMS does not sanitize the filename passed in via the multipart request header and thus does not sanitize the temp file's name. This allows a specially crafted request to POST files to dotCMS via the ContentResource (POST /api/content) that get written outside of the dotCMS temp directory.

    Affected Versions:
    Dot CMS versions prior to 22.03, 5.3.8.10, 21.06.7

    QID Detection Logic (Unauthenticated):
    This QID checks for vulnerable version of Dot CMS by sending a GET request to /api/v1/appconfiguration endpoint.

    Consequence
    Successful exploitation of the vulnerability may allow an attacker to upload a special .jsp file to the webapp/ROOT directory of dotCMS which can allow for remote code execution. Additionally, if dotCMS is configured "withCONTENT_APIS_ALLOW_ANONYMOUS=WRITE" then this vulnerability is exploitable by Anonymous users.

    Solution

    Vendor has released patch, for more information please refer to SI-62

    Workaround:
    Please refer to SI-62 for workaround information.

    Patches
    SI-62
  • CVE-2017-5610+
    Recently Published

    WordPress Multiple Vulnerabilities (JAN-2017)

    Severity
    Critical4
    Qualys ID
    154110
    Date Published
    May 20, 2022
    Vendor Reference
    WordPress
    CVE Reference
    CVE-2017-5610, CVE-2017-5611, CVE-2017-5612
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.

    Affected versions of WordPress Core have multiple vulnerabilities:
    CVE-2017-5610 : Press This UI Available to Unauthorized Users
    CVE-2017-5611 : WP_Query SQL Injection
    CVE-2017-5612 : Cross-Site Scripting (XSS) in posts list table

    Affected Versions:
    WordPress versions prior to 4.7.2

    QID Detection Logic:
    This QID checks for vulnerable version of WordPress installed on the target.

    Consequence
    Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary SQL queries, JavaScript code and allows UI access to unauthorized users.

    Solution
    Upgrade the WordPress to new version.
    Patches
    WordPress
  • CVE-2021-3669+
    Recently Published

    Rocky Linux Security Update for kernel (RLSA-2022:1988)

    Severity
    Urgent5
    Qualys ID
    960134
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:1988
    CVE Reference
    CVE-2021-3669, CVE-2021-4002, CVE-2021-21781, CVE-2021-3752, CVE-2021-3612, CVE-2021-3773, CVE-2021-3772
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:1988 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:1988
  • CVE-2021-3669+
    Recently Published

    Rocky Linux Security Update for kernel-rt (RLSA-2022:1975)

    Severity
    Urgent5
    Qualys ID
    960132
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:1975
    CVE Reference
    CVE-2021-3669, CVE-2021-4002, CVE-2021-3752, CVE-2021-3612, CVE-2021-3773, CVE-2021-3772
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Rocky Linux has released a security update for kernel-rt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:1975 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:1975
  • CVE-2019-9959+
    Recently Published

    SUSE Enterprise Linux Security Update for poppler (SUSE-SU-2022:1724-1)

    Severity
    Urgent5
    Qualys ID
    752148
    Date Published
    May 19, 2022
    Vendor Reference
    SUSE-SU-2022:1724-1
    CVE Reference
    CVE-2019-9959, CVE-2019-14494, CVE-2019-9631, CVE-2019-10872, CVE-2020-27778, CVE-2019-10871, CVE-2019-7310, CVE-2019-9903
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for poppler to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1724-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1724-1
  • CVE-2019-9959+
    Recently Published

    SUSE Enterprise Linux Security Update for poppler (SUSE-SU-2022:1723-1)

    Severity
    Urgent5
    Qualys ID
    752145
    Date Published
    May 19, 2022
    Vendor Reference
    SUSE-SU-2022:1723-1
    CVE Reference
    CVE-2019-9959, CVE-2019-14494, CVE-2019-9631, CVE-2019-10872, CVE-2020-27778, CVE-2019-10871, CVE-2019-7310, CVE-2019-9903
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for poppler to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1723-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1723-1
  • CVE-2021-30889+
    Recently Published

    Rocky Linux Security Update for webkit2gtk3 (RLSA-2022:1777)

    Severity
    Critical4
    Qualys ID
    960138
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:1777
    CVE Reference
    CVE-2021-30889, CVE-2021-30818, CVE-2021-30888, CVE-2021-30884, CVE-2021-30890, CVE-2021-30809, CVE-2021-30887, CVE-2021-30836, CVE-2021-30823
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Rocky Linux has released a security update for webkit2gtk3 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:1777 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:1777
  • CVE-2021-30560
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for libxslt (9738)

    Severity
    Critical4
    Qualys ID
    901582
    Vendor Reference
    9738
    CVE Reference
    CVE-2021-30560
    CVSS Scores
    Base 8.8 / Temporal 8.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for libxslt to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1227
    In Development

    Oracle Enterprise Linux Security Update for container-tools:3.0 (ELSA-2022-2143)

    Severity
    Critical4
    Qualys ID
    159840
    Vendor Reference
    ELSA-2022-2143
    CVE Reference
    CVE-2022-1227
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Oracle Enterprise Linux has released a security update for container-tools:3.0 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2143
    Patches
    Oracle Linux ELSA-2022-2143
  • CVE-2022-27781+
    Recently Published

    SUSE Enterprise Linux Security Update for curl (SUSE-SU-2022:1733-1)

    Severity
    Critical4
    Qualys ID
    752149
    Date Published
    May 19, 2022
    Vendor Reference
    SUSE-SU-2022:1733-1
    CVE Reference
    CVE-2022-27781, CVE-2022-27782
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for curl to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1733-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1733-1
  • CVE-2022-21151
    Recently Published

    SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2022:1728-1)

    Severity
    Critical4
    Qualys ID
    752147
    Date Published
    May 19, 2022
    Vendor Reference
    SUSE-SU-2022:1728-1
    CVE Reference
    CVE-2022-21151
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for ucode-intel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1728-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1728-1
  • CVE-2022-21151
    Recently Published

    SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2022:1732-1)

    Severity
    Critical4
    Qualys ID
    752146
    Date Published
    May 19, 2022
    Vendor Reference
    SUSE-SU-2022:1732-1
    CVE Reference
    CVE-2022-21151
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for ucode-intel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1732-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1732-1
  • CVE-2022-29916+
    Recently Published

    SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2022:1731-1)

    Severity
    Critical4
    Qualys ID
    752144
    Date Published
    May 19, 2022
    Vendor Reference
    SUSE-SU-2022:1731-1
    CVE Reference
    CVE-2022-29916, CVE-2022-29917, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for firefox to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1731-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1731-1
  • CVE-2022-21151
    Recently Published

    SUSE Enterprise Linux Security Update for ucode-intel (SUSE-SU-2022:1727-1)

    Severity
    Critical4
    Qualys ID
    752143
    Date Published
    May 19, 2022
    Vendor Reference
    SUSE-SU-2022:1727-1
    CVE Reference
    CVE-2022-21151
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for ucode-intel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP4
    SUSE Linux Enterprise Server Basesystem 15 SP3
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1727-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1727-1
  • CVE-2022-29181
    In Development

    Fedora Security Update for rubygem (FEDORA-2022-0071328464)

    Severity
    Critical4
    Qualys ID
    282740
    Vendor Reference
    FEDORA-2022-0071328464
    CVE Reference
    CVE-2022-29181
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for rubygem to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-0071328464
  • CVE-2022-29181
    In Development

    Fedora Security Update for rubygem (FEDORA-2022-e9b2e1c1ac)

    Severity
    Critical4
    Qualys ID
    282739
    Vendor Reference
    FEDORA-2022-e9b2e1c1ac
    CVE Reference
    CVE-2022-29181
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for rubygem to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-e9b2e1c1ac
  • CVE-2022-29181
    In Development

    Fedora Security Update for rubygem (FEDORA-2022-0e5d64ce65)

    Severity
    Critical4
    Qualys ID
    282738
    Vendor Reference
    FEDORA-2022-0e5d64ce65
    CVE Reference
    CVE-2022-29181
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for rubygem to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-0e5d64ce65
  • CVE-2022-26491
    In Development

    Fedora Security Update for pidgin (FEDORA-2022-4490dce823)

    Severity
    Critical4
    Qualys ID
    282737
    Vendor Reference
    FEDORA-2022-4490dce823
    CVE Reference
    CVE-2022-26491
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for pidgin to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-4490dce823
  • CVE-2022-26491
    In Development

    Fedora Security Update for pidgin (FEDORA-2022-4759ca6476)

    Severity
    Critical4
    Qualys ID
    282736
    Vendor Reference
    FEDORA-2022-4759ca6476
    CVE Reference
    CVE-2022-26491
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for pidgin to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-4759ca6476
  • CVE-2022-26491
    In Development

    Fedora Security Update for pidgin (FEDORA-2022-52777fea3c)

    Severity
    Critical4
    Qualys ID
    282735
    Vendor Reference
    FEDORA-2022-52777fea3c
    CVE Reference
    CVE-2022-26491
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for pidgin to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-52777fea3c
  • CVE-2022-21136+
    In Development

    Fedora Security Update for microcode_ctl (FEDORA-2022-e718888c8b)

    Severity
    Critical4
    Qualys ID
    282734
    Vendor Reference
    FEDORA-2022-e718888c8b
    CVE Reference
    CVE-2022-21136, CVE-2022-21131, CVE-2022-21151, CVE-2022-0005
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for microcode_ctl to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-e718888c8b
  • CVE-2022-24903
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for rsyslog (9739)

    Severity
    Critical4
    Qualys ID
    901581
    Vendor Reference
    9739
    CVE Reference
    CVE-2022-24903
    CVSS Scores
    Base 8.1 / Temporal 7.4
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for rsyslog to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2016-4437
    In Development

    Apache Shiro Remote Code Execution (RCE) Vulnerability

    Severity
    Critical4
    Qualys ID
    730496
    Vendor Reference
    Apache Shiro Advisory
    CVE Reference
    CVE-2016-4437
    CVSS Scores
    Base 8.1 / Temporal 7.3
    Description
    Apache Shiro is an open source software security framework that performs authentication, authorization, cryptography and session management.

    CVE-2016-4437: Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

    Affected Versions:
    Apache Shiro versions prior to 1.2.5

    QID Detection Logic(Unauthenticated): This QID checks for vulnerable Apache Shiro by sending a specially crafted payload for command execution or make a query that will trigger Qualys Periscope detection mechanism.

    Consequence
    Successful exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary command on the target system.
    Solution
    Upgrade to Apache Shiro 1.2.5 or later to remediate this vulnerability.Workaround:
    Either ensure a secret cipher key is configured, or disable the 'remember me' feature.
    Patches
    Apache Shiro Advisory
  • CVE-2022-1616
    In Development

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9740)

    Severity
    Critical4
    Qualys ID
    901580
    Vendor Reference
    9740
    CVE Reference
    CVE-2022-1616
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1256
    In Development

    McAfee Agent Privilege Escalation Vulnerability (SB10382)

    Severity
    Critical4
    Qualys ID
    376618
    Vendor Reference
    SB10382
    CVE Reference
    CVE-2022-1256
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    The McAfee Agent is the distributed component of McAfee ePolicy Orchestrator. It downloads and enforces policies, and executes client-side tasks such as deployment and updating. The Agent also uploads events and provides additional data regarding each system status.

    CVE-2022-1256: A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links.
    Affected versions:
    McAfee Agent Prior to 5.7.6
    QID Detection Logic(Authenticated):
    The QID checks for vulnerable version of McAfee Agent by checking the version information at HKLM\SOFTWARE\McAfee\Agent registry key for 32/64 bit.

    Consequence
    Successful exploitation of this vulnerability may allows a local low privileged user to gain system privileges through running the repair functionality.
    Solution
    Install or update to McAfee Agent 5.7.6 For more details refer SB10382
    Patches
    SB10382
  • CVE-2019-20042
    Recently Published

    WordPress Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2019-20042)

    Severity
    Serious3
    Qualys ID
    154111
    Date Published
    May 20, 2022
    Vendor Reference
    WordPress
    CVE Reference
    CVE-2019-20042
    CVSS Scores
    Base 6.1 / Temporal 5.5
    Description
    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.

    The function wp_targeted_link_rel() can be used in a particular way to result in a Stored Cross-Site Scripting (XSS) vulnerability.

    Affected Versions:
    WordPress versions prior to 5.3.1

    QID Detection Logic:
    This QID checks for vulnerable version of WordPress installed on the target.

    Consequence
    Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.

    Solution
    Upgrade the WordPress to new version.
    Patches
    WordPress
  • CVE-2020-25286
    Recently Published

    WordPress Disclosure of Password-Protected Page/Post Comments Vulnerability (CVE-2020-25286)

    Severity
    Serious3
    Qualys ID
    154112
    Date Published
    May 20, 2022
    Vendor Reference
    WordPress
    CVE Reference
    CVE-2020-25286
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database.

    In wp-includes/comment-template.php, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.

    Affected Versions:
    WordPress versions prior to 5.4.2

    QID Detection Logic:
    This QID checks for vulnerable version of WordPress installed on the target.

    Consequence
    The manipulation as part of a Comment leads to a information disclosure vulnerability.

    Solution
    Upgrade the WordPress to new version.
    Patches
    WordPress
  • CVE-2022-22972+
    Recently Published

    VMware Identity Manager (vIDM) and Workspace ONE Access Multiple Vulnerabilities (VMSA-2022-0014)

    Severity
    Urgent5
    Qualys ID
    376617
    Date Published
    May 20, 2022
    Vendor Reference
    VMSA-2022-0014
    CVE Reference
    CVE-2022-22972, CVE-2022-22973
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    VMware released VMSA-2022-0014, a critical advisory addressing security vulnerabilities found and resolved in VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products.

    Affected Versions:
    VMware Workspace ONE Access (Access) versions 21.08.0.1, 21.08.0.0, 21.10.0.1, and 21.10.0.0
    VMware Identity Manager (vIDM) versions 3.3.6, 3.3.5, 3.3.4, and 3.3.3
    QID Detection Logic (Authenticated):
    This QID checks for vulnerable versions of VMware Identity Manager and VMware Workspace ONE Access with build version on the target.

    Consequence
    Successful exploitation of these vulnerabilities could lead to an authentication bypass vulnerability affecting local domain users and a malicious actor with local access can escalate privileges to 'root'.
    Solution
    VMware has released patches for these vulnerabilities.

    Refer to VMware advisory VMSA-2022-0014 and VMware KB VM_KB_ 88438 for more information.

    Workaround:

    Refer to VMware KB KB88433 for more information.

    Patches
    VMSA-2022-0014
  • CVE-2022-23795
    Recently Published

    Joomla! Core Improper Authentication Vulnerability (CVE-2022-23795)

    Severity
    Urgent5
    Qualys ID
    154109
    Date Published
    May 20, 2022
    Vendor Reference
    [20220303] - Core - User row are not bound to a authentication mechanism
    CVE Reference
    CVE-2022-23795
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Joomla! is a free and open-source content management system for publishing web content on websites.

    Affected versions of this package are vulnerable to improper authentication. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.

    Affected Versions:
    Joomla 3.0.0 to 3.10.6
    Joomla 4.0.0 to 4.1.0

    QID Detection Logic:(Unauthenticated)
    This QID checks for vulnerable version of Joomla installed on the target.

    Consequence
    Successful exploitation of this vulnerability can allow account takeover.

    Solution
    Customers are advised to install latest Joomla version.
    For more information visit Joomla security advisory [20220303].
    Patches
    [20220303]
  • CVE-2022-23794
    Recently Published

    Joomla! Core Information Exposure Vulnerability (CVE-2022-23794)

    Severity
    Medium2
    Qualys ID
    154108
    Date Published
    May 20, 2022
    Vendor Reference
    [20220302] - Core - Path Disclosure
    CVE Reference
    CVE-2022-23794
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    Joomla! is a free and open-source content management system for publishing web content on websites.

    Affected versions of this package are vulnerable to Information Exposure by showing an error message with the path of the source code of the web application. This is possible by uploading a file with a name of an excess length, triggering the error.

    Affected Versions:
    Joomla 3.0.0 to 3.10.6
    Joomla 4.0.0 to 4.1.0

    QID Detection Logic:(Unauthenticated)
    This QID checks for vulnerable version of Joomla installed on the target.

    Consequence
    Successful exploitation would lead to the disclosure of the path of the source code of the web application, which can help the attacker carry out further attacks.

    Solution
    Customers are advised to install latest Joomla version.
    For more information visit Joomla security advisory [20220302].
    Patches
    [20220302] - Core - Path Disclosure
  • CVE-2022-23793
    Recently Published

    Joomla! Core Arbitrary File Write via Archive Extraction (Zip Slip) Vulnerability (CVE-2022-23793)

    Severity
    Critical4
    Qualys ID
    154107
    Date Published
    May 20, 2022
    Vendor Reference
    [20220301] - Core - Zip Slip within the Tar extractor
    CVE Reference
    CVE-2022-23793
    CVSS Scores
    Base 7.5 / Temporal 6.7
    Description
    Joomla! is a free and open-source content management system for publishing web content on websites.

    Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the Joomla\Archive\Tar::extract() function, as a result of improper verification of the destination path.

    Affected Versions:
    Joomla 3.0.0 to 3.10.6
    Joomla 4.0.0 to 4.1.0

    QID Detection Logic:(Unauthenticated)
    This QID checks for vulnerable version of Joomla installed on the target.

    Consequence
    A remote attacker can send a specially crafted archive to the web application and write files outside of the intended path.

    Solution
    Customers are advised to install latest Joomla version.
    For more information visit Joomla security advisory [20220301].
    Patches
    [20220301] - Core - Zip Slip within the Tar extractor
  • CVE-2022-1183
    Recently Published

    Ubuntu Security Notification for Bind Vulnerability (USN-5429-1)

    Severity
    Critical4
    Qualys ID
    198794
    Date Published
    May 19, 2022
    Vendor Reference
    USN-5429-1
    CVE Reference
    CVE-2022-1183
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Ubuntu has released a security update for bind to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5429-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5429-1
  • CVE-2022-1736
    Recently Published

    Ubuntu Security Notification for GNOME Settings Vulnerability (USN-5430-1)

    Severity
    Critical4
    Qualys ID
    198793
    Date Published
    May 19, 2022
    Vendor Reference
    USN-5430-1
    CVE Reference
    CVE-2022-1736
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Ubuntu has released a security update for gnome to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5430-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5430-1
  • CVE-2019-25051
    Recently Published

    Rocky Linux Security Update for aspell (RLSA-2022:1808)

    Severity
    Critical4
    Qualys ID
    960136
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:1808
    CVE Reference
    CVE-2019-25051
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Rocky Linux has released a security update for aspell to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:1808 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:1808
  • CVE-2022-0492
    Recently Published

    Red Hat Update for kernel (RHSA-2022:4642)

    Severity
    Critical4
    Qualys ID
    240356
    Date Published
    May 19, 2022
    Vendor Reference
    RHSA-2022:4642
    CVE Reference
    CVE-2022-0492
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    the kernel packages contain the linux kernel, the core of any linux operating system.

    Security Fix(es):
    • kernel: cgroups v1 release_agent feature may allow privilege escalation (cve-2022-0492)

    Affected Products:

    • Red Hat enterprise linux server 7 x86_64
    • Red Hat enterprise linux workstation 7 x86_64
    • Red Hat enterprise linux desktop 7 x86_64
    • Red Hat enterprise linux for ibm z systems 7 s390x
    • Red Hat enterprise linux for power, big endian 7 ppc64
    • Red Hat enterprise linux for scientific computing 7 x86_64
    • Red Hat enterprise linux for power, little endian 7 ppc64le
    • Red Hat virtualization host 4 for rhel 7 x86_64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4642 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4642
  • CVE-2022-0492
    Recently Published

    Red Hat Update for kernel-rt (RHSA-2022:4644)

    Severity
    Critical4
    Qualys ID
    240355
    Date Published
    May 19, 2022
    Vendor Reference
    RHSA-2022:4644
    CVE Reference
    CVE-2022-0492
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    the kernel-rt packages provide the real time linux kernel, which enables fine-tuning for systems with extremely high determinism requirements.

    Security Fix(es):
    • kernel: cgroups v1 release_agent feature may allow privilege escalation (cve-2022-0492)

    Affected Products:

    • Red Hat enterprise linux for real time 7 x86_64
    • Red Hat enterprise linux for real time for nfv 7 x86_64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4644 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4644
  • CVE-2022-29581
    Recently Published

    Debian Security Update for linux (CVE-2022-29581)

    Severity
    Critical4
    Qualys ID
    179298
    Date Published
    May 19, 2022
    Vendor Reference
    CVE-2022-29581
    CVE Reference
    CVE-2022-29581
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Debian has released a security update for linux to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory CVE-2022-29581 for updates and patch information.
    Patches
    Debian CVE-2022-29581
  • CVE-2022-29117
    Recently Published

    Rocky Linux Security Update for .NET (RLSA-2022:2200)

    Severity
    Critical4
    Qualys ID
    960140
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:2200
    CVE Reference
    CVE-2022-29117
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:2200 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:2200
  • CVE-2022-29117
    Recently Published

    Rocky Linux Security Update for .NET (RLSA-2022:2199)

    Severity
    Critical4
    Qualys ID
    960139
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:2199
    CVE Reference
    CVE-2022-29117
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:2199 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:2199
  • CVE-2022-29117
    Recently Published

    Rocky Linux Security Update for .NET (RLSA-2022:2202)

    Severity
    Critical4
    Qualys ID
    960137
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:2202
    CVE Reference
    CVE-2022-29117
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:2202 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:2202
  • CVE-2020-19131
    Recently Published

    Rocky Linux Security Update for libtiff (RLSA-2022:1810)

    Severity
    Critical4
    Qualys ID
    960131
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:1810
    CVE Reference
    CVE-2020-19131
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for libtiff to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:1810 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:1810
  • CVE-2021-3698
    Recently Published

    Rocky Linux Security Update for cockpit (RLSA-2022:2008)

    Severity
    Critical4
    Qualys ID
    960127
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:2008
    CVE Reference
    CVE-2021-3698
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Rocky Linux has released a security update for cockpit to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:2008 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:2008
  • CVE-2022-23267+
    In Development

    AlmaLinux Security Update for .NET (ALSA-2022:2202)

    Severity
    Critical4
    Qualys ID
    940579
    Vendor Reference
    ALSA-2022:2202
    CVE Reference
    CVE-2022-23267, CVE-2022-29117, CVE-2022-29145
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    AlmaLinux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2022-2202 for updates and patch information.
    Patches
    AlmaLinux ALSA-2022:2202
  • CVE-2018-25032
    In Development

    AlmaLinux Security Update for rsync (ALSA-2022:2201)

    Severity
    Critical4
    Qualys ID
    940578
    Vendor Reference
    ALSA-2022:2201
    CVE Reference
    CVE-2018-25032
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    AlmaLinux has released a security update for rsync to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2022-2201 for updates and patch information.
    Patches
    AlmaLinux ALSA-2022:2201
  • CVE-2022-23267+
    In Development

    AlmaLinux Security Update for .NET (ALSA-2022:2200)

    Severity
    Critical4
    Qualys ID
    940577
    Vendor Reference
    ALSA-2022:2200
    CVE Reference
    CVE-2022-23267, CVE-2022-29117, CVE-2022-29145
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    AlmaLinux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2022-2200 for updates and patch information.
    Patches
    AlmaLinux ALSA-2022:2200
  • CVE-2022-23267+
    In Development

    AlmaLinux Security Update for .NET (ALSA-2022:2199)

    Severity
    Critical4
    Qualys ID
    940576
    Vendor Reference
    ALSA-2022:2199
    CVE Reference
    CVE-2022-23267, CVE-2022-29117, CVE-2022-29145
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    AlmaLinux has released a security update for .NET to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2022-2199 for updates and patch information.
    Patches
    AlmaLinux ALSA-2022:2199
  • CVE-2022-24070
    In Development

    AlmaLinux Security Update for subversion:1.10 (ALSA-2022:2234)

    Severity
    Critical4
    Qualys ID
    940575
    Vendor Reference
    ALSA-2022:2234
    CVE Reference
    CVE-2022-24070
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    AlmaLinux has released a security update for subversion:1.10 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2022-2234 for updates and patch information.
    Patches
    AlmaLinux ALSA-2022:2234
  • CVE-2018-25032
    In Development

    Red Hat Update for zlib (RHSA-2022:4584)

    Severity
    Critical4
    Qualys ID
    240358
    Vendor Reference
    RHSA-2022:4584
    CVE Reference
    CVE-2018-25032
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4584 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4584
  • CVE-2022-29970
    Recently Published

    Red Hat Update for pcs (RHSA-2022:4661)

    Severity
    Critical4
    Qualys ID
    240357
    Date Published
    May 19, 2022
    Vendor Reference
    RHSA-2022:4661
    CVE Reference
    CVE-2022-29970
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4661 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4661
  • CVE-2022-23267+
    In Development

    Oracle Enterprise Linux Security Update for .net 6.0 (ELSA-2022-2199)

    Severity
    Critical4
    Qualys ID
    159845
    Vendor Reference
    ELSA-2022-2199
    CVE Reference
    CVE-2022-23267, CVE-2022-29117, CVE-2022-29145
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for .net 6.0 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2199
    Patches
    Oracle Linux ELSA-2022-2199
  • CVE-2022-23267+
    In Development

    Oracle Enterprise Linux Security Update for .net 5.0 (ELSA-2022-2200)

    Severity
    Critical4
    Qualys ID
    159844
    Vendor Reference
    ELSA-2022-2200
    CVE Reference
    CVE-2022-23267, CVE-2022-29117, CVE-2022-29145
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for .net 5.0 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2200
    Patches
    Oracle Linux ELSA-2022-2200
  • CVE-2018-25032
    In Development

    Oracle Enterprise Linux Security Update for rsync (ELSA-2022-2201)

    Severity
    Critical4
    Qualys ID
    159843
    Vendor Reference
    ELSA-2022-2201
    CVE Reference
    CVE-2018-25032
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for rsync to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2201
    Patches
    Oracle Linux ELSA-2022-2201
  • CVE-2022-24070
    In Development

    Oracle Enterprise Linux Security Update for subversion:1.10 (ELSA-2022-2234)

    Severity
    Critical4
    Qualys ID
    159841
    Vendor Reference
    ELSA-2022-2234
    CVE Reference
    CVE-2022-24070
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for subversion:1.10 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2234
    Patches
    Oracle Linux ELSA-2022-2234
  • CVE-2022-23267+
    In Development

    Oracle Enterprise Linux Security Update for .net core 3.1 (ELSA-2022-2202)

    Severity
    Critical4
    Qualys ID
    159839
    Vendor Reference
    ELSA-2022-2202
    CVE Reference
    CVE-2022-23267, CVE-2022-29117, CVE-2022-29145
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for .net core 3.1 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2202
    Patches
    Oracle Linux ELSA-2022-2202
  • CVE-2022-22782
    In Development

    Zoom Client Local privilege escalation Vulnerability (ZSB-22004)

    Severity
    Critical4
    Qualys ID
    376624
    Vendor Reference
    ZSB-22004 Zoom Client
    CVE Reference
    CVE-2022-22782
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    Zoom provides video communications with a cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems.

    Affected Versions:
    Zoom Client for Meetings for Windows prior to version 5.9.7

    QID Detection Logic:
    This authenticated QID detects vulnerable Zoom Client for Windows prior to version 5.9.7

    Consequence
    Successful exploit may cause integrity, availability and susceptible to a local privilege escalation issues

    Solution
    Customers are advised to upgrade to Zoom Client or later to remediate these vulnerabilities.

    Patches
    ZSB-22004
  • CVE-2022-22782
    In Development

    Zoom Rooms Local privilege escalation Vulnerability (ZSB-22004)

    Severity
    Critical4
    Qualys ID
    376623
    Vendor Reference
    ZSB-22004 Zoom Rooms
    CVE Reference
    CVE-2022-22782
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    Zoom provides video communications with a cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems.

    Affected Versions:
    Zoom Rooms for Conference Room for Windows prior to version 5.10.0

    QID Detection Logic:
    This authenticated QID detects vulnerable Zoom Rooms for Windows prior to version 5.10.0

    Consequence
    Successful exploit may cause integrity, availability and susceptible to a local privilege escalation issues

    Solution
    Customers are advised to upgrade to Zoom Rooms for Conference Room or later to remediate these vulnerabilities.

    Patches
    ZSB-22004
  • CVE-2022-22782
    In Development

    Zoom Plugins for Microsoft Outlook Local Privilege Escalation for Windows (ZSB-22004)

    Severity
    Critical4
    Qualys ID
    376622
    Vendor Reference
    ZSB-22004Zoom Plugins for Microsoft Outlook
    CVE Reference
    CVE-2022-22782
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    Zoom provides video communications with a cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems.

    Affected Versions:
    Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3

    QID Detection Logic:
    This authenticated QID detects vulnerable Zoom Plugins for Microsoft Outlook prior to version 5.10.3 on Windows

    Consequence
    Successful exploit may cause integrity, availability and susceptible to a local privilege escalation issues

    Solution
    Customers are advised to upgrade to Zoom Plugins for Microsoft Outlook or later to remediate these vulnerabilities.

    Patches
    ZSB-22004
  • CVE-2022-22782
    In Development

    Zoom VDI Local privilege escalation Vulnerability (ZSB-22004)

    Severity
    Critical4
    Qualys ID
    376621
    Vendor Reference
    ZSB-22004 Zoom VDI Windows Meeting Clients
    CVE Reference
    CVE-2022-22782
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    Zoom provides video communications with a cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems.

    CVE-2021-34424: Process memory exposure in Zoom Client and other products
    CVE-2021-34423:Buffer overflow in Zoom Client and other products

    Affected Versions:
    Zoom VDI Windows Meeting Clients prior to version 5.9.6

    QID Detection Logic:
    This authenticated QID detects vulnerable Zoom VDI Windows Meeting Clients prior to version 5.9.6 on Windows

    Consequence
    Successful exploit may cause integrity or availability issues

    Solution
    Customers are advised to upgrade to Zoom VDI Windows Meeting Clients 5.9.6 or later to remediate these vulnerabilities.

    Patches
    ZSB-22004
  • CVE-2021-41617
    Recently Published

    Rocky Linux Security Update for openssh (RLSA-2022:2013)

    Severity
    Critical4
    Qualys ID
    960126
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:2013
    CVE Reference
    CVE-2021-41617
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    Rocky Linux has released a security update for openssh to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:2013 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:2013
  • CVE-2022-23267
    In Development

    PowerShell Denial of Service (DoS) Vulnerability

    Severity
    Serious3
    Qualys ID
    376620
    Vendor Reference
    CVE-2022-23267
    CVE Reference
    CVE-2022-23267
    CVSS Scores
    Base 7.5 / Temporal 7
    Description
    PowerShell is a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework..

    A denial of service and an information disclosure vulnerability exists in .NET 5.0, .NET 6.0 and .NET Core 3.1.

    Affected Versions:
    PowerShell Version 7.0 Prior to 7.0.11
    PowerShell Version 7.2 Prior to 7.2.4

    QID Detection Logic: (Authenticated)
    Operating System: Windows
    The QID checks for vulnerable version of file pwsh.exe and QID checks for vulnerable version of PowerShell Core by running command pwsh --version on linux systems.


    NOTE: The Windows check will only work for msi installations.

    Consequence
    Successful exploitation of the vulnerability may allow an attacker to perform denial of service and information disclosure vulnerability on target machine.

    Solution
    Customers are advised to install the latest version of PowerShell which can be in the for more details
    Patches
    CVE-2022-23267
  • CVE-2022-1674
    In Development

    Fedora Security Update for vim (FEDORA-2022-d20b51de9c)

    Severity
    Serious3
    Qualys ID
    282733
    Vendor Reference
    FEDORA-2022-d20b51de9c
    CVE Reference
    CVE-2022-1674
    CVSS Scores
    Base 6.6 / Temporal 5.8
    Description
    Fedora has released a security update for vim to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-d20b51de9c
  • CVE-2021-3634
    Recently Published

    Rocky Linux Security Update for libssh (RLSA-2022:2031)

    Severity
    Serious3
    Qualys ID
    960135
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:2031
    CVE Reference
    CVE-2021-3634
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Rocky Linux has released a security update for libssh to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:2031 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:2031
  • CVE-2022-21658
    In Development

    Oracle Enterprise Linux Security Update for rust-toolset:ol8 (ELSA-2022-1894)

    Severity
    Serious3
    Qualys ID
    159842
    Vendor Reference
    ELSA-2022-1894
    CVE Reference
    CVE-2022-21658
    CVSS Scores
    Base 6.3 / Temporal 5.5
    Description
    Oracle Enterprise Linux has released a security update for rust-toolset:ol8 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1894
    Patches
    Oracle Linux ELSA-2022-1894
  • CVE-2022-20806+
    In Development

    Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities (cisco-sa-expressway-filewrite-bsFVwueV)

    Severity
    Serious3
    Qualys ID
    38865
    Vendor Reference
    cisco-sa-expressway-filewrite-bsFVwueV
    CVE Reference
    CVE-2022-20806, CVE-2022-20807, CVE-2022-20809
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.

    Affected Products
    Cisco Expressway Series and Cisco TelePresence VCS prior to version 14.0.7

    QID Detection Logic (Unauthenticated):
    The check matches version of Cisco TelePresence Video Communication Server Expressway on the exposed banner information under the SIP banner.

    Consequence
    A successful exploit could allow the attacker to read arbitrary files on the underlying operating system at a rate that impacts system performance.

    Solution

    Customers are advised to refer to cisco-sa-expressway-filewrite-bsFVwueV for more information.

    Patches
    cisco-sa-expressway-filewrite-bsFVwueV
  • CVE-2022-1257
    In Development

    McAfee Agent Multiple Insecure Storage Vulnerability (SB10382)

    Severity
    Serious3
    Qualys ID
    376619
    Vendor Reference
    SB10382
    CVE Reference
    CVE-2022-1257
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    The McAfee Agent is the distributed component of McAfee ePolicy Orchestrator. It downloads and enforces policies, and executes client-side tasks such as deployment and updating. The Agent also uploads events and provides additional data regarding each system status.

    CVE-2022-1257: Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db.
    Affected versions:
    McAfee Agent Prior to 5.7.6
    QID Detection Logic(Authenticated):
    The QID checks for vulnerable version of McAfee Agent by checking the version information at HKLM\SOFTWARE\McAfee\Agent registry key for 32/64 bit and /opt/McAfee/agent/bin/msaconfig in Linux to detect the version.

    Consequence
    Successful exploitation of this vulnerability may allow an attacker to steal sensitive information from the target.
    Solution
    Install or update to McAfee Agent 5.7.6 For more details refer SB10382
    Patches
    SB10382
  • CVE-2021-44225
    Recently Published

    Rocky Linux Security Update for keepalived (RLSA-2022:1930)

    Severity
    Serious3
    Qualys ID
    960129
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:1930
    CVE Reference
    CVE-2021-44225
    CVSS Scores
    Base 5.4 / Temporal 4.7
    Description
    Rocky Linux has released a security update for keepalived to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:1930 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:1930
  • CVE-2021-38165
    In Development

    AlmaLinux Security Update for lynx (ALSA-2022:2129)

    Severity
    Serious3
    Qualys ID
    940574
    Vendor Reference
    ALSA-2022:2129
    CVE Reference
    CVE-2021-38165
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    AlmaLinux has released a security update for lynx to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to AlmaLinux security advisory ALSA-2022-2129 for updates and patch information.
    Patches
    AlmaLinux ALSA-2022:2129
  • CVE-2021-33515
    Recently Published

    Rocky Linux Security Update for dovecot (RLSA-2022:1950)

    Severity
    Medium2
    Qualys ID
    960133
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:1950
    CVE Reference
    CVE-2021-33515
    CVSS Scores
    Base 4.8 / Temporal 4.2
    Description
    Rocky Linux has released a security update for dovecot to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:1950 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:1950
  • CVE-2021-44141+
    Recently Published

    Rocky Linux Security Update for samba (RLSA-2022:2074)

    Severity
    Medium2
    Qualys ID
    960130
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:2074
    CVE Reference
    CVE-2021-44141, CVE-2021-20316
    CVSS Scores
    Base 4.3 / Temporal 3.8
    Description
    Rocky Linux has released a security update for samba to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:2074 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:2074
  • CVE-2021-3802
    Recently Published

    Rocky Linux Security Update for udisks2 (RLSA-2022:1820)

    Severity
    Medium2
    Qualys ID
    960125
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:1820
    CVE Reference
    CVE-2021-3802
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Rocky Linux has released a security update for udisks2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:1820 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:1820
  • CVE-2021-3981
    Recently Published

    Rocky Linux Security Update for grub2 (RLSA-2022:2110)

    Severity
    Medium2
    Qualys ID
    960128
    Date Published
    May 19, 2022
    Vendor Reference
    RLSA-2022:2110
    CVE Reference
    CVE-2021-3981
    CVSS Scores
    Base 3.3 / Temporal 2.9
    Description
    Rocky Linux has released a security update for grub2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect confidentiality, integrity, and availability.
    Solution
    Refer to Rocky Linux security advisory RLSA-2022:2110 for updates and patch information.
    Patches
    RockyLinux RLSA-2022:2110
  • CVE-2018-25032+
    In Development

    Apple macOS Monterey 12.4 Not Installed (HT213257)

    Severity
    Urgent5
    Qualys ID
    376612
    Vendor Reference
    HT213257
    CVE Reference
    CVE-2018-25032, CVE-2021-44224, CVE-2021-44790, CVE-2021-45444, CVE-2022-0530, CVE-2022-0778, CVE-2022-22677, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23308, CVE-2022-26693, CVE-2022-26694, CVE-2022-26697, CVE-2022-26698, CVE-2022-26700, CVE-2022-26701, CVE-2022-26704, CVE-2022-26706, CVE-2022-26708, CVE-2022-26709, CVE-2022-26710, CVE-2022-26711, CVE-2022-26712, CVE-2022-26714, CVE-2022-26715, CVE-2022-26716, CVE-2022-26717, CVE-2022-26718, CVE-2022-26719, CVE-2022-26720, CVE-2022-26721, CVE-2022-26722, CVE-2022-26723, CVE-2022-26725, CVE-2022-26726, CVE-2022-26727, CVE-2022-26728, CVE-2022-26731, CVE-2022-26736, CVE-2022-26737, CVE-2022-26738, CVE-2022-26739, CVE-2022-26740, CVE-2022-26741, CVE-2022-26742, CVE-2022-26743, CVE-2022-26745, CVE-2022-26746, CVE-2022-26748, CVE-2022-26749, CVE-2022-26750, CVE-2022-26751, CVE-2022-26752, CVE-2022-26753, CVE-2022-26754, CVE-2022-26755, CVE-2022-26756, CVE-2022-26757, CVE-2022-26761, CVE-2022-26762, CVE-2022-26763, CVE-2022-26764, CVE-2022-26765, CVE-2022-26766, CVE-2022-26767, CVE-2022-26768, CVE-2022-26769, CVE-2022-26770, CVE-2022-26772, CVE-2022-26775, CVE-2022-26776
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    macOS Monterey (version 12) is the 18th and current major release of macOS, Apple's desktop operating system for Macintosh computers.

    Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Affected Versions:
    Apple MacOS Monterey version before 12.4

    QID Detection Logic:
    This QID checks for vulnerable versions of Monterey using sw_vers.

    Consequence
    An application may be able to execute arbitrary code with kernel privileges.
    Solution
    The updates can be downloaded from Apple Downloads.

    For more information regarding the update can be found at HT213257.

    Patches
    HT213257
  • CVE-2022-24883+
    Recently Published

    Fedora Security Update for freerdp (FEDORA-2022-dc48a89918)

    Severity
    Urgent5
    Qualys ID
    282727
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-dc48a89918
    CVE Reference
    CVE-2022-24883, CVE-2022-24882
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released a security update for freerdp to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-dc48a89918
  • CVE-2022-27405+
    Recently Published

    Fedora Security Update for freetype (FEDORA-2022-2dd60f1f00)

    Severity
    Urgent5
    Qualys ID
    282719
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-2dd60f1f00
    CVE Reference
    CVE-2022-27405, CVE-2022-27404, CVE-2022-27406
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released a security update for freetype to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-2dd60f1f00
  • CVE-2022-27405+
    Recently Published

    Fedora Security Update for mingw (FEDORA-2022-7ece4f6d74)

    Severity
    Urgent5
    Qualys ID
    282716
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-7ece4f6d74
    CVE Reference
    CVE-2022-27405, CVE-2022-27404, CVE-2022-27406
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released a security update for mingw to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-7ece4f6d74
  • CVE-2022-29502+
    Recently Published

    Fedora Security Update for slurm (FEDORA-2022-6d9d1862ee)

    Severity
    Urgent5
    Qualys ID
    282709
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-6d9d1862ee
    CVE Reference
    CVE-2022-29502, CVE-2022-29500, CVE-2022-29501
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released a security update for slurm to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-6d9d1862ee
  • CVE-2022-29502+
    Recently Published

    Fedora Security Update for slurm (FEDORA-2022-eeeff46680)

    Severity
    Urgent5
    Qualys ID
    282708
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-eeeff46680
    CVE Reference
    CVE-2022-29502, CVE-2022-29500, CVE-2022-29501
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released a security update for slurm to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-eeeff46680
  • CVE-2022-29502+
    Recently Published

    Fedora Security Update for slurm (FEDORA-2022-916bb58e38)

    Severity
    Urgent5
    Qualys ID
    282707
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-916bb58e38
    CVE Reference
    CVE-2022-29502, CVE-2022-29500, CVE-2022-29501
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Fedora has released a security update for slurm to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-916bb58e38
  • CVE-2022-1053
    Recently Published

    Fedora Security Update for keylime (FEDORA-2022-748fda10e7)

    Severity
    Urgent5
    Qualys ID
    282711
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-748fda10e7
    CVE Reference
    CVE-2022-1053
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    Fedora has released a security update for keylime to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could be used this vulnerability to change partial contents or configuration on the system and information disclosure.Denial of service may appear in some cases too.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-748fda10e7
  • CVE-2022-30292
    Recently Published

    Fedora Security Update for supertux (FEDORA-2022-509887bd99)

    Severity
    Urgent5
    Qualys ID
    282706
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-509887bd99
    CVE Reference
    CVE-2022-30292
    CVSS Scores
    Base 10 / Temporal 8.7
    Description
    Fedora has released a security update for supertux to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-509887bd99
  • CVE-2022-1227+
    Recently Published

    Red Hat Update for container-tools:2.0 (RHSA-2022:4651)

    Severity
    Critical4
    Qualys ID
    240354
    Date Published
    May 19, 2022
    Vendor Reference
    RHSA-2022:4651
    CVE Reference
    CVE-2022-1227, CVE-2022-27649, CVE-2022-27651
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description

    the container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

    Security Fix(es):
    • psgo: privilege escalation in 'podman top' (cve-2022-1227)
    • podman: default inheritable capabilities for linux container should be empty (cve-2022-27649)
    • buildah: default inheritable capabilities for linux container should be empty (cve-2022-27651)

    Affected Products:

    • Red Hat enterprise linux for x86_64 - extended update support 8.2 x86_64
    • Red Hat enterprise linux server - aus 8.2 x86_64
    • Red Hat enterprise linux for ibm z systems - extended update support 8.2 s390x
    • Red Hat enterprise linux for power, little endian - extended update support 8.2 ppc64le
    • Red Hat enterprise linux server - tus 8.2 x86_64
    • Red Hat enterprise linux for arm 64 - extended update support 8.2 aarch64
    • Red Hat enterprise linux server for power le - update services for sap solutions 8.2 ppc64le
    • Red Hat enterprise linux server for x86_64 - update services for sap solutions 8.2 x86_64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4651 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4651
  • Recently Published

    Fedora Security Update for thunderbird (FEDORA-2022-5d880c3988)

    Severity
    Critical4
    Qualys ID
    282731
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-5d880c3988
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for thunderbird to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-5d880c3988
  • Recently Published

    Fedora Security Update for esh (FEDORA-2022-c4e644865f)

    Severity
    Critical4
    Qualys ID
    282730
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-c4e644865f
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for esh to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-c4e644865f
  • CVE-2022-1309+
    Recently Published

    Fedora Security Update for chromium (FEDORA-2022-59297c8fcd)

    Severity
    Critical4
    Qualys ID
    282728
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-59297c8fcd
    CVE Reference
    CVE-2022-1309, CVE-2022-1314, CVE-2022-1307, CVE-2022-1312, CVE-2022-1313, CVE-2022-1305, CVE-2022-1308, CVE-2022-1364, CVE-2022-1311, CVE-2022-1310, CVE-2022-1232, CVE-2022-1306
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for chromium to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-59297c8fcd
  • Recently Published

    Fedora Security Update for suricata (FEDORA-2022-e7bc9caf04)

    Severity
    Critical4
    Qualys ID
    282725
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-e7bc9caf04
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for suricata to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-e7bc9caf04
  • CVE-2022-27774+
    Recently Published

    Fedora Security Update for curl (FEDORA-2022-3517572083)

    Severity
    Critical4
    Qualys ID
    282723
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-3517572083
    CVE Reference
    CVE-2022-27774, CVE-2022-22576, CVE-2022-27775, CVE-2022-27776
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for curl to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-3517572083
  • Recently Published

    Fedora Security Update for java (FEDORA-2022-42c08d8bd8)

    Severity
    Critical4
    Qualys ID
    282721
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-42c08d8bd8
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for java to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-42c08d8bd8
  • Recently Published

    Fedora Security Update for firefox (FEDORA-2022-2c4ed935d1)

    Severity
    Critical4
    Qualys ID
    282718
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-2c4ed935d1
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for firefox to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-2c4ed935d1
  • Recently Published

    Fedora Security Update for seamonkey (FEDORA-2022-bbee226200)

    Severity
    Critical4
    Qualys ID
    282714
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-bbee226200
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for seamonkey to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-bbee226200
  • Recently Published

    Fedora Security Update for java (FEDORA-2022-eb9cc91549)

    Severity
    Critical4
    Qualys ID
    282712
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-eb9cc91549
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for java to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-eb9cc91549
  • Recently Published

    Fedora Security Update for thunderbird (FEDORA-2022-2a6ebe688a)

    Severity
    Critical4
    Qualys ID
    282710
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-2a6ebe688a
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for thunderbird to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-2a6ebe688a
  • Recently Published

    Fedora Security Update for et (FEDORA-2022-e3a794b591)

    Severity
    Critical4
    Qualys ID
    282702
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-e3a794b591
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for et to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-e3a794b591
  • Recently Published

    Fedora Security Update for rsyslog (FEDORA-2022-7988dad217)

    Severity
    Critical4
    Qualys ID
    282701
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-7988dad217
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for rsyslog to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-7988dad217
  • CVE-2022-0005+
    Recently Published

    Fedora Security Update for microcode_ctl (FEDORA-2022-688cbbf106)

    Severity
    Critical4
    Qualys ID
    282697
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-688cbbf106
    CVE Reference
    CVE-2022-0005, CVE-2022-21131, CVE-2022-21151, CVE-2022-21136
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for microcode_ctl to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-688cbbf106
  • CVE-2022-27779+
    Recently Published

    Fedora Security Update for curl (FEDORA-2022-d15a736748)

    Severity
    Critical4
    Qualys ID
    282696
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-d15a736748
    CVE Reference
    CVE-2022-27779, CVE-2022-27782, CVE-2022-30115, CVE-2022-27780
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for curl to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-d15a736748
  • CVE-2022-27782+
    Recently Published

    Fedora Security Update for curl (FEDORA-2022-3d8f00cde2)

    Severity
    Critical4
    Qualys ID
    282695
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-3d8f00cde2
    CVE Reference
    CVE-2022-27782, CVE-2022-22576, CVE-2022-27775, CVE-2022-27774, CVE-2022-27776
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for curl to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-3d8f00cde2
  • CVE-2022-1587+
    Recently Published

    Fedora Security Update for pcre2 (FEDORA-2022-e56085ba31)

    Severity
    Critical4
    Qualys ID
    282694
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-e56085ba31
    CVE Reference
    CVE-2022-1587, CVE-2022-1586
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for pcre2 to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-e56085ba31
  • CVE-2022-29909+
    In Development

    Red Hat Update for firefox (RHSA-2022:4590)

    Severity
    Critical4
    Qualys ID
    240351
    Vendor Reference
    RHSA-2022:4590
    CVE Reference
    CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description

    mozilla firefox is an open-source web browser, designed for standards compliance, performance, and portability.

    Security Fix(es):
    • mozilla: bypassing permission prompt in nested browsing contexts (cve-2022-29909)
    • mozilla: iframe sandbox bypass (cve-2022-29911)
    • mozilla: fullscreen notification bypass using popups (cve-2022-29914)
    • mozilla: leaking browser history with css variables (cve-2022-29916)
    • mozilla: memory safety bugs fixed in firefox 100 and firefox esr 91.9 (cve-2022-29917)
    • mozilla: reader mode bypassed samesite cookies (cve-2022-29912)

    Affected Products:

    • Red Hat enterprise linux for x86_64 9 x86_64
    • Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64
    • Red Hat enterprise linux for ibm z systems 9 s390x
    • Red Hat enterprise linux for ibm z systems - extended update support 9.0 s390x
    • Red Hat enterprise linux for power, little endian - extended update support 9.0 ppc64le
    • Red Hat enterprise linux server for power le - update services for sap solutions 9.0 ppc64le
    • Red Hat enterprise linux server for x86_64 - update services for sap solutions 9.0 x86_64
    • Red Hat enterprise linux server for ibm z systems - 4 years of updates 9.0 s390x



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4590 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4590
  • CVE-2022-1271
    In Development

    Red Hat Update for gzip (RHSA-2022:4582)

    Severity
    Critical4
    Qualys ID
    240350
    Vendor Reference
    RHSA-2022:4582
    CVE Reference
    CVE-2022-1271
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description

    the gzip packages contain the gzip (gnu zip) data compression utility.
    Gzip is used to compress regular files.
    It replaces them with files containing the .gz extension, while retaining ownership modes, access, and modification times.

    Security Fix(es):
    • gzip: arbitrary-file-write vulnerability (cve-2022-1271)

    Affected Products:

    • Red Hat enterprise linux for x86_64 9 x86_64
    • Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64
    • Red Hat enterprise linux for ibm z systems 9 s390x
    • Red Hat enterprise linux for ibm z systems - extended update support 9.0 s390x
    • Red Hat enterprise linux for power, little endian 9 ppc64le
    • Red Hat enterprise linux for power, little endian - extended update support 9.0 ppc64le
    • Red Hat enterprise linux for arm 64 9 aarch64
    • Red Hat enterprise linux for arm 64 - extended update support 9.0 aarch64
    • Red Hat enterprise linux server for power le - update services for sap solutions 9.0 ppc64le
    • Red Hat enterprise linux server for x86_64 - update services for sap solutions 9.0 x86_64
    • Red Hat enterprise linux server for arm 64 - 4 years of updates 9.0 aarch64
    • Red Hat enterprise linux server for ibm z systems - 4 years of updates 9.0 s390x



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4582 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4582
  • CVE-2022-1520+
    In Development

    Red Hat Update for thunderbird (RHSA-2022:4589)

    Severity
    Critical4
    Qualys ID
    240347
    Vendor Reference
    RHSA-2022:4589
    CVE Reference
    CVE-2022-1520, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29913, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description

    mozilla thunderbird is a standalone mail and newsgroup client.

    Security Fix(es):
    • mozilla: bypassing permission prompt in nested browsing contexts (cve-2022-29909)
    • mozilla: iframe sandbox bypass (cve-2022-29911)
    • mozilla: fullscreen notification bypass using popups (cve-2022-29914)
    • mozilla: leaking browser history with css variables (cve-2022-29916)
    • mozilla: memory safety bugs fixed in firefox 100 and firefox esr 91.9 (cve-2022-29917)
    • mozilla: reader mode bypassed samesite cookies (cve-2022-29912)
    • mozilla: speech synthesis feature not properly disabled (cve-2022-29913)
    • mozilla: incorrect security status shown after viewing an attached email (cve-2022-1520)

    Affected Products:

    • Red Hat enterprise linux for x86_64 9 x86_64
    • Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4589 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4589
  • CVE-2022-30688
    Recently Published

    Ubuntu Security Notification for needrestart Vulnerability (USN-5426-1)

    Severity
    Critical4
    Qualys ID
    198792
    Date Published
    May 19, 2022
    Vendor Reference
    USN-5426-1
    CVE Reference
    CVE-2022-30688
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Ubuntu has released a security update for needrestart to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5426-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5426-1
  • CVE-2022-30688
    Recently Published

    Debian Security Update for needrestart (DSA 5137-1)

    Severity
    Critical4
    Qualys ID
    179297
    Date Published
    May 19, 2022
    Vendor Reference
    DSA 5137-1
    CVE Reference
    CVE-2022-30688
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for needrestart to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5137-1 for updates and patch information.
    Patches
    Debian DSA 5137-1
  • CVE-2022-30688
    Recently Published

    Debian Security Update for needrestart (DLA 3013-1)

    Severity
    Critical4
    Qualys ID
    179295
    Date Published
    May 19, 2022
    Vendor Reference
    DLA 3013-1
    CVE Reference
    CVE-2022-30688
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for needrestart to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3013-1 for updates and patch information.
    Patches
    Debian DLA 3013-1
  • CVE-2021-4213
    Recently Published

    Oracle Enterprise Linux Security Update for pki-core:10.6 (ELSA-2022-1851)

    Severity
    Critical4
    Qualys ID
    159837
    Date Published
    May 19, 2022
    Vendor Reference
    ELSA-2022-1851
    CVE Reference
    CVE-2021-4213
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle Enterprise Linux has released a security update for pki-core:10.6 security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1851
    Patches
    Oracle Linux ELSA-2022-1851
  • CVE-2021-43860
    Recently Published

    Oracle Enterprise Linux Security Update for flatpak (ELSA-2022-1792)

    Severity
    Critical4
    Qualys ID
    159836
    Date Published
    May 19, 2022
    Vendor Reference
    ELSA-2022-1792
    CVE Reference
    CVE-2021-43860
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle Enterprise Linux has released a security update for flatpak security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1792
    Patches
    Oracle Linux ELSA-2022-1792
  • CVE-2022-24735+
    Recently Published

    Fedora Security Update for redis (FEDORA-2022-6ed1ce2838)

    Severity
    Critical4
    Qualys ID
    282724
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-6ed1ce2838
    CVE Reference
    CVE-2022-24735, CVE-2022-24736
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for redis to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-6ed1ce2838
  • CVE-2021-46659+
    Recently Published

    Fedora Security Update for galera (FEDORA-2022-263f7cc483)

    Severity
    Critical4
    Qualys ID
    282722
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-263f7cc483
    CVE Reference
    CVE-2021-46659, CVE-2021-46661, CVE-2021-46667, CVE-2021-46663, CVE-2022-24051, CVE-2021-46665, CVE-2022-24048, CVE-2022-24052, CVE-2021-46668, CVE-2022-24050, CVE-2021-46664
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for galera to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-263f7cc483
  • CVE-2022-27239+
    Recently Published

    Fedora Security Update for cifs (FEDORA-2022-eb2d3ca94d)

    Severity
    Critical4
    Qualys ID
    282720
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-eb2d3ca94d
    CVE Reference
    CVE-2022-27239, CVE-2022-29869
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for cifs to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-eb2d3ca94d
  • CVE-2022-27470
    Recently Published

    Fedora Security Update for mingw (FEDORA-2022-280ac942be)

    Severity
    Critical4
    Qualys ID
    282713
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-280ac942be
    CVE Reference
    CVE-2022-27470
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for mingw to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-280ac942be
  • CVE-2022-1620+
    Recently Published

    Fedora Security Update for vim (FEDORA-2022-e92c3ce170)

    Severity
    Critical4
    Qualys ID
    282700
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-e92c3ce170
    CVE Reference
    CVE-2022-1620, CVE-2022-1616, CVE-2022-1619
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for vim to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-e92c3ce170
  • CVE-2022-1616+
    Recently Published

    Fedora Security Update for vim (FEDORA-2022-8df66cdbef)

    Severity
    Critical4
    Qualys ID
    282699
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-8df66cdbef
    CVE Reference
    CVE-2022-1616, CVE-2022-1620, CVE-2022-1629, CVE-2022-1619, CVE-2022-1621
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for vim to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-8df66cdbef
  • CVE-2022-29968
    Recently Published

    Fedora Security Update for kernel (FEDORA-2022-e9378a3573)

    Severity
    Critical4
    Qualys ID
    282698
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-e9378a3573
    CVE Reference
    CVE-2022-29968
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Fedora has released a security update for kernel to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-e9378a3573
  • CVE-2022-0492
    Recently Published

    Red Hat Update for kpatch-patch (RHSA-2022:4655)

    Severity
    Critical4
    Qualys ID
    240352
    Date Published
    May 19, 2022
    Vendor Reference
    RHSA-2022:4655
    CVE Reference
    CVE-2022-0492
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description

    this is a kernel live patch module which is automatically loaded by the rpm post-install script to modify the code of a running kernel.

    Security Fix(es):
    • kernel: cgroups v1 release_agent feature may allow privilege escalation (cve-2022-0492)

    Affected Products:

    • Red Hat enterprise linux server 7 x86_64
    • Red Hat enterprise linux for power, little endian 7 ppc64le



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4655 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4655
  • CVE-2022-26890
    Recently Published

    F5 BIG-IP Application Security Manager (ASM), Access Policy Manager (APM) Denial of Service (DoS) Vulnerability (K03442392)

    Severity
    Critical4
    Qualys ID
    376616
    Date Published
    May 19, 2022
    Vendor Reference
    K03442392
    CVE Reference
    CVE-2022-26890
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
    F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BiG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
    F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

    Traffic is disrupted while the bd process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.

    Vulnerable Component:
    BIG-IP APM,ASM

    Affected Versions:
    16.1.0 - 16.1.2
    15.1.0 - 15.1.4
    14.1.0 - 14.1.4
    13.1.0 - 13.1.4

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    Traffic is disrupted while the bd process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.

    Solution
    For more information about patch details please refer to: K03442392
    Patches
    K03442392
  • CVE-2022-28705
    Recently Published

    F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Denial of Service (DoS) Vulnerability (K52340447)

    Severity
    Critical4
    Qualys ID
    376615
    Date Published
    May 19, 2022
    Vendor Reference
    K52340447
    CVE Reference
    CVE-2022-28705
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
    F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BiG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
    F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

    Traffic is disrupted while the Traffic Management Microkernel (TMM) process restarts. This vulnerability allows a remote attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only. CGNAT deployments are more likely to be affected. VCMP guests running on embedded Packet Velocity Acceleration (ePVA) platforms provisioned with only 2 CPU cores are not vulnerable.

    Vulnerable Component:
    BIG-IP APM,ASM,LTM

    Affected Versions:
    16.1.0 - 16.1.2
    15.1.0 - 15.1.5
    14.1.0 - 14.1.4
    13.1.0 - 13.1.4

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    Traffic is disrupted while the Traffic Management Microkernel (TMM) process restarts. This vulnerability allows a remote attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only. CGNAT deployments are more likely to be affected. VCMP guests running on embedded Packet Velocity Acceleration (ePVA) platforms provisioned with only 2 CPU cores are not vulnerable.

    Solution
    For more information about patch details please refer to: K52340447
    Patches
    K52340447
  • CVE-2022-29491
    Recently Published

    F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Denial of Service (DoS) Vulnerability (K14229426)

    Severity
    Critical4
    Qualys ID
    376614
    Date Published
    May 19, 2022
    Vendor Reference
    K14229426
    CVE Reference
    CVE-2022-29491
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
    F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BiG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
    F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

    Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.

    Vulnerable Component:
    BIG-IP APM,ASM,LTM

    Affected Versions:
    16.1.0 - 16.1.2
    15.1.0 - 15.1.4
    14.1.0 - 14.1.4
    13.1.0 - 13.1.5
    12.1.0 - 12.1.6
    11.6.1 - 11.6.5

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    Traffic is disrupted while the TMM process restarts. This vulnerability allows a remote unauthenticated attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.
    Solution
    For more information about patch details please refer to: K14229426
    Patches
    K14229426
  • CVE-2022-28691
    Recently Published

    F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Denial of Service (DoS) Vulnerability (K37155600)

    Severity
    Critical4
    Qualys ID
    376613
    Date Published
    May 19, 2022
    Vendor Reference
    K37155600
    CVE Reference
    CVE-2022-28691
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
    F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BIG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
    F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

    System performance can degrade until the process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.

    Vulnerable Component: BIG-IP APM,ASM,LTM

    Affected Versions:
    16.1.0 - 16.1.2
    15.1.0 - 15.1.4
    14.1.0 - 14.1.4
    13.1.0 - 13.1.4

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    System performance can degrade until the process is either forced to restart or is manually restarted. This vulnerability allows a remote, unauthenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.
    Solution
    For more information about patch details please refer to: K37155600
    Patches
    K37155600
  • CVE-2022-29536
    Recently Published

    Fedora Security Update for epiphany (FEDORA-2022-88690c6188)

    Severity
    Critical4
    Qualys ID
    282732
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-88690c6188
    CVE Reference
    CVE-2022-29536
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for epiphany to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-88690c6188
  • CVE-2022-24884
    Recently Published

    Fedora Security Update for ecdsautils (FEDORA-2022-111177a5ac)

    Severity
    Critical4
    Qualys ID
    282705
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-111177a5ac
    CVE Reference
    CVE-2022-24884
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for ecdsautils to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-111177a5ac
  • CVE-2022-20770+
    Recently Published

    Fedora Security Update for clamav (FEDORA-2022-b8691af27b)

    Severity
    Critical4
    Qualys ID
    282704
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-b8691af27b
    CVE Reference
    CVE-2022-20770, CVE-2022-20785, CVE-2022-20771, CVE-2022-20796
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Fedora has released a security update for clamav to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-b8691af27b
  • CVE-2022-21426+
    In Development

    Red Hat Update for java-11-openjdk (RHSA-2022:1728)

    Severity
    Critical4
    Qualys ID
    240349
    Vendor Reference
    RHSA-2022:1728
    CVE Reference
    CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:1728 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:1728
  • CVE-2022-21426+
    In Development

    Red Hat Update for java-17-openjdk (RHSA-2022:1729)

    Severity
    Critical4
    Qualys ID
    240348
    Vendor Reference
    RHSA-2022:1729
    CVE Reference
    CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21449, CVE-2022-21476, CVE-2022-21496
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:1729 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:1729
  • CVE-2022-29970
    In Development

    Red Hat Update for pcs (RHSA-2022:4587)

    Severity
    Critical4
    Qualys ID
    240346
    Vendor Reference
    RHSA-2022:4587
    CVE Reference
    CVE-2022-29970
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4587 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4587
  • CVE-2022-24070
    In Development

    Red Hat Update for subversion (RHSA-2022:4591)

    Severity
    Critical4
    Qualys ID
    240345
    Vendor Reference
    RHSA-2022:4591
    CVE Reference
    CVE-2022-24070
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    subversion (svn) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes.

    Security Fix(es):
    • subversion: subversion's mod_dav_svn is vulnerable to memory corruption (cve-2022-24070)

    Affected Products:

    • Red Hat enterprise linux for x86_64 9 x86_64
    • Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64
    • Red Hat enterprise linux for ibm z systems 9 s390x
    • Red Hat enterprise linux for ibm z systems - extended update support 9.0 s390x
    • Red Hat enterprise linux server for x86_64 - update services for sap solutions 9.0 x86_64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4591 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4591
  • CVE-2022-23267+
    In Development

    Red Hat Update for .net 6.0 security (RHSA-2022:4588)

    Severity
    Critical4
    Qualys ID
    240344
    Vendor Reference
    RHSA-2022:4588
    CVE Reference
    CVE-2022-23267, CVE-2022-29117, CVE-2022-29145
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    .net is a managed-software framework.
    It implements a subset of the .net framework apis and several new apis, and it includes a clr implementation.

    Security Fix(es):
    • dotnet: excess memory allocation via httpclient causes dos (cve-2022-23267)
    • dotnet: malicious content causes high cpu and memory usage (cve-2022-29117)
    • dotnet: parsing html causes denial of service (cve-2022-29145)

    Affected Products:

    • Red Hat enterprise linux for x86_64 9 x86_64
    • Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4588 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4588
  • CVE-2022-21426+
    In Development

    Red Hat Update for java-1.8.0-openjdk (RHSA-2022:2137)

    Severity
    Critical4
    Qualys ID
    240343
    Vendor Reference
    RHSA-2022:2137
    CVE Reference
    CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:2137 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:2137
  • CVE-2018-25032
    In Development

    Red Hat Update for rsync (RHSA-2022:4592)

    Severity
    Critical4
    Qualys ID
    240342
    Vendor Reference
    RHSA-2022:4592
    CVE Reference
    CVE-2018-25032
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description

    the rsync utility enables the users to copy and synchronize files locally or across a network.
    Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files.
    The rsync utility is also used as a mirroring tool.

    Security Fix(es):
    • zlib: a flaw found in zlib when compressing (not decompressing) certain inputs (cve-2018-25032)

    Affected Products:

    • Red Hat enterprise linux for x86_64 9 x86_64
    • Red Hat enterprise linux for x86_64 - extended update support 9.0 x86_64
    • Red Hat enterprise linux for ibm z systems 9 s390x
    • Red Hat enterprise linux for ibm z systems - extended update support 9.0 s390x
    • Red Hat enterprise linux for power, little endian 9 ppc64le
    • Red Hat enterprise linux for power, little endian - extended update support 9.0 ppc64le
    • Red Hat enterprise linux for arm 64 9 aarch64
    • Red Hat enterprise linux for arm 64 - extended update support 9.0 aarch64
    • Red Hat enterprise linux server for power le - update services for sap solutions 9.0 ppc64le
    • Red Hat enterprise linux server for x86_64 - update services for sap solutions 9.0 x86_64
    • Red Hat enterprise linux server for arm 64 - 4 years of updates 9.0 aarch64
    • Red Hat enterprise linux server for ibm z systems - 4 years of updates 9.0 s390x



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:4592 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:4592
  • CVE-2020-8659
    Recently Published

    Debian Security Update for elog (DLA 3014-1)

    Severity
    Critical4
    Qualys ID
    179296
    Date Published
    May 19, 2022
    Vendor Reference
    DLA 3014-1
    CVE Reference
    CVE-2020-8659
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for elog to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3014-1 for updates and patch information.
    Patches
    Debian DLA 3014-1
  • CVE-2022-28041
    Recently Published

    Fedora Security Update for CuraEngine (FEDORA-2022-0125d9cd29)

    Severity
    Serious3
    Qualys ID
    282729
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-0125d9cd29
    CVE Reference
    CVE-2022-28041
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Fedora has released a security update for CuraEngine to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-0125d9cd29
  • CVE-2022-29824
    Recently Published

    Fedora Security Update for libxml2 (FEDORA-2022-9136d646e4)

    Severity
    Serious3
    Qualys ID
    282717
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-9136d646e4
    CVE Reference
    CVE-2022-29824
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Fedora has released a security update for libxml2 to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-9136d646e4
  • CVE-2022-29824
    Recently Published

    Fedora Security Update for libxml2 (FEDORA-2022-f624aad735)

    Severity
    Serious3
    Qualys ID
    282715
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-f624aad735
    CVE Reference
    CVE-2022-29824
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Fedora has released a security update for libxml2 to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-f624aad735
  • CVE-2022-27230
    Recently Published

    F5 BIG-IP Access Policy Manager (APM) Cross-Site Scripting (XSS) Vulnerability (K21317311)

    Severity
    Serious3
    Qualys ID
    376611
    Date Published
    May 19, 2022
    Vendor Reference
    K21317311
    CVE Reference
    CVE-2022-27230
    CVSS Scores
    Base 6.1 / Temporal 5.6
    Description
    F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

    An attacker may exploit this vulnerability by causing an authenticated user granted the Administrator role to send a crafted URL that is then reflected back and executed by the user's web browser. If successful, an attacker can run JavaScript in the context of the currently logged-in user. In the case of an administrative user with access to the Advanced Shell (bash), an attacker can leverage successful exploitation of this vulnerability to compromise the BIG-IP system. This is a control plane issue; there is no data plane exposure.

    Vulnerable Component:
    BIG-IP APM

    Affected Versions:
    16.1.0 - 16.1.2
    15.1.0 - 15.1.5
    14.1.0 - 14.1.4
    13.1.0.8 - 13.1.5

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    An attacker may exploit this vulnerability by causing an authenticated user granted the Administrator role to send a crafted URL that is then reflected back and executed by the user's web browser. If successful, an attacker can run JavaScript in the context of the currently logged-in user. In the case of an administrative user with access to the Advanced Shell (bash), an attacker can leverage successful exploitation of this vulnerability to compromise the BIG-IP system. This is a control plane issue; there is no data plane exposure.

    Solution
    For more information about patch details please refer to: K21317311
  • CVE-2021-46022+
    Recently Published

    Fedora Security Update for recutils (FEDORA-2022-17787e290f)

    Severity
    Serious3
    Qualys ID
    282726
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-17787e290f
    CVE Reference
    CVE-2021-46022, CVE-2021-46021, CVE-2021-46019
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    Fedora has released a security update for recutils to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-17787e290f
  • CVE-2022-1507
    Recently Published

    Fedora Security Update for chafa (FEDORA-2022-e72698d659)

    Severity
    Serious3
    Qualys ID
    282703
    Date Published
    May 19, 2022
    Vendor Reference
    FEDORA-2022-e72698d659
    CVE Reference
    CVE-2022-1507
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    Fedora has released a security update for chafa to fix the vulnerabilities.

    Affected OS:
    Fedora 36


    Consequence
    This vulnerability could be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 36 for updates and patch information.
    Patches
    Fedora 36 FEDORA-2022-e72698d659
  • CVE-2022-29036+
    Recently Published

    Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2022:2205)

    Severity
    Serious3
    Qualys ID
    770152
    Date Published
    May 19, 2022
    Vendor Reference
    RHSA-2022:2205
    CVE Reference
    CVE-2022-29036, CVE-2022-29041, CVE-2022-29046, CVE-2022-29047
    CVSS Scores
    Base 5.4 / Temporal 4.7
    Description

    Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.

    Security Fix(es):
    • jira: stored xss vulnerabilities in jenkins jira plugin (cve-2022-29041)
    • subversion: stored xss vulnerabilities in jenkins subversion plugin

    Affected Products:

    • Red Hat openshift container platform 4.9 for rhel 8 x86_64
    • Red Hat openshift container platform 4.9 for rhel 7 x86_64
    • Red Hat openshift container platform for power 4.9 for rhel 8 ppc64le
    • Red Hat openshift container platform for ibm z and linuxone 4.9 for rhel 8 s390x
    • Red Hat openshift container platform for arm 64 4.9 aarch64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:2205 for updates and patch information.
    Patches
    Red Hat Enterprise Linux CoreOS RHSA-2022:2205
  • CVE-2022-29036+
    Recently Published

    Red Hat OpenShift Container Platform 4.9 Security Update (RHSA-2022:2205)

    Severity
    Serious3
    Qualys ID
    240353
    Date Published
    May 19, 2022
    Vendor Reference
    RHSA-2022:2205
    CVE Reference
    CVE-2022-29036, CVE-2022-29041, CVE-2022-29046, CVE-2022-29047
    CVSS Scores
    Base 5.4 / Temporal 4.7
    Description

    Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.

    Security Fix(es):
    • jira: stored xss vulnerabilities in jenkins jira plugin (cve-2022-29041)
    • subversion: stored xss vulnerabilities in jenkins subversion plugin

    Affected Products:

    • Red Hat openshift container platform 4.9 for rhel 8 x86_64
    • Red Hat openshift container platform 4.9 for rhel 7 x86_64
    • Red Hat openshift container platform for power 4.9 for rhel 8 ppc64le
    • Red Hat openshift container platform for ibm z and linuxone 4.9 for rhel 8 s390x
    • Red Hat openshift container platform for arm 64 4.9 aarch64



    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Red Hat security advisory RHSA-2022:2205 for updates and patch information.
    Patches
    Red Hat Enterprise Linux RHSA-2022:2205
  • CVE-2020-13956
    Recently Published

    Oracle Enterprise Linux Security Update for maven:3.6 security and enhancement update (ELSA-2022-1860)

    Severity
    Serious3
    Qualys ID
    159835
    Date Published
    May 19, 2022
    Vendor Reference
    ELSA-2022-1860
    CVE Reference
    CVE-2020-13956
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    Oracle Enterprise Linux has released a security update for maven:3.6 security and enhancement update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1860
    Patches
    Oracle Linux ELSA-2022-1860
  • CVE-2021-3802
    Recently Published

    Oracle Enterprise Linux Security Update for udisks2 (ELSA-2022-1820)

    Severity
    Medium2
    Qualys ID
    159838
    Date Published
    May 19, 2022
    Vendor Reference
    ELSA-2022-1820
    CVE Reference
    CVE-2021-3802
    CVSS Scores
    Base 4.2 / Temporal 3.7
    Description
    Oracle Enterprise Linux has released a security update for udisks2 security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1820
    Patches
    Oracle Linux ELSA-2022-1820
  • CVE-2022-26702+
    Recently Published

    Apple iOS 15.5 and iPadOS 15.5 Security Update Missing (HT213258)

    Severity
    Urgent5
    Qualys ID
    610416
    Date Published
    May 19, 2022
    Vendor Reference
    HT213258
    CVE Reference
    CVE-2022-26702, CVE-2022-26751, CVE-2022-26736, CVE-2022-26737, CVE-2022-26738, CVE-2022-26739, CVE-2022-26740, CVE-2022-26763, CVE-2022-26744, CVE-2022-26711, CVE-2022-26701, CVE-2022-26768, CVE-2022-26771, CVE-2022-26714, CVE-2022-26757, CVE-2022-26764, CVE-2022-26765, CVE-2022-26706, CVE-2022-23308, CVE-2022-22673, CVE-2022-26731, CVE-2022-26766, CVE-2022-26703, CVE-2022-26700, CVE-2022-26709, CVE-2022-26710, CVE-2022-26717, CVE-2022-26716, CVE-2022-26719, CVE-2022-22677, CVE-2022-26745, CVE-2022-26760, CVE-2015-4142, CVE-2022-26762
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    iOS is a mobile operating system created and developed by Apple Inc.

    Following security issues are observed :
    A use after free issue was addressed with improved memory management. CVE-2022-26702
    A memory corruption issue was addressed with improved input validation. CVE-2022-26751
    An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736
    An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763
    A memory corruption issue was addressed with improved state management. CVE-2022-26744
    An integer overflow issue was addressed with improved input validation. CVE-2022-26711
    A race condition was addressed with improved locking. CVE-2022-26701
    A memory corruption issue was addressed with improved state management. CVE-2022-26768
    A memory corruption issue was addressed with improved state management. CVE-2022-26771
    A memory corruption issue was addressed with improved validation. CVE-2022-26714
    A use after free issue was addressed with improved memory management. CVE-2022-26757
    A memory corruption issue was addressed with improved validation. CVE-2022-26764
    A race condition was addressed with improved state handling. CVE-2022-26765
    An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706
    A use after free issue was addressed with improved memory management. CVE-2022-23308 Notes Available for
    This issue was addressed with improved checks. CVE-2022-22673
    A logic issue was addressed with improved state management. CVE-2022-26731
    A certificate parsing issue was addressed with improved checks. CVE-2022-26766
    An authorization issue was addressed with improved state management. CVE-2022-26703
    A memory corruption issue was addressed with improved state management. WebKit Bugzilla
    A use after free issue was addressed with improved memory management. WebKit Bugzilla
    A memory corruption issue was addressed with improved state management. WebKit Bugzilla
    A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla
    A memory corruption issue was addressed with improved validation. CVE-2022-26745
    A memory corruption issue was addressed with improved state management. CVE-2022-26760
    This issue was addressed with improved checks. CVE-2015-4142
    A memory corruption issue was addressed with improved memory handling. CVE-2022-26762

    Affected Devices
    iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to Apple advisory HT213258 for patching details.
    Patches
    iOS HT213258
  • CVE-2021-44907+
    Recently Published

    SUSE Enterprise Linux Security Update for nodejs10 (SUSE-SU-2022:1717-1)

    Severity
    Urgent5
    Qualys ID
    752142
    Date Published
    May 18, 2022
    Vendor Reference
    SUSE-SU-2022:1717-1
    CVE Reference
    CVE-2021-44907, CVE-2021-23343, CVE-2021-3807, CVE-2022-21824, CVE-2021-32803, CVE-2021-3918, CVE-2021-44906, CVE-2022-0235, CVE-2021-32804
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for nodejs10 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server for SAP Applications 15
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1717-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1717-1
  • CVE-2022-29155
    Recently Published

    Ubuntu Security Notification for OpenLDAP Vulnerability (USN-5424-1)

    Severity
    Urgent5
    Qualys ID
    198791
    Date Published
    May 18, 2022
    Vendor Reference
    USN-5424-1
    CVE Reference
    CVE-2022-29155
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Ubuntu has released a security update for openldap to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5424-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5424-1
  • CVE-2022-1292
    Recently Published

    Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5139-1)

    Severity
    Urgent5
    Qualys ID
    179294
    Date Published
    May 18, 2022
    Vendor Reference
    DSA 5139-1
    CVE Reference
    CVE-2022-1292
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released a security update for openssl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5139-1 for updates and patch information.
    Patches
    Debian DSA 5139-1
  • CVE-2021-3612+
    Recently Published

    Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)

    Severity
    Urgent5
    Qualys ID
    159825
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1988
    CVE Reference
    CVE-2021-3612, CVE-2021-4002, CVE-2022-0001, CVE-2021-3772, CVE-2022-0286, CVE-2021-0941, CVE-2021-3744, CVE-2021-45486, CVE-2020-27820, CVE-2021-3764, CVE-2021-42739, CVE-2021-3773, CVE-2021-4157, CVE-2021-43056, CVE-2020-0404, CVE-2021-4197, CVE-2021-29154, CVE-2021-3759, CVE-2020-13974, CVE-2021-20322, CVE-2021-4037, CVE-2021-45485, CVE-2021-44733, CVE-2021-21781, CVE-2021-41864, CVE-2021-3752, CVE-2021-43389, CVE-2021-43976, CVE-2021-3669, CVE-2021-26401, CVE-2020-4788, CVE-2022-1011, CVE-2021-3743, CVE-2022-0322, CVE-2021-37159, CVE-2022-0002, CVE-2021-4083, CVE-2021-4203
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Oracle Enterprise Linux has released a security update for kernel to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1988
    Patches
    Oracle Linux ELSA-2022-1988
  • CVE-2022-23806+
    Recently Published

    Oracle Enterprise Linux Security Update for go-toolset:ol8 (ELSA-2022-1819)

    Severity
    Urgent5
    Qualys ID
    159810
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1819
    CVE Reference
    CVE-2022-23806, CVE-2021-39293, CVE-2022-23773, CVE-2021-38297, CVE-2021-41771, CVE-2021-41772, CVE-2022-23772
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Oracle Enterprise Linux has released a security update for go-toolset:ol8 security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1819
    Patches
    Oracle Linux ELSA-2022-1819
  • CVE-2022-27650+
    Recently Published

    Oracle Enterprise Linux Security Update for container-tools:ol8 (ELSA-2022-1762)

    Severity
    Critical4
    Qualys ID
    159829
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1762
    CVE Reference
    CVE-2022-27650, CVE-2022-1227, CVE-2022-27649, CVE-2022-21698, CVE-2022-27651
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Oracle Enterprise Linux has released a security update for container-tools:ol8 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1762
    Patches
    Oracle Linux ELSA-2022-1762
  • CVE-2021-45483+
    Recently Published

    Oracle Enterprise Linux Security Update for webkit2gtk3 (ELSA-2022-1777)

    Severity
    Critical4
    Qualys ID
    159799
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1777
    CVE Reference
    CVE-2021-45483, CVE-2021-45482, CVE-2021-30818, CVE-2021-30984, CVE-2021-30887, CVE-2021-30952, CVE-2021-30890, CVE-2022-22620, CVE-2021-30954, CVE-2021-30809, CVE-2021-30888, CVE-2022-22637, CVE-2022-22592, CVE-2022-22590, CVE-2021-30848, CVE-2021-45481, CVE-2021-30851, CVE-2022-22594, CVE-2021-30889, CVE-2021-30951, CVE-2021-30823, CVE-2021-30936, CVE-2021-30846, CVE-2021-30849, CVE-2021-30953, CVE-2021-30884, CVE-2021-30897, CVE-2022-22589, CVE-2021-30836, CVE-2021-30934
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    Oracle Enterprise Linux has released a security update for webkit2gtk3 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1777
    Patches
    Oracle Linux ELSA-2022-1777
  • Recently Published

    SUSE Enterprise Linux Security Update for php72 (SUSE-SU-2022:1714-1)

    Severity
    Critical4
    Qualys ID
    752140
    Date Published
    May 18, 2022
    Vendor Reference
    SUSE-SU-2022:1714-1
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for suse_enterprise_linux to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1714-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1714-1
  • CVE-2022-28656+
    Recently Published

    Ubuntu Security Notification for Apport Vulnerabilities (USN-5427-1)

    Severity
    Critical4
    Qualys ID
    198790
    Date Published
    May 18, 2022
    Vendor Reference
    USN-5427-1
    CVE Reference
    CVE-2022-28656, CVE-2022-28657, CVE-2022-28658, CVE-2021-3899, CVE-2022-28655, CVE-2022-28652, CVE-2022-28654, CVE-2022-1242
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Ubuntu has released a security update for apport to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5427-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5427-1
  • CVE-2022-1117
    Recently Published

    Oracle Enterprise Linux Security Update for fapolicyd (ELSA-2022-1898)

    Severity
    Critical4
    Qualys ID
    159820
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1898
    CVE Reference
    CVE-2022-1117
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle Enterprise Linux has released a security update for fapolicyd to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1898
    Patches
    Oracle Linux ELSA-2022-1898
  • CVE-2021-3639
    Recently Published

    Oracle Enterprise Linux Security Update for mod_auth_mellon (ELSA-2022-1934)

    Severity
    Critical4
    Qualys ID
    159805
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1934
    CVE Reference
    CVE-2021-3639
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Oracle Enterprise Linux has released a security update for mod_auth_mellon to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1934
    Patches
    Oracle Linux ELSA-2022-1934
  • CVE-2021-33193+
    Recently Published

    Oracle Enterprise Linux Security Update for httpd:2.4 (ELSA-2022-1915)

    Severity
    Critical4
    Qualys ID
    159811
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1915
    CVE Reference
    CVE-2021-33193, CVE-2021-44224, CVE-2020-35452, CVE-2021-36160
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description
    Oracle Enterprise Linux has released a security update for httpd:2.4 security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1915
    Patches
    Oracle Linux ELSA-2022-1915
  • CVE-2021-4156
    Recently Published

    Oracle Enterprise Linux Security Update for libsndfile (ELSA-2022-1968)

    Severity
    Critical4
    Qualys ID
    159833
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1968
    CVE Reference
    CVE-2021-4156
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Oracle Enterprise Linux has released a security update for libsndfile to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1968
    Patches
    Oracle Linux ELSA-2022-1968
  • CVE-2021-23214
    Recently Published

    Oracle Enterprise Linux Security Update for postgresql:10 (ELSA-2022-1830)

    Severity
    Critical4
    Qualys ID
    159822
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1830
    CVE Reference
    CVE-2021-23214
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Oracle Enterprise Linux has released a security update for postgresql:10 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1830
    Patches
    Oracle Linux ELSA-2022-1830
  • CVE-2022-1304
    Recently Published

    SUSE Enterprise Linux Security Update for e2fsprogs (SUSE-SU-2022:1718-1)

    Severity
    Critical4
    Qualys ID
    752141
    Date Published
    May 18, 2022
    Vendor Reference
    SUSE-SU-2022:1718-1
    CVE Reference
    CVE-2022-1304
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released a security update for e2fsprogs to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP4
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1718-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1718-1
  • CVE-2020-35492
    Recently Published

    Oracle Enterprise Linux Security Update for cairo and pixman (ELSA-2022-1961)

    Severity
    Critical4
    Qualys ID
    159818
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1961
    CVE Reference
    CVE-2020-35492
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Oracle Enterprise Linux has released a security update for cairo and pixman security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1961
    Patches
    Oracle Linux ELSA-2022-1961
  • CVE-2021-45444
    Recently Published

    Oracle Enterprise Linux Security Update for zsh (ELSA-2022-2120)

    Severity
    Critical4
    Qualys ID
    159816
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-2120
    CVE Reference
    CVE-2021-45444
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Oracle Enterprise Linux has released a security update for zsh to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2120
    Patches
    Oracle Linux ELSA-2022-2120
  • CVE-2019-25051
    Recently Published

    Oracle Enterprise Linux Security Update for aspell (ELSA-2022-1808)

    Severity
    Critical4
    Qualys ID
    159806
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1808
    CVE Reference
    CVE-2019-25051
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Oracle Enterprise Linux has released a security update for aspell to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1808
    Patches
    Oracle Linux ELSA-2022-1808
  • CVE-2021-4011+
    Recently Published

    Oracle Enterprise Linux Security Update for xorg-x11-server and xorg-x11-server-xwayland (ELSA-2022-1917)

    Severity
    Critical4
    Qualys ID
    159803
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1917
    CVE Reference
    CVE-2021-4011, CVE-2021-4009, CVE-2021-4010, CVE-2021-4008
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Oracle Enterprise Linux has released a security update for xorg-x11-server and xorg-x11-server-xwayland to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1917
    Patches
    Oracle Linux ELSA-2022-1917
  • CVE-2021-38185
    Recently Published

    Oracle Enterprise Linux Security Update for cpio (ELSA-2022-1991)

    Severity
    Critical4
    Qualys ID
    159796
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1991
    CVE Reference
    CVE-2021-38185
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Oracle Enterprise Linux has released a security update for cpio to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1991
    Patches
    Oracle Linux ELSA-2022-1991
  • CVE-2019-20838+
    Recently Published

    Ubuntu Security Notification for PCRE Vulnerabilities (USN-5425-1)

    Severity
    Critical4
    Qualys ID
    198789
    Date Published
    May 18, 2022
    Vendor Reference
    USN-5425-1
    CVE Reference
    CVE-2019-20838, CVE-2020-14155
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for pcre to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5425-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5425-1
  • CVE-2022-20792+
    Recently Published

    Ubuntu Security Notification for ClamAV Vulnerabilities (USN-5423-1)

    Severity
    Critical4
    Qualys ID
    198788
    Date Published
    May 18, 2022
    Vendor Reference
    USN-5423-1
    CVE Reference
    CVE-2022-20792, CVE-2022-20785, CVE-2022-20771, CVE-2022-20770, CVE-2022-20796
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for clamav to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5423-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5423-1
  • CVE-2022-24761
    Recently Published

    Debian Security Update for waitress (DSA 5138-1)

    Severity
    Critical4
    Qualys ID
    179293
    Date Published
    May 18, 2022
    Vendor Reference
    DSA 5138-1
    CVE Reference
    CVE-2022-24761
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Debian has released a security update for waitress to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DSA 5138-1 for updates and patch information.
    Patches
    Debian DSA 5138-1
  • CVE-2021-3660+
    Recently Published

    Oracle Enterprise Linux Security Update for cockpit (ELSA-2022-2008)

    Severity
    Critical4
    Qualys ID
    159832
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-2008
    CVE Reference
    CVE-2021-3660, CVE-2021-3698
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for cockpit to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2008
    Patches
    Oracle Linux ELSA-2022-2008
  • CVE-2021-39272+
    Recently Published

    Oracle Enterprise Linux Security Update for fetchmail (ELSA-2022-1964)

    Severity
    Critical4
    Qualys ID
    159824
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1964
    CVE Reference
    CVE-2021-39272, CVE-2021-36386
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for fetchmail to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1964
    Patches
    Oracle Linux ELSA-2022-1964
  • CVE-2021-4189+
    Recently Published

    Oracle Enterprise Linux Security Update for python27:2.7 (ELSA-2022-1821)

    Severity
    Critical4
    Qualys ID
    159819
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1821
    CVE Reference
    CVE-2021-4189, CVE-2021-43818, CVE-2022-0391, CVE-2021-3733, CVE-2021-3737
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for python27:2.7 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1821
    Patches
    Oracle Linux ELSA-2022-1821
  • CVE-2021-38593
    Recently Published

    Oracle Enterprise Linux Security Update for qt5-qtbase (ELSA-2022-1796)

    Severity
    Critical4
    Qualys ID
    159813
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1796
    CVE Reference
    CVE-2021-38593
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for qt5-qtbase to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1796
    Patches
    Oracle Linux ELSA-2022-1796
  • CVE-2020-19131
    Recently Published

    Oracle Enterprise Linux Security Update for libtiff (ELSA-2022-1810)

    Severity
    Critical4
    Qualys ID
    159809
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1810
    CVE Reference
    CVE-2020-19131
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for libtiff to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1810
    Patches
    Oracle Linux ELSA-2022-1810
  • CVE-2021-3737+
    Recently Published

    Oracle Enterprise Linux Security Update for python3 (ELSA-2022-1986)

    Severity
    Critical4
    Qualys ID
    159808
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1986
    CVE Reference
    CVE-2021-3737, CVE-2021-4189
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for python3 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1986
    Patches
    Oracle Linux ELSA-2022-1986
  • CVE-2022-27650
    Recently Published

    Oracle Enterprise Linux Security Update for container-tools:3.0 (ELSA-2022-1793)

    Severity
    Critical4
    Qualys ID
    159804
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1793
    CVE Reference
    CVE-2022-27650
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for container-tools:3.0 security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1793
    Patches
    Oracle Linux ELSA-2022-1793
  • CVE-2021-25633+
    Recently Published

    Oracle Enterprise Linux Security Update for libreoffice (ELSA-2022-1766)

    Severity
    Critical4
    Qualys ID
    159802
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1766
    CVE Reference
    CVE-2021-25633, CVE-2021-25634, CVE-2021-25635
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for libreoffice to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1766
    Patches
    Oracle Linux ELSA-2022-1766
  • CVE-2021-3733+
    Recently Published

    Oracle Enterprise Linux Security Update for python38:3.8 and python38-devel:3.8 (ELSA-2022-1764)

    Severity
    Critical4
    Qualys ID
    159797
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1764
    CVE Reference
    CVE-2021-3733, CVE-2022-0391, CVE-2021-43818, CVE-2021-3737
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Oracle Enterprise Linux has released a security update for python38:3.8 and python38-devel:3.8 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1764
    Patches
    Oracle Linux ELSA-2022-1764
  • CVE-2021-43818
    Recently Published

    Oracle Enterprise Linux Security Update for python39:3.9 and python39-devel:3.9 (ELSA-2022-1763)

    Severity
    Critical4
    Qualys ID
    159823
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1763
    CVE Reference
    CVE-2021-43818
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    Oracle Enterprise Linux has released a security update for python39:3.9 and python39-devel:3.9 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1763
    Patches
    Oracle Linux ELSA-2022-1763
  • CVE-2021-43818
    Recently Published

    Oracle Enterprise Linux Security Update for python-lxml (ELSA-2022-1932)

    Severity
    Critical4
    Qualys ID
    159798
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1932
    CVE Reference
    CVE-2021-43818
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    Oracle Enterprise Linux has released a security update for python-lxml to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1932
    Patches
    Oracle Linux ELSA-2022-1932
  • CVE-2021-21705+
    Recently Published

    Oracle Enterprise Linux Security Update for php:7.4 (ELSA-2022-1935)

    Severity
    Critical4
    Qualys ID
    159834
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1935
    CVE Reference
    CVE-2021-21705, CVE-2021-21703
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    Oracle Enterprise Linux has released a security update for php:7.4 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1935
    Patches
    Oracle Linux ELSA-2022-1935
  • CVE-2021-41617
    Recently Published

    Oracle Enterprise Linux Security Update for openssh (ELSA-2022-2013)

    Severity
    Critical4
    Qualys ID
    159826
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-2013
    CVE Reference
    CVE-2021-41617
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    Oracle Enterprise Linux has released a security update for openssh to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2013
    Patches
    Oracle Linux ELSA-2022-2013
  • CVE-2020-18898
    Recently Published

    Oracle Enterprise Linux Security Update for compat-exiv2-026 (ELSA-2022-1797)

    Severity
    Serious3
    Qualys ID
    159821
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1797
    CVE Reference
    CVE-2020-18898
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Oracle Enterprise Linux has released a security update for compat-exiv2-026 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1797
    Patches
    Oracle Linux ELSA-2022-1797
  • CVE-2020-18898
    Recently Published

    Oracle Enterprise Linux Security Update for exiv2 (ELSA-2022-1842)

    Severity
    Serious3
    Qualys ID
    159814
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1842
    CVE Reference
    CVE-2020-18898
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Oracle Enterprise Linux has released a security update for exiv2 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1842
    Patches
    Oracle Linux ELSA-2022-1842
  • CVE-2021-3634
    Recently Published

    Oracle Enterprise Linux Security Update for libssh (ELSA-2022-2031)

    Severity
    Serious3
    Qualys ID
    159812
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-2031
    CVE Reference
    CVE-2021-3634
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Oracle Enterprise Linux has released a security update for libssh to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2031
    Patches
    Oracle Linux ELSA-2022-2031
  • CVE-2021-39191+
    Recently Published

    Oracle Enterprise Linux Security Update for mod_auth_openidc:2.3 (ELSA-2022-1823)

    Severity
    Serious3
    Qualys ID
    159800
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1823
    CVE Reference
    CVE-2021-39191, CVE-2021-32786, CVE-2021-32792, CVE-2021-32791
    CVSS Scores
    Base 6.1 / Temporal 5.3
    Description
    Oracle Enterprise Linux has released a security update for mod_auth_openidc:2.3 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1823
    Patches
    Oracle Linux ELSA-2022-1823
  • CVE-2021-23222
    Recently Published

    Oracle Enterprise Linux Security Update for libpq (ELSA-2022-1891)

    Severity
    Serious3
    Qualys ID
    159807
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1891
    CVE Reference
    CVE-2021-23222
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Oracle Enterprise Linux has released a security update for libpq to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1891
    Patches
    Oracle Linux ELSA-2022-1891
  • CVE-2021-39358
    Recently Published

    Oracle Enterprise Linux Security Update for gfbgraph (ELSA-2022-1801)

    Severity
    Serious3
    Qualys ID
    159793
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1801
    CVE Reference
    CVE-2021-39358
    CVSS Scores
    Base 5.9 / Temporal 5.2
    Description
    Oracle Enterprise Linux has released a security update for gfbgraph to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1801
    Patches
    Oracle Linux ELSA-2022-1801
  • CVE-2021-3672
    Recently Published

    Oracle Enterprise Linux Security Update for c-ares (ELSA-2022-2043)

    Severity
    Serious3
    Qualys ID
    159827
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-2043
    CVE Reference
    CVE-2021-3672
    CVSS Scores
    Base 5.6 / Temporal 4.9
    Description
    Oracle Enterprise Linux has released a security update for c-ares to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2043
    Patches
    Oracle Linux ELSA-2022-2043
  • CVE-2021-45930
    Recently Published

    Oracle Enterprise Linux Security Update for qt5-qtsvg (ELSA-2022-1920)

    Severity
    Serious3
    Qualys ID
    159795
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1920
    CVE Reference
    CVE-2021-45930
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    Oracle Enterprise Linux has released a security update for qt5-qtsvg to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1920
    Patches
    Oracle Linux ELSA-2022-1920
  • CVE-2021-22021
    Under Investigation

    VMware vCenter Log Insight XSS Vulnerability (VMSA-2021-0019)

    Severity
    Serious3
    Qualys ID
    376610
    Vendor Reference
    VMSA-2021-0019
    CVE Reference
    CVE-2021-22021
    CVSS Scores
    Base 5.4 / Temporal 4.7
    Description
    vRealize Automation enables cloud automation through model-based service design, automated provisioning and lifecycle management of infrastructure, application and any custom IT services (XaaS).

    Affected Versions:
    vRealize Automation version prior to 8.1.0 build 18457068
    vRealize Automation version prior to 8.2.0 build 18430722
    vRealize Automation version prior to 8.3.0 build 18430451

    QID Detection Logic(Authenticated):
    This QID checks for vulnerable versions of VMware vRealize Log Insight Automation.

    Consequence
    An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.

    Solution
    Vendor has released patch to address this vulnerability. Refer to Vmware security advisory VMSA-2021-0019
    Patches
    VMSA-2021-0019
  • CVE-2021-28116
    Recently Published

    Oracle Enterprise Linux Security Update for squid:4 (ELSA-2022-1939)

    Severity
    Serious3
    Qualys ID
    159831
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1939
    CVE Reference
    CVE-2021-28116
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    Oracle Enterprise Linux has released a security update for squid:4 security and bug fix update to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1939
    Patches
    Oracle Linux ELSA-2022-1939
  • CVE-2020-13956
    Recently Published

    Oracle Enterprise Linux Security Update for maven:3.5 (ELSA-2022-1861)

    Severity
    Serious3
    Qualys ID
    159817
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1861
    CVE Reference
    CVE-2020-13956
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    Oracle Enterprise Linux has released a security update for maven:3.5 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1861
    Patches
    Oracle Linux ELSA-2022-1861
  • CVE-2021-25219
    Recently Published

    Oracle Enterprise Linux Security Update for bind (ELSA-2022-2092)

    Severity
    Serious3
    Qualys ID
    159815
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-2092
    CVE Reference
    CVE-2021-25219
    CVSS Scores
    Base 5.3 / Temporal 4.6
    Description
    Oracle Enterprise Linux has released a security update for bind to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2092
    Patches
    Oracle Linux ELSA-2022-2092
  • CVE-2021-33515
    Recently Published

    Oracle Enterprise Linux Security Update for dovecot (ELSA-2022-1950)

    Severity
    Medium2
    Qualys ID
    159794
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1950
    CVE Reference
    CVE-2021-33515
    CVSS Scores
    Base 4.8 / Temporal 4.2
    Description
    Oracle Enterprise Linux has released a security update for dovecot to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1950
    Patches
    Oracle Linux ELSA-2022-1950
  • CVE-2021-43813
    Recently Published

    Oracle Enterprise Linux Security Update for grafana (ELSA-2022-1781)

    Severity
    Medium2
    Qualys ID
    159830
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-1781
    CVE Reference
    CVE-2021-43813
    CVSS Scores
    Base 4.3 / Temporal 3.8
    Description
    Oracle Enterprise Linux has released a security update for grafana to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-1781
    Patches
    Oracle Linux ELSA-2022-1781
  • CVE-2021-44141+
    Recently Published

    Oracle Enterprise Linux Security Update for samba (ELSA-2022-2074)

    Severity
    Medium2
    Qualys ID
    159828
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-2074
    CVE Reference
    CVE-2021-44141, CVE-2021-20316
    CVSS Scores
    Base 4.3 / Temporal 3.8
    Description
    Oracle Enterprise Linux has released a security update for samba to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2074
    Patches
    Oracle Linux ELSA-2022-2074
  • CVE-2021-3981
    Recently Published

    Oracle Enterprise Linux Security Update for grub2 (ELSA-2022-2110)

    Severity
    Medium2
    Qualys ID
    159801
    Date Published
    May 18, 2022
    Vendor Reference
    ELSA-2022-2110
    CVE Reference
    CVE-2021-3981
    CVSS Scores
    Base 3.3 / Temporal 2.9
    Description
    Oracle Enterprise Linux has released a security update for grub2 to fix the vulnerabilities.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
    Consequence
    Successful exploitation allows an attacker to compromise the system.
    Solution
    To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:

    ELSA-2022-2110
    Patches
    Oracle Linux ELSA-2022-2110
  • CVE-2021-44224+
    Recently Published

    Apple MacOS Big Sur 11.6.6 Not Installed (HT213256)

    Severity
    Urgent5
    Qualys ID
    376608
    Date Published
    May 18, 2022
    Vendor Reference
    HT213256
    CVE Reference
    CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-22665, CVE-2022-22675, CVE-2022-26751, CVE-2022-26698, CVE-2022-26697, CVE-2022-22663, CVE-2022-26721, CVE-2022-26722, CVE-2022-26763, CVE-2022-22674, CVE-2022-26720, CVE-2022-26770, CVE-2022-26756, CVE-2022-26769, CVE-2022-26748, CVE-2022-26768, CVE-2022-26714, CVE-2022-26757, CVE-2022-26767, CVE-2022-26706, CVE-2022-26776, CVE-2022-0778, CVE-2022-23308, CVE-2022-0778, CVE-2022-26712, CVE-2022-26746, CVE-2022-26766, CVE-2022-26718, CVE-2022-26723, CVE-2022-26715, CVE-2022-26728, CVE-2022-26726, CVE-2022-26755, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2021-46059, CVE-2022-0128, CVE-2022-22589, CVE-2022-26745, CVE-2022-26761, CVE-2022-0530, CVE-2018-25032, CVE-2021-45444
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    macOS Big Sur (version 11) is the 17th and current major release of macOS, Apple Inc.'s operating system for Macintosh computers

    Affected Versions:
    Apple MacOS Big Sur version before 11.6.6

    QID Detection Logic:
    This QID checks for vulnerable version of Big sur.

    Consequence
    A successful exploit may lead to arbitrary code execution, information disclosure and privilege escalation

    Solution
    The updates can be downloaded from Apple Downloads.

    For more information regarding the update can be found at HT213256.

    Patches
    HT213256
  • CVE-2022-29155
    Recently Published

    SUSE Enterprise Linux Security Update for openldap2 (SUSE-SU-2022:1670-1)

    Severity
    Urgent5
    Qualys ID
    752134
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1670-1
    CVE Reference
    CVE-2022-29155
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for openldap2 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP4
    SUSE Linux Enterprise Server Basesystem 15 SP3
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1670-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1670-1
  • CVE-2022-29155
    Recently Published

    SUSE Enterprise Linux Security Update for openldap2 (SUSE-SU-2022:1671-1)

    Severity
    Urgent5
    Qualys ID
    752131
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1671-1
    CVE Reference
    CVE-2022-29155
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for openldap2 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1671-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1671-1
  • CVE-2022-29155
    Recently Published

    SUSE Enterprise Linux Security Update for openldap2 (SUSE-SU-2022:1685-1)

    Severity
    Urgent5
    Qualys ID
    752127
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1685-1
    CVE Reference
    CVE-2022-29155
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    SUSE has released a security update for openldap2 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server for SAP Applications 12 SP5
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1685-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1685-1
  • CVE-2021-44224+
    In Development

    Apple macOS Security Update 2022-004 Catalina (HT213255)

    Severity
    Urgent5
    Qualys ID
    376607
    Vendor Reference
    HT213255
    CVE Reference
    CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-22665, CVE-2022-26751, CVE-2022-26697, CVE-2022-26698, CVE-2022-22663, CVE-2022-26721, CVE-2022-26722, CVE-2022-26763, CVE-2022-22674, CVE-2022-26720, CVE-2022-26770, CVE-2022-26756, CVE-2022-26769, CVE-2022-26748, CVE-2022-26714, CVE-2022-26757, CVE-2022-26775, CVE-2022-0778, CVE-2022-23308, CVE-2022-0778, CVE-2022-26727, CVE-2022-26746, CVE-2022-26766, CVE-2022-26715, CVE-2022-26728, CVE-2022-26726, CVE-2022-26755, CVE-2022-22589, CVE-2022-26761, CVE-2022-0530, CVE-2018-25032, CVE-2021-45444
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Apple has released this Security Update for multiple vulnerabilities

    Affected versions:
    Prior to Apple macOS Security Update 2022-004 Catalina.

    QID Detection Logic (Authenticated):
    This QID looks for the missing security patches from Catalina

    Consequence
    A malicious application may be able to execute arbitrary code.

    Solution
    The vendor has released these fixes: Security Update 2022-004 Catalina.

    More information regarding the update can be found at HT213255.

    Patches
    HT213255
  • CVE-2022-1619+
    Recently Published

    Debian Security Update for vim (DLA 3011-1)

    Severity
    Urgent5
    Qualys ID
    179292
    Date Published
    May 17, 2022
    Vendor Reference
    DLA 3011-1
    CVE Reference
    CVE-2022-1619, CVE-2022-1154, CVE-2022-1616, CVE-2022-1621, CVE-2022-0351, CVE-2022-0443, CVE-2022-0261, CVE-2022-0413, CVE-2022-0572
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    Debian has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3011-1 for updates and patch information.
    Patches
    Debian DLA 3011-1
  • In Development

    EOL/Obsolete Software: Citrix Virtual Apps and Desktops 7 (1909,1906,1903) Detected

    Severity
    Urgent5
    Qualys ID
    106059
    Vendor Reference
    CTX200356
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    Citrix Virtual Apps and Desktops provides a virtualization solution for application and desktop delivery to any device, over any network.

    Citrix Virtual Apps and Desktops 7 1903,1906,and 1909 has reached its end of life on 28-Mar 2019, 29-Jul 2019 and 19-Sep-2019
    Affected Versions:
    Citrix Virtual Apps and Desktops 7 1903
    Citrix Virtual Apps and Desktops 7 1906
    Citrix Virtual Apps and Desktops 7 1909

    QID Detection Logic (Authenticated)
    This checks for vulnerable version of Citrix Virtual Apps and Desktops.

    Consequence
    The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.

    Solution
    Customers are advised to upgrade to the latest supported python releases to remediate this vulnerability.
    For latest release visit CTX200356.
  • CVE-2021-4154+
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1687-1)

    Severity
    Critical4
    Qualys ID
    752126
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1687-1
    CVE Reference
    CVE-2021-4154, CVE-2022-1158, CVE-2022-1280, CVE-2022-28893, CVE-2022-1516, CVE-2020-27835, CVE-2022-29156, CVE-2022-1419, CVE-2021-20292, CVE-2022-0812, CVE-2022-1353, CVE-2022-28748, CVE-2022-28356, CVE-2021-38208, CVE-2021-0707, CVE-2021-20321
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    SUSE has released a security update for kernel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1687-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1687-1
  • CVE-2022-22576+
    Recently Published

    SUSE Enterprise Linux Security Update for curl (SUSE-SU-2022:1680-1)

    Severity
    Critical4
    Qualys ID
    752137
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1680-1
    CVE Reference
    CVE-2022-22576, CVE-2022-27776
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for curl to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1680-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1680-1
  • CVE-2022-26491
    Recently Published

    SUSE Enterprise Linux Security Update for pidgin (SUSE-SU-2022:1664-1)

    Severity
    Critical4
    Qualys ID
    752136
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1664-1
    CVE Reference
    CVE-2022-26491
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for pidgin to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1664-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1664-1
  • CVE-2022-1271
    Recently Published

    SUSE Enterprise Linux Security Update for gzip (SUSE-SU-2022:1673-1)

    Severity
    Critical4
    Qualys ID
    752135
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1673-1
    CVE Reference
    CVE-2022-1271
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for gzip to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1673-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1673-1
  • CVE-2022-1271
    Recently Published

    SUSE Enterprise Linux Security Update for gzip (SUSE-SU-2022:1674-1)

    Severity
    Critical4
    Qualys ID
    752132
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1674-1
    CVE Reference
    CVE-2022-1271
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    SUSE has released a security update for gzip to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server for SAP Applications 15
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1674-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1674-1
  • CVE-2022-26700+
    In Development

    Apple Safari Multiple Vulnerabilities (HT213260)

    Severity
    Critical4
    Qualys ID
    376602
    Vendor Reference
    HT213260
    CVE Reference
    CVE-2022-26700, CVE-2022-26719, CVE-2022-26709, CVE-2022-26716, CVE-2022-26717
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Safari is a Web-browser developed by Apple which is based on the WebKit engine.

    Affected versions:
    Apple Safari Versions Prior to 15.5

    QID Detection Logic (Authenticated)
    This QID checks for vulnerable versions of Apple Safari.
    Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

    Consequence
    Processing maliciously crafted web content may lead to arbitrary code execution

    Solution
    The apple browser safari needs to upgrade to the latest version 15.5 released by Apple.
    For more information regarding the update HT213260
    Patches
    HT213260
  • CVE-2022-24765+
    Recently Published

    Apple Xcode Prior to 13.4 Vulnerability (HT213261)

    Severity
    Critical4
    Qualys ID
    376606
    Date Published
    May 19, 2022
    Vendor Reference
    HT213261
    CVE Reference
    CVE-2022-24765, CVE-2022-26747
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Apple Xcode is an integrated development environment (IDE) for macOS containing a suite of software development tools developed by Apple.

    CVE-2022-24765: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

    CVE-2022-26747: An app may be able to gain elevated privileges

    Affected Versions:
    Apple Xcode all versions prior to 13.4
    Note: Xcode 13.4 is only available for: macOS Monterey 12 or later

    QID Detection Logic (Authenticated): This checks for vulnerable versions of Apple Xcode under the Apple System Information.

    Consequence
    An attacker may be able to cause privilege escalation.

    Solution
    Xcode 13.4 is only available for: macOS Monterey 12 or later

    Download XCode from here
    For more information please refer to HT213261

    Patches
    HT213261
  • CVE-2022-0778
    Recently Published

    FortiGate FortiManager and FortiAnalyzer Denial of Service (DoS) Vulnerability (FG-IR-22-059)

    Severity
    Serious3
    Qualys ID
    376603
    Date Published
    May 19, 2022
    Vendor Reference
    FG-IR-22-059
    CVE Reference
    CVE-2022-0778
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    FortiManager provides centralized policy-based provisioning, device configuration, and update management for FortiGate, FortiWiFi, and FortiMail appliances, and FortiClient end-point security agents, plus end-to-end network monitoring and device control.

    CVE-2022-0778:The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli
    Affected Products:
    FortiManager Versions 6.2.0 through 6.2.9
    FortiManager Versions 6.4.0 through 6.4.7
    FortiManager Versions7.0.0 through 7.0.3
    FortiAnalyzer Versions 6.2.0 through 6.2.9
    FortiAnalyzer Versions 6.4.0 through 6.4.7
    FortiAnalyzer Versions7.0.0 through 7.0.3

    QID Detection Logic(Authenticated):
    QID will fire the command to get system status and will match the affected versions.

    Consequence
    Successful exploitation of this vulnerability may cause denial of service and unavailability of services.
    Solution

    Customers are advised to refer to FG-IR-22-059 for more information.

    Patches
    FG-IR-22-059
  • CVE-2022-23852+
    Recently Published

    IBM DB2 Arbitrary Code Execution Vulnerability (6573293)

    Severity
    Critical4
    Qualys ID
    20258
    Date Published
    May 19, 2022
    Vendor Reference
    6573293
    CVE Reference
    CVE-2022-23852, CVE-2022-23990
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    DB2 is a family of data management products, including database servers, developed by IBM.

    CVE-2022-23852:Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
    CVE-2022-23990:Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

    Affected Versions:
    IBM DB2 prior to V9.7 FP11
    IBM DB2 prior to V10.1 FP6
    IBM DB2 prior to V10.5 FP11
    IBM DB2 prior to V11.1.4 FP 7
    QID Detection Logic: Authenticated (DB2): This QID queries the DB2 server to get the server version and fix pack level and checks to see if it's vulnerable.

    Authenticated (Windows): This QID checks for vulnerable version of DB2 on windows OS

    Consequence
    attacker could exploit this vulnerability to execute arbitrary code on the system.

    Solution

    Please refer to the following links 6573293

    Patches
    6573293
  • CVE-2022-29263
    Recently Published

    F5 BIG-IP Access Policy Manager (APM) Privilege Escalation Vulnerability (K33552735)

    Severity
    Critical4
    Qualys ID
    376595
    Date Published
    May 19, 2022
    Vendor Reference
    K33552735
    CVE Reference
    CVE-2022-29263
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    The BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. (CVE-2022-29263)

    Affected Versions:
    16.1.0 - 16.1.2
    15.1.0 - 15.1.5
    14.1.0 - 14.1.4
    13.1.0 - 13.1.4
    12.1.0 - 12.1.6
    11.6.1 - 11.6.5

    QID Detection Logic(Authenticated):
    This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

    Consequence
    This vulnerability can be exploited to allow a low privileged attacker to gain privilege escalation on the client Windows system.

    Solution
    For more information about patch details please refer to K33552735
    Patches
    K33552735
  • CVE-2021-30339+
    Recently Published

    Google Android May 2022 Security Patch Missing for Samsung

    Severity
    Urgent5
    Qualys ID
    610415
    Date Published
    May 19, 2022
    Vendor Reference
    SMR-May-2022
    CVE Reference
    CVE-2021-30339, CVE-2021-30341, CVE-2021-30347, CVE-2021-30342, CVE-2021-30343, CVE-2021-35112, CVE-2021-35081, CVE-2021-0707, CVE-2021-39800, CVE-2021-39801, CVE-2021-39802, CVE-2021-30350, CVE-2021-30344, CVE-2021-30340, CVE-2021-30334, CVE-2021-35130, CVE-2021-39807, CVE-2021-39662, CVE-2022-20004, CVE-2022-20005, CVE-2022-20006, CVE-2022-20007, CVE-2022-20113, CVE-2022-20114, CVE-2022-20116, CVE-2022-20010, CVE-2022-20011, CVE-2022-20115, CVE-2021-39670, CVE-2022-20112, CVE-2021-1020, CVE-2021-1021, CVE-2021-39700
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Android is a mobile operating system based on a modified version of the Linux kernel and other open source software, designed primarily for touchscreen mobile devices such as smartphones and tablets.

    Following security issues were discovered:
    CVE-2021-30339,CVE-2021-30341,CVE-2021-30347,CVE-2021-30342,CVE-2021-30343,CVE-2021-35112,CVE-2021-35081 ,CVE-2021-0707,CVE-2021-39800,CVE-2021-39801,CVE-2021-39802,CVE-2021-30350,CVE-2021-30344,CVE-2021-30340,CVE-2021-30334,CVE-2021-35130,CVE-2021-39807,CVE-2021-39662,CVE-2022-20004,CVE-2022-20005,CVE-2022-20006,CVE-2022-20007,CVE-2022-20113,CVE-2022-20114,CVE-2022-20116,CVE-2022-20010,CVE-2022-20011,CVE-2022-20115,CVE-2021-39670,CVE-2022-20112 ,CVE-2021-1020,CVE-2021-1021,CVE-2021-39700

    Affected Products :
    Galaxy Fold, Galaxy Fold 5G, Galaxy Z Fold2, Galaxy Z Fold2 5G, Galaxy Z Fold3 5G, Galaxy Z Flip, Galaxy Z Flip 5G, Galaxy Z Flip3 5G Galaxy S10 5G, Galaxy S10 Lite Galaxy S20, Galaxy S20 5G, Galaxy S20+, Galaxy S20+ 5G, Galaxy S20 Ultra, Galaxy S20 Ultra 5G, Galaxy S20 FE, Galaxy S20 FE 5G, Galaxy S21 5G, Galaxy S21+ 5G, Galaxy S21 Ultra 5G, Galaxy S21 FE 5G, Galaxy S22, Galaxy S22+, Galaxy S22 Ultra Galaxy Note10, Galaxy Note10 5G, Galaxy Note10+, Galaxy Note10+ 5G, Galaxy Note10 Lite, Galaxy Note20, Galaxy Note20 5G, Galaxy Note20 Ultra, Galaxy Note20 Ultra 5G Enterprise Models: Galaxy A52, Galaxy A52 5G, Galaxy A52s 5G, Galaxy A53 5G, Galaxy XCover4s, Galaxy Xcover FieldPro, Galaxy Xcover Pro, Galaxy Xcover5

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to Samsung Security advisory SMR-May-2022 to address this issue and obtain more information.
    Patches
    Android SMR-May-2022
  • CVE-2021-35081+
    Recently Published

    Google Android May 2022 Security Patch Missing for Huawei EMUI

    Severity
    Urgent5
    Qualys ID
    610414
    Date Published
    May 19, 2022
    Vendor Reference
    May 2022
    CVE Reference
    CVE-2021-35081, CVE-2021-0694, CVE-2021-39795, CVE-2021-39803, CVE-2021-39804, CVE-2021-39794, CVE-2021-39796, CVE-2021-39808, CVE-2021-39809, CVE-2021-30334, CVE-2021-35130, CVE-2021-0707, CVE-2021-39800, CVE-2021-39801, CVE-2021-39776, CVE-2021-39771, CVE-2021-35071, CVE-2021-39739, CVE-2021-39741, CVE-2021-39748, CVE-2021-39759, CVE-2021-39760, CVE-2021-39762, CVE-2021-39763, CVE-2021-39764, CVE-2021-39774, CVE-2021-39777, CVE-2021-39781, CVE-2021-39746, CVE-2021-39757, CVE-2021-39786
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Android is a mobile operating system based on a modified version of the Linux kernel and other open source software, designed primarily for touchscreen mobile devices such as smartphones and tablets.

    Following security issues were discovered:
    CVE-2021-35081,CVE-2021-0694, CVE-2021-39795, CVE-2021-39803, CVE-2021-39804, CVE-2021-39794, CVE-2021-39796, CVE-2021-39808, CVE-2021-39809, CVE-2021-30334, CVE-2021-35130, CVE-2021-0707, CVE-2021-39800, CVE-2021-39801, CVE-2021-39776,CVE-2021-39771, CVE-2021-35071, CVE-2021-39739, CVE-2021-39741, CVE-2021-39748, CVE-2021-39759, CVE-2021-39760, CVE-2021-39762, CVE-2021-39763, CVE-2021-39764, CVE-2021-39774, CVE-2021-39777, CVE-2021-39781, CVE-2021-39746, CVE-2021-39757, CVE-2021-39786

    Affected Devices :
    HUAWEI P series: P30 Pro, P30, P20 Pro, P20
    HUAWEI Mate series: Mate 20 X, Mate 20 Pro, Mate 20, Mate 20 RS, Mate 10 Pro, Mate 10, PORSCHE DESIGN HUAWEI Mate RS

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to HUAWEI Security advisory May 2022 to address this issue and obtain more information.
    Patches
    Android May 2022
  • CVE-2022-20118+
    Recently Published

    Google Pixel Android May 2022 Security Patch Missing

    Severity
    Urgent5
    Qualys ID
    610412
    Date Published
    May 19, 2022
    Vendor Reference
    Pixel Update Bulletin May2022
    CVE Reference
    CVE-2022-20118, CVE-2022-20121, CVE-2022-20119, CVE-2022-20117, CVE-2021-4083, CVE-2022-20120, CVE-2021-35092, CVE-2021-35085, CVE-2021-35084, CVE-2021-35079, CVE-2021-35098
    CVSS Scores
    Base 7 / Temporal 6.1
    Description
    Android is a mobile operating system based on a modified version of the Linux kernel and other open source software, designed primarily for touchscreen mobile devices such as smartphones and tablets.

    Following security issues were discovered:
    CVE-2022-20118,CVE-2022-20121,CVE-2022-20119,CVE-2022-20117,CVE-2021-4083,CVE-2022-20120,CVE-2021-35092,CVE-2021-35085,CVE-2021-35084,CVE-2021-35079,CVE-2021-35098

    Affected Products :
    Pixel 4 XL, Pixel 4, Pixel 3a XL, Pixel 3a, Pixel 3 XL, Pixel 3, Pixel 2 XL, Pixel 2

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to Google Pixel advisory Google Pixel Android May2022 to address this issue and obtain more information.
    Patches
    Android May 2022
  • CVE-2021-39700+
    Recently Published

    Google Android Devices May 2022 Security Patch Missing

    Severity
    Critical4
    Qualys ID
    610413
    Date Published
    May 19, 2022
    Vendor Reference
    Android Security Bulletin May2022
    CVE Reference
    CVE-2021-39700, CVE-2021-39662, CVE-2021-35080, CVE-2022-20011, CVE-2022-20010, CVE-2021-35087, CVE-2021-35086, CVE-2022-20109, CVE-2022-22064, CVE-2022-22065, CVE-2022-22068, CVE-2021-35116, CVE-2021-35072, CVE-2021-35073, CVE-2021-35076, CVE-2021-35078, CVE-2022-22072, CVE-2021-39670, CVE-2022-20004, CVE-2022-20005, CVE-2021-35090, CVE-2021-22600, CVE-2021-35096, CVE-2021-35094, CVE-2022-20008, CVE-2022-20009, CVE-2022-20084, CVE-2022-20114, CVE-2022-20115, CVE-2022-20112, CVE-2022-20113, CVE-2022-20110, CVE-2022-20116, CVE-2022-22057, CVE-2022-20007, CVE-2022-0847
    CVSS Scores
    Base 7.8 / Temporal 7
    Description
    Android is a mobile operating system based on a modified version of the Linux kernel and other open source software, designed primarily for touchscreen mobile devices such as smartphones and tablets.

    Following security issues were discovered:
    CVE-2021-39700,CVE-2021-39662,CVE-2021-35080,CVE-2022-20011,CVE-2022-20010,CVE-2021-35087,CVE-2021-35086,CVE-2022-20109,CVE-2022-22064,CVE-2022-22065,CVE-2022-22068,CVE-2021-35116,CVE-2021-35072,CVE-2021-35073,CVE-2021-35076,CVE-2021-35078,CVE-2022-22072,CVE-2021-39670,CVE-2022-20004,CVE-2022-20005,CVE-2021-35090,CVE-2021-22600,CVE-2021-35096,CVE-2021-35094,CVE-2022-20008,CVE-2022-20009,CVE-2022-20084,CVE-2022-20114,CVE-2022-20115,CVE-2022-20112,CVE-2022-20113,CVE-2022-20110,CVE-2022-20116,CVE-2022-22057,CVE-2022-20007,CVE-2022-0847

    Consequence
    On successful exploitation, it could allow an attacker to execute code.
    Solution
    Refer to Google advisory Google Android May2022 to address this issue and obtain more information.
    Patches
    Android May 2022
  • CVE-2021-3750
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for qemu-kvm (9707)

    Severity
    Critical4
    Qualys ID
    901579
    Date Published
    May 18, 2022
    Vendor Reference
    9707
    CVE Reference
    CVE-2021-3750
    CVSS Scores
    Base 8.2 / Temporal 7.5
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for qemu-kvm to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-24903
    Recently Published

    Fedora Security Update for rsyslog (FEDORA-2022-f796a28a7b)

    Severity
    Critical4
    Qualys ID
    282693
    Date Published
    May 18, 2022
    Vendor Reference
    FEDORA-2022-f796a28a7b
    CVE Reference
    CVE-2022-24903
    CVSS Scores
    Base 8.1 / Temporal 7.1
    Description
    Fedora has released a security update for rsyslog to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-f796a28a7b
  • CVE-2022-1629
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9713)

    Severity
    Critical4
    Qualys ID
    901578
    Date Published
    May 18, 2022
    Vendor Reference
    9713
    CVE Reference
    CVE-2022-1629
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1621
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9712)

    Severity
    Critical4
    Qualys ID
    901577
    Date Published
    May 18, 2022
    Vendor Reference
    9712
    CVE Reference
    CVE-2022-1621
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1619
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9710)

    Severity
    Critical4
    Qualys ID
    901576
    Date Published
    May 18, 2022
    Vendor Reference
    9710
    CVE Reference
    CVE-2022-1619
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1304
    Recently Published

    SUSE Enterprise Linux Security Update for e2fsprogs (SUSE-SU-2022:1695-1)

    Severity
    Critical4
    Qualys ID
    752139
    Date Published
    May 18, 2022
    Vendor Reference
    SUSE-SU-2022:1695-1
    CVE Reference
    CVE-2022-1304
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released a security update for e2fsprogs to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1695-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1695-1
  • CVE-2022-1620
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9711)

    Severity
    Critical4
    Qualys ID
    901574
    Date Published
    May 18, 2022
    Vendor Reference
    9711
    CVE Reference
    CVE-2022-1620
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-22966
    In Development

    VMware Cloud Director Remote Code Execution (RCE) Vulnerability (VMSA-2022-0013)

    Severity
    Critical4
    Qualys ID
    376604
    Vendor Reference
    VMSA-2022-0013
    CVE Reference
    CVE-2022-22966
    CVSS Scores
    Base 7.2 / Temporal 6.3
    Description
    VMware Cloud Director enables Cloud Providers to automate complex infrastructure-as-code and tile UI driven workflows to deploy X-as-a-Service, all while maintaining access control and visibility.

    Affected Versions:
    VMware Cloud Director versions before 10.3.3
    VMware Cloud Director versions before 10.2.2.3
    VMware Cloud Director versions before 10.1.4.1

    QID Detection Logic (Authenticated):
    This QID checks for vulnerable versions of VMware Cloud Director with build version on the target.

    Consequence
    An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server.

    Solution
    VMware has released patches for these vulnerabilities.

    Refer to VMware advisory VMSA-2022-0013

    Workaround:

    Refer to VMware KB VM_KB_ 88176 for more information.

    Patches
    VMSA-2022-0013
  • CVE-2022-1175+
    Recently Published

    GitLab Multiple Security Vulnerabilities (gitlab- 14.8.6, 14.9.4, 14.10.1)

    Severity
    Critical4
    Qualys ID
    376605
    Date Published
    May 18, 2022
    Vendor Reference
    Gitlab-Advisory
    CVE Reference
    CVE-2022-1175, CVE-2022-1423, CVE-2022-1510, CVE-2022-1406, CVE-2022-1460, CVE-2022-1413, CVE-2022-1352, CVE-2022-1428, CVE-2022-1417, CVE-2022-1124, CVE-2022-1416, CVE-2022-1431, CVE-2022-1433, CVE-2022-1426
    CVSS Scores
    Base 6.1 / Temporal 5.5
    Description
    GitLab, the software, is a web-based Git repository manager with wiki and issue tracking features.

    Affected Version:
    All versions prior to 14.8.6
    All versions from 14.9 prior to 14.9.4
    All versions from 14.10 prior to 14.10.1
    QID Detection Logic:(Authenticated)
    It fires gitlab-rake gitlab:env:info command to check vulnerable version of GitLab.

    Consequence
    Successful exploitation of these vulnerabilities may affect the Confidentiality, Integrity and Availability of the targeted user.
    Solution
    The vendor has released patch, For more information please visit GitLab advisory
    Patches
    Gitlab-Advisory
  • CVE-2022-28181+
    Under Investigation

    NVIDIA GPU Display Driver Multiple Vulnerabilities (May 2022)

    Severity
    Serious3
    Qualys ID
    376609
    Vendor Reference
    5353
    CVE Reference
    CVE-2022-28181, CVE-2022-28182, CVE-2022-28183, CVE-2022-28184, CVE-2022-28185, CVE-2022-28186, CVE-2022-28187, CVE-2022-28188, CVE-2022-28189, CVE-2022-28190
    CVSS Scores
    Base 8.5 / Temporal 7.4
    Description
    NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, data tampering, or information disclosure.

    Affected versions:
    GeForce All versions prior to 512.77 on R510 Driver Branch
    Studio All drivers on R510 Driver Branch
    NVIDIA RTX/Quadro, NVS All driver versions prior to 473.47 on R510 Driver Branch
    NVIDIA RTX/Quadro, NVS All driver versions prior to 512.78 on R470 Driver Branch
    Tesla All driver versions on R510 Driver Branch
    Tesla All driver versions prior to 473.47 on R470 Driver Branch
    Tesla All driver versions prior to 453.51 on R450 Driver Branch
    QID detection logic (authenticated):
    The QID checks for vulnerable versions of nvcpl.dll.

    Consequence
    Successful exploitation of these vulnerabilities may lead to denial of service, information disclosure, or data tampering.
    Solution

    Customers are advised to refer NVIDIA Driver Downloads for more information related to these vulnerabilities.

    Patches
    5353
  • CVE-2022-30295
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for uclibc-ng (9709)

    Severity
    Serious3
    Qualys ID
    901575
    Date Published
    May 18, 2022
    Vendor Reference
    9709
    CVE Reference
    CVE-2022-30295
    CVSS Scores
    Base 6.5 / Temporal 6
    Description
    CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for uclibc-ng to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-43066
    Recently Published

    Forticlient Windows Privilege Escalation Vulnerability (FG-IR-21-154)

    Severity
    Critical4
    Qualys ID
    376600
    Date Published
    May 18, 2022
    Vendor Reference
    FG-IR-21-154
    CVE Reference
    CVE-2021-43066
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    FortiClient is a comprehensive endpoint security solution.

    Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow an attacker with access to the configuration or the backup file to decrypt the sensitive data via knowledge of the hard-coded key.

    Affected Versions:
    Affected Products FortiClientWindows version 6.0.X
    FortiClientWindows version 6.2.X
    FortiClientWindows version 6.4.0 through 6.4.6
    FortiClientWindows version 7.0.0 through 7.0.2

    QID Detection Logic (Authenticated) :
    This checks for vulnerable version of FortiClient.exe.

    Consequence
    The vulnerability may allow an attacker to Execute unauthorized code or commands.

    Solution
    Users are advised to upgrade to the latest version FortiClient 6.4.7 or 7.0.3 of the software.Latest version can be downloaded from Forticlient
    Patches
    FG-IR-21-154
  • CVE-2018-18999
    Recently Published

    Advantech WebAccess/SCADA Vulnerability (ICSA-18-352-02)

    Severity
    Critical4
    Qualys ID
    590842
    Date Published
    May 18, 2022
    Vendor Reference
    ICSA-18-352-02
    CVE Reference
    CVE-2018-18999
    CVSS Scores
    Base 7.3 / Temporal 6.6
    Description

    AFFECTED PRODUCTS
    The following versions of WebAccess/SCADA, a SCADA software platform, are affected:
    WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1.

    QID Detection Logic (Authenticated)
    QID checks for the Vulnerable version using windows registry keys

    Consequence
    Successful exploitation of this vulnerability could cause a stack buffer overflow condition.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-18-352-02 for affected packages and patching details.

    Patches
    ICSA-18-352-02
  • CVE-2022-1304
    Recently Published

    SUSE Enterprise Linux Security Update for e2fsprogs (SUSE-SU-2022:1688-1)

    Severity
    Critical4
    Qualys ID
    752128
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1688-1
    CVE Reference
    CVE-2022-1304
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released a security update for e2fsprogs to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP3
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server for SAP Applications 15
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1688-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1688-1
  • CVE-2022-1011+
    Recently Published

    SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1686-1)

    Severity
    Critical4
    Qualys ID
    752125
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1686-1
    CVE Reference
    CVE-2022-1011, CVE-2021-20321, CVE-2022-1280, CVE-2021-43389, CVE-2022-1516, CVE-2022-1419, CVE-2021-20292, CVE-2022-28748, CVE-2019-20811, CVE-2022-1353, CVE-2022-28356, CVE-2021-38208, CVE-2018-7755
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    SUSE has released a security update for kernel to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1686-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1686-1
  • CVE-2022-27239+
    Recently Published

    Debian Security Update for cifs-utils (DLA 3009-1)

    Severity
    Critical4
    Qualys ID
    179289
    Date Published
    May 17, 2022
    Vendor Reference
    DLA 3009-1
    CVE Reference
    CVE-2022-27239, CVE-2022-29869
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    Debian has released a security update for cifs-utils to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3009-1 for updates and patch information.
    Patches
    Debian DLA 3009-1
  • CVE-2022-23648+
    Recently Published

    SUSE Enterprise Linux Security Update for containerd, docker (SUSE-SU-2022:1689-1)

    Severity
    Critical4
    Qualys ID
    752133
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1689-1
    CVE Reference
    CVE-2022-23648, CVE-2022-27191, CVE-2021-43565, CVE-2022-24769
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for containerd to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 15 SP1
    SUSE Linux Enterprise Server for SAP Applications 15
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1689-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1689-1
  • CVE-2020-36518+
    Recently Published

    SUSE Enterprise Linux Security Update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core (SUSE-SU-2022:1678-1)

    Severity
    Critical4
    Qualys ID
    752129
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1678-1
    CVE Reference
    CVE-2020-36518, CVE-2020-25649, CVE-2020-28491
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    SUSE has released a security update for jackson-databind to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server Basesystem 15 SP4
    SUSE Linux Enterprise Server Basesystem 15 SP3
    SUSE Linux Enterprise Server for SAP Applications 15 SP2
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1678-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1678-1
  • CVE-2022-23308+
    Recently Published

    Ubuntu Security Notification for libxml2 Vulnerabilities (USN-5422-1)

    Severity
    Critical4
    Qualys ID
    198787
    Date Published
    May 17, 2022
    Vendor Reference
    USN-5422-1
    CVE Reference
    CVE-2022-23308, CVE-2022-29824
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    Ubuntu has released a security update for libxml2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Ubuntu security advisory USN-5422-1 for updates and patch information.
    Patches
    Ubuntu Linux USN-5422-1
  • CVE-2022-0562+
    Recently Published

    SUSE Enterprise Linux Security Update for tiff (SUSE-SU-2022:1667-1)

    Severity
    Critical4
    Qualys ID
    752138
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1667-1
    CVE Reference
    CVE-2022-0562, CVE-2022-0891, CVE-2022-0924, CVE-2022-0909, CVE-2022-1056, CVE-2022-0908, CVE-2022-0865, CVE-2022-0561
    CVSS Scores
    Base 7.1 / Temporal 6.2
    Description
    SUSE has released a security update for tiff to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1667-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1667-1
  • Recently Published

    Debian Security Update for ffmpeg (DLA 3010-1)

    Severity
    Serious3
    Qualys ID
    179290
    Date Published
    May 17, 2022
    Vendor Reference
    DLA 3010-1
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Debian has released a security update for ffmpeg to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3010-1 for updates and patch information.
    Patches
    Debian DLA 3010-1
  • CVE-2022-22624+
    Recently Published

    SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:1677-1)

    Severity
    Serious3
    Qualys ID
    752124
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1677-1
    CVE Reference
    CVE-2022-22624, CVE-2022-22594, CVE-2022-22629, CVE-2022-22637, CVE-2022-22628
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    SUSE has released a security update for webkit2gtk3 to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise Server for SAP Applications 12 SP4
    SUSE Linux Enterprise Server 12 SP5
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    SUSE Linux Enterprise Server for SAP Applications 12 SP3
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1677-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1677-1
  • CVE-2022-29824
    Recently Published

    Debian Security Update for libxml2 (DLA 3012-1)

    Severity
    Serious3
    Qualys ID
    179291
    Date Published
    May 17, 2022
    Vendor Reference
    DLA 3012-1
    CVE Reference
    CVE-2022-29824
    CVSS Scores
    Base 6.5 / Temporal 5.7
    Description
    Debian has released a security update for libxml2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to Debian security advisory DLA 3012-1 for updates and patch information.
    Patches
    Debian DLA 3012-1
  • CVE-2019-20093
    Recently Published

    SUSE Enterprise Linux Security Update for podofo (SUSE-SU-2022:1690-1)

    Severity
    Serious3
    Qualys ID
    752130
    Date Published
    May 17, 2022
    Vendor Reference
    SUSE-SU-2022:1690-1
    CVE Reference
    CVE-2019-20093
    CVSS Scores
    Base 5.5 / Temporal 4.8
    Description
    SUSE has released a security update for podofo to fix the vulnerabilities.

    Affected product(s):
    SUSE Linux Enterprise (Desktop|Server) 12 SP5
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution
    Refer to SUSE security advisory SUSE-SU-2022:1690-1 for updates and patch information.
    Patches
    SUSE Enterprise Linux SUSE-SU-2022:1690-1
  • CVE-2022-22823
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7157-1)

    Severity
    Urgent5
    Qualys ID
    901563
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7157-1
    CVE Reference
    CVE-2022-22823
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7157-1
  • CVE-2020-26154
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libproxy (7271-1)

    Severity
    Urgent5
    Qualys ID
    901557
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7271-1
    CVE Reference
    CVE-2020-26154
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libproxy to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7271-1
  • CVE-2017-16844
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for procmail (6803-1)

    Severity
    Urgent5
    Qualys ID
    901554
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6803-1
    CVE Reference
    CVE-2017-16844
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for procmail to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6803-1
  • CVE-2021-27135
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for xterm (7454)

    Severity
    Urgent5
    Qualys ID
    901553
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7454
    CVE Reference
    CVE-2021-27135
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for xterm to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-1292
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9649)

    Severity
    Urgent5
    Qualys ID
    901542
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9649
    CVE Reference
    CVE-2022-1292
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-45951
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for dnsmasq (8958)

    Severity
    Urgent5
    Qualys ID
    901535
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8958
    CVE Reference
    CVE-2021-45951
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for dnsmasq to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2018-13410
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for zip (7012-1)

    Severity
    Urgent5
    Qualys ID
    901533
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7012-1
    CVE Reference
    CVE-2018-13410
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for zip to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7012-1
  • CVE-2020-25207
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for toolbox (7397)

    Severity
    Urgent5
    Qualys ID
    901519
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7397
    CVE Reference
    CVE-2020-25207
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for toolbox to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2020-10109
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for python-twisted (6820-1)

    Severity
    Urgent5
    Qualys ID
    901514
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6820-1
    CVE Reference
    CVE-2020-10109
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for python-twisted to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6820-1
  • CVE-2018-9057
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for terraform (9179)

    Severity
    Urgent5
    Qualys ID
    901511
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9179
    CVE Reference
    CVE-2018-9057
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for terraform to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2019-12450
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for glib (6434-1)

    Severity
    Urgent5
    Qualys ID
    901432
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6434-1
    CVE Reference
    CVE-2019-12450
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for glib to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6434-1
  • CVE-2015-8863
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for jq (6504-1)

    Severity
    Urgent5
    Qualys ID
    901427
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6504-1
    CVE Reference
    CVE-2015-8863
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for jq to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6504-1
  • CVE-2021-44790
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (7044-1)

    Severity
    Urgent5
    Qualys ID
    901425
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7044-1
    CVE Reference
    CVE-2021-44790
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7044-1
  • CVE-2021-45957
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for dnsmasq (8964)

    Severity
    Urgent5
    Qualys ID
    901424
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8964
    CVE Reference
    CVE-2021-45957
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for dnsmasq to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2019-1010238
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for pango (9219-2)

    Severity
    Urgent5
    Qualys ID
    901420
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9219-2
    CVE Reference
    CVE-2019-1010238
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for pango to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 9219-2
  • CVE-2021-26937
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for screen (7356)

    Severity
    Urgent5
    Qualys ID
    901416
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7356
    CVE Reference
    CVE-2021-26937
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for screen to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-45955
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for dnsmasq (8962)

    Severity
    Urgent5
    Qualys ID
    901408
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8962
    CVE Reference
    CVE-2021-45955
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for dnsmasq to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-45953
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for dnsmasq (8960)

    Severity
    Urgent5
    Qualys ID
    901398
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8960
    CVE Reference
    CVE-2021-45953
    CVSS Scores
    Base 9.8 / Temporal 9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for dnsmasq to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-23218
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (7486-1)

    Severity
    Urgent5
    Qualys ID
    901384
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7486-1
    CVE Reference
    CVE-2022-23218
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for glibc to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7486-1
  • CVE-2021-38297
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (6450-1)

    Severity
    Urgent5
    Qualys ID
    901380
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6450-1
    CVE Reference
    CVE-2021-38297
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6450-1
  • CVE-2018-14817+
    In Development

    Fuji Electric V-Server Multiple Vulnerabilities (ICSA-18-254-01)

    Severity
    Urgent5
    Qualys ID
    590846
    Vendor Reference
    ICSA-18-254-01
    CVE Reference
    CVE-2018-14817, CVE-2018-14813, CVE-2018-14819, CVE-2018-14811, CVE-2018-14823, CVE-2018-14815, CVE-2018-14809
    CVSS Scores
    Base 9.8 / Temporal 8.5
    Description

    AFFECTED PRODUCTS
    The following versions of V-Server, a data collection and management service, are affected:
    V-Server 4.0.3.0 and prior.

    QID Detection Logic (Authenticated)
    QID checks for the Vulnerable version using windows registry keys

    Consequence
    Successful exploitation of these vulnerabilities could allow for remote code execution on the device, causing a denial of service condition or information exposure.
    Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-18-254-01 for affected packages and patching details.

    Patches
    ICSA-18-254-01
  • CVE-2022-28805
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for lua (9333)

    Severity
    Urgent5
    Qualys ID
    901466
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9333
    CVE Reference
    CVE-2022-28805
    CVSS Scores
    Base 9.1 / Temporal 8.3
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for lua to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-22945
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for curl (6368-1)

    Severity
    Urgent5
    Qualys ID
    901395
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6368-1
    CVE Reference
    CVE-2021-22945
    CVSS Scores
    Base 9.1 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for curl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6368-1
  • CVE-2022-24884
    Recently Published

    Fedora Security Update for ecdsautils (FEDORA-2022-bf58612696)

    Severity
    Urgent5
    Qualys ID
    282692
    Date Published
    May 17, 2022
    Vendor Reference
    FEDORA-2022-bf58612696
    CVE Reference
    CVE-2022-24884
    CVSS Scores
    Base 10 / Temporal 8.7
    Description
    Fedora has released a security update for ecdsautils to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-bf58612696
  • CVE-2022-24884
    Recently Published

    Fedora Security Update for ecdsautils (FEDORA-2022-7704d5e885)

    Severity
    Urgent5
    Qualys ID
    282691
    Date Published
    May 17, 2022
    Vendor Reference
    FEDORA-2022-7704d5e885
    CVE Reference
    CVE-2022-24884
    CVSS Scores
    Base 10 / Temporal 8.7
    Description
    Fedora has released a security update for ecdsautils to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-7704d5e885
  • CVE-2022-30292
    Recently Published

    Fedora Security Update for supertux (FEDORA-2022-88e3257aef)

    Severity
    Urgent5
    Qualys ID
    282690
    Date Published
    May 17, 2022
    Vendor Reference
    FEDORA-2022-88e3257aef
    CVE Reference
    CVE-2022-30292
    CVSS Scores
    Base 10 / Temporal 8.7
    Description
    Fedora has released a security update for supertux to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    This vulnerability could be exploited to gain remote access to sensitive information and execute commands.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-88e3257aef
  • In Development

    EOL/Obsolete Software: Microsoft .NET Framework 4.5.2 - 4.6.1 Detected

    Severity
    Urgent5
    Qualys ID
    106058
    Vendor Reference
    Microsoft .NET Framework
    CVSS Scores
    Base 10 / Temporal 9.1
    Description
    Microsoft ended support for .NET Framework 4.5.2, 4.6, and 4.6.1 on April 26, 2022 and provides no further support for these specific versions.
    Consequence
    The system is at high risk of exposure to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks.
    Solution
    Upgrade to the latest .NET Framework version.
  • CVE-2022-1050
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (9277)

    Severity
    Critical4
    Qualys ID
    901537
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9277
    CVE Reference
    CVE-2022-1050
    CVSS Scores
    Base 8.8 / Temporal 8.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for qemu to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2020-15888
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for lua (6670-1)

    Severity
    Critical4
    Qualys ID
    901479
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6670-1
    CVE Reference
    CVE-2020-15888
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for lua to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6670-1
  • CVE-2020-5208
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ipmitool (6489-1)

    Severity
    Critical4
    Qualys ID
    901467
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6489-1
    CVE Reference
    CVE-2020-5208
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ipmitool to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6489-1
  • CVE-2021-4207
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for qemu (9619)

    Severity
    Critical4
    Qualys ID
    901451
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9619
    CVE Reference
    CVE-2021-4207
    CVSS Scores
    Base 8.8 / Temporal 8.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for qemu to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2017-17522
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (6823-1)

    Severity
    Critical4
    Qualys ID
    901428
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6823-1
    CVE Reference
    CVE-2017-17522
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for python2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6823-1
  • CVE-2022-24407
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for cyrus-sasl (8794-1)

    Severity
    Critical4
    Qualys ID
    901418
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8794-1
    CVE Reference
    CVE-2022-24407
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for cyrus-sasl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 8794-1
  • CVE-2022-22825
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for expat (7159-1)

    Severity
    Critical4
    Qualys ID
    901370
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7159-1
    CVE Reference
    CVE-2022-22825
    CVSS Scores
    Base 8.8 / Temporal 7.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for expat to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7159-1
  • CVE-2021-44142
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for samba (8611)

    Severity
    Critical4
    Qualys ID
    901364
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8611
    CVE Reference
    CVE-2021-44142
    CVSS Scores
    Base 8.8 / Temporal 8.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for samba to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2012-5627
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for mysql (6692-1)

    Severity
    Critical4
    Qualys ID
    901561
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6692-1
    CVE Reference
    CVE-2012-5627
    CVSS Scores
    Base 8.6 / Temporal 7.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for mysql to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6692-1
  • CVE-1999-0612
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for finger (6422)

    Severity
    Critical4
    Qualys ID
    901559
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6422
    CVE Reference
    CVE-1999-0612
    CVSS Scores
    Base 8.6 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for finger to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-1999-0524
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6510-1)

    Severity
    Critical4
    Qualys ID
    901541
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6510-1
    CVE Reference
    CVE-1999-0524
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6510-1
  • CVE-2010-2642
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for t1lib (7376)

    Severity
    Critical4
    Qualys ID
    901524
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7376
    CVE Reference
    CVE-2010-2642
    CVSS Scores
    Base 8.6 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for t1lib to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2014-3618
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for procmail (7331-1)

    Severity
    Critical4
    Qualys ID
    901520
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7331-1
    CVE Reference
    CVE-2014-3618
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for procmail to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7331-1
  • CVE-1999-0817
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for lynx (6673)

    Severity
    Critical4
    Qualys ID
    901513
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6673
    CVE Reference
    CVE-1999-0817
    CVSS Scores
    Base 8.6 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for lynx to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2011-0433
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for t1lib (7377)

    Severity
    Critical4
    Qualys ID
    901504
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7377
    CVE Reference
    CVE-2011-0433
    CVSS Scores
    Base 8.6 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for t1lib to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2008-3908
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for wordnet (7423)

    Severity
    Critical4
    Qualys ID
    901484
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7423
    CVE Reference
    CVE-2008-3908
    CVSS Scores
    Base 8.6 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for wordnet to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2012-2653
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for arpwatch (7168)

    Severity
    Critical4
    Qualys ID
    901476
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7168
    CVE Reference
    CVE-2012-2653
    CVSS Scores
    Base 8.6 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for arpwatch to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2013-4420
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libtar (6651-1)

    Severity
    Critical4
    Qualys ID
    901447
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6651-1
    CVE Reference
    CVE-2013-4420
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libtar to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6651-1
  • CVE-2008-4609
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6513-1)

    Severity
    Critical4
    Qualys ID
    901440
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6513-1
    CVE Reference
    CVE-2008-4609
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6513-1
  • CVE-1999-0150
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for finger (6421)

    Severity
    Critical4
    Qualys ID
    901438
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6421
    CVE Reference
    CVE-1999-0150
    CVSS Scores
    Base 8.6 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for finger to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2007-3205
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (7322)

    Severity
    Critical4
    Qualys ID
    901436
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7322
    CVE Reference
    CVE-2007-3205
    CVSS Scores
    Base 8.6 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for php to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2014-9638
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vorbis-tools (6952)

    Severity
    Critical4
    Qualys ID
    901419
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6952
    CVE Reference
    CVE-2014-9638
    CVSS Scores
    Base 8.6 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for vorbis-tools to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2010-0309
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6509-1)

    Severity
    Critical4
    Qualys ID
    901407
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6509-1
    CVE Reference
    CVE-2010-0309
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6509-1
  • CVE-2010-2891
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libsmi (6647-1)

    Severity
    Critical4
    Qualys ID
    901396
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6647-1
    CVE Reference
    CVE-2010-2891
    CVSS Scores
    Base 8.6 / Temporal 7.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libsmi to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6647-1
  • CVE-2021-32690
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for helm (6471-1)

    Severity
    Critical4
    Qualys ID
    901392
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6471-1
    CVE Reference
    CVE-2021-32690
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for helm to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6471-1
  • CVE-2011-5244
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for t1lib (7378)

    Severity
    Critical4
    Qualys ID
    901386
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7378
    CVE Reference
    CVE-2011-5244
    CVSS Scores
    Base 8.6 / Temporal 7.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for t1lib to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • Recently Published

    Fedora Security Update for et (FEDORA-2022-80b92b2a04)

    Severity
    Critical4
    Qualys ID
    282685
    Date Published
    May 17, 2022
    Vendor Reference
    FEDORA-2022-80b92b2a04
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for et to fix the vulnerabilities.

    Affected OS:
    Fedora 34


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 34 for updates and patch information.
    Patches
    Fedora 34 FEDORA-2022-80b92b2a04
  • Recently Published

    Fedora Security Update for et (FEDORA-2022-185b91b741)

    Severity
    Critical4
    Qualys ID
    282684
    Date Published
    May 17, 2022
    Vendor Reference
    FEDORA-2022-185b91b741
    CVSS Scores
    Base 8.6 / Temporal 7.5
    Description
    Fedora has released a security update for et to fix the vulnerabilities.

    Affected OS:
    Fedora 35


    Consequence
    Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
    Solution
    Refer to Fedora security advisory Fedora 35 for updates and patch information.
    Patches
    Fedora 35 FEDORA-2022-185b91b741
  • CVE-2021-20233
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for grub2 (6466-1)

    Severity
    Critical4
    Qualys ID
    901505
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6466-1
    CVE Reference
    CVE-2021-20233
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for grub2 to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6466-1
  • CVE-2021-44224
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (7043-1)

    Severity
    Critical4
    Qualys ID
    901448
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7043-1
    CVE Reference
    CVE-2021-44224
    CVSS Scores
    Base 8.2 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7043-1
  • CVE-2022-24801
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for python-twisted (9340)

    Severity
    Critical4
    Qualys ID
    901405
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9340
    CVE Reference
    CVE-2022-24801
    CVSS Scores
    Base 8.1 / Temporal 7.4
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for python-twisted to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-28952
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6540-1)

    Severity
    Critical4
    Qualys ID
    901567
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6540-1
    CVE Reference
    CVE-2021-28952
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6540-1
  • CVE-2021-39258
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ntfs-3g (6763-1)

    Severity
    Critical4
    Qualys ID
    901560
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6763-1
    CVE Reference
    CVE-2021-39258
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ntfs-3g to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6763-1
  • CVE-2022-0685
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (8677-1)

    Severity
    Critical4
    Qualys ID
    901556
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8677-1
    CVE Reference
    CVE-2022-0685
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 8677-1
  • CVE-2021-39255
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ntfs-3g (6760-1)

    Severity
    Critical4
    Qualys ID
    901552
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6760-1
    CVE Reference
    CVE-2021-39255
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ntfs-3g to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6760-1
  • CVE-2022-24050
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (8665-1)

    Severity
    Critical4
    Qualys ID
    901548
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8665-1
    CVE Reference
    CVE-2022-24050
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for mariadb to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 8665-1
  • CVE-2021-41103
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for moby-containerd (6681-1)

    Severity
    Critical4
    Qualys ID
    901532
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6681-1
    CVE Reference
    CVE-2021-41103
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for moby-containerd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6681-1
  • CVE-2021-39262
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ntfs-3g (6767-1)

    Severity
    Critical4
    Qualys ID
    901531
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6767-1
    CVE Reference
    CVE-2021-39262
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ntfs-3g to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6767-1
  • CVE-2021-39253
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ntfs-3g (6758-1)

    Severity
    Critical4
    Qualys ID
    901527
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6758-1
    CVE Reference
    CVE-2021-39253
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ntfs-3g to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6758-1
  • CVE-2018-1000035
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for unzip (6941-1)

    Severity
    Critical4
    Qualys ID
    901516
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6941-1
    CVE Reference
    CVE-2018-1000035
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for unzip to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6941-1
  • CVE-2021-4192
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (7085-1)

    Severity
    Critical4
    Qualys ID
    901499
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7085-1
    CVE Reference
    CVE-2021-4192
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7085-1
  • CVE-2021-43057
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6602-1)

    Severity
    Critical4
    Qualys ID
    901498
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6602-1
    CVE Reference
    CVE-2021-43057
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6602-1
  • CVE-2022-0572
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (8585-1)

    Severity
    Critical4
    Qualys ID
    901495
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8585-1
    CVE Reference
    CVE-2022-0572
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 8585-1
  • CVE-2021-20194
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6529-1)

    Severity
    Critical4
    Qualys ID
    901493
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6529-1
    CVE Reference
    CVE-2021-20194
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6529-1
  • CVE-2019-9210
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for advancecomp (6303)

    Severity
    Critical4
    Qualys ID
    901489
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6303
    CVE Reference
    CVE-2019-9210
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for advancecomp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2019-13638
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for patch (6790-1)

    Severity
    Critical4
    Qualys ID
    901475
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6790-1
    CVE Reference
    CVE-2019-13638
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for patch to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6790-1
  • CVE-2017-17969
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for p7zip (6783-1)

    Severity
    Critical4
    Qualys ID
    901474
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6783-1
    CVE Reference
    CVE-2017-17969
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for p7zip to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6783-1
  • CVE-2021-39252
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ntfs-3g (6757-1)

    Severity
    Critical4
    Qualys ID
    901469
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6757-1
    CVE Reference
    CVE-2021-39252
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ntfs-3g to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6757-1
  • CVE-2021-4136
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (7057-1)

    Severity
    Critical4
    Qualys ID
    901464
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7057-1
    CVE Reference
    CVE-2021-4136
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7057-1
  • CVE-2021-3483
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6568-1)

    Severity
    Critical4
    Qualys ID
    901455
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6568-1
    CVE Reference
    CVE-2021-3483
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6568-1
  • CVE-2022-0998
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9242)

    Severity
    Critical4
    Qualys ID
    901443
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9242
    CVE Reference
    CVE-2022-0998
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-0407
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for vim (8458-1)

    Severity
    Critical4
    Qualys ID
    901409
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8458-1
    CVE Reference
    CVE-2022-0407
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for vim to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 8458-1
  • CVE-2021-39263
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ntfs-3g (6768-1)

    Severity
    Critical4
    Qualys ID
    901400
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6768-1
    CVE Reference
    CVE-2021-39263
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ntfs-3g to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6768-1
  • CVE-2019-25058
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for usbguard (8805)

    Severity
    Critical4
    Qualys ID
    901391
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_8805
    CVE Reference
    CVE-2019-25058
    CVSS Scores
    Base 7.8 / Temporal 7.1
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for usbguard to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-28660
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6536-1)

    Severity
    Critical4
    Qualys ID
    901382
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6536-1
    CVE Reference
    CVE-2021-28660
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6536-1
  • CVE-2021-28375
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6535-1)

    Severity
    Critical4
    Qualys ID
    901376
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6535-1
    CVE Reference
    CVE-2021-28375
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6535-1
  • CVE-2020-24330
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for trousers (6925-1)

    Severity
    Critical4
    Qualys ID
    901373
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6925-1
    CVE Reference
    CVE-2020-24330
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for trousers to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6925-1
  • CVE-2021-33909
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6565-1)

    Severity
    Critical4
    Qualys ID
    901371
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6565-1
    CVE Reference
    CVE-2021-33909
    CVSS Scores
    Base 7.8 / Temporal 6.8
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6565-1
  • CVE-2020-15114
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for etcd (6391-1)

    Severity
    Critical4
    Qualys ID
    901437
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6391-1
    CVE Reference
    CVE-2020-15114
    CVSS Scores
    Base 7.7 / Temporal 6.7
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for etcd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6391-1
  • CVE-2020-8037
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for tcpdump (6905-1)

    Severity
    Critical4
    Qualys ID
    901569
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6905-1
    CVE Reference
    CVE-2020-8037
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for tcpdump to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6905-1
  • CVE-2018-21035
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for qt5-qtsvg (6833-1)

    Severity
    Critical4
    Qualys ID
    901564
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6833-1
    CVE Reference
    CVE-2018-21035
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for qt5-qtsvg to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6833-1
  • CVE-2022-28327
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (9547)

    Severity
    Critical4
    Qualys ID
    901558
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9547
    CVE Reference
    CVE-2022-28327
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-27405
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9580)

    Severity
    Critical4
    Qualys ID
    901551
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9580
    CVE Reference
    CVE-2022-27405
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for freetype to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2020-13950
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for httpd (6474-1)

    Severity
    Critical4
    Qualys ID
    901544
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6474-1
    CVE Reference
    CVE-2020-13950
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for httpd to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6474-1
  • CVE-2019-6470
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for bind (6326-1)

    Severity
    Critical4
    Qualys ID
    901540
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6326-1
    CVE Reference
    CVE-2019-6470
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for bind to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6326-1
  • CVE-2021-22946
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for curl (6365-1)

    Severity
    Critical4
    Qualys ID
    901538
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6365-1
    CVE Reference
    CVE-2021-22946
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for curl to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6365-1
  • CVE-2021-38604
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (6442-1)

    Severity
    Critical4
    Qualys ID
    901528
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6442-1
    CVE Reference
    CVE-2021-38604
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for glibc to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6442-1
  • CVE-2018-10393
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libvorbis (7277)

    Severity
    Critical4
    Qualys ID
    901526
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7277
    CVE Reference
    CVE-2018-10393
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for libvorbis to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2016-4912
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for openslp (7319)

    Severity
    Critical4
    Qualys ID
    901525
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7319
    CVE Reference
    CVE-2016-4912
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for openslp to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-41817
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ruby (7110-1)

    Severity
    Critical4
    Qualys ID
    901507
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7110-1
    CVE Reference
    CVE-2021-41817
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ruby to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7110-1
  • CVE-2022-27451
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (9414)

    Severity
    Critical4
    Qualys ID
    901500
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9414
    CVE Reference
    CVE-2022-27451
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for mariadb to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2021-28965
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for ruby (6860-1)

    Severity
    Critical4
    Qualys ID
    901497
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6860-1
    CVE Reference
    CVE-2021-28965
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for ruby to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6860-1
  • CVE-2018-6951
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for patch (6787-1)

    Severity
    Critical4
    Qualys ID
    901491
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6787-1
    CVE Reference
    CVE-2018-6951
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for patch to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6787-1
  • CVE-2022-27387
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (9361)

    Severity
    Critical4
    Qualys ID
    901487
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9361
    CVE Reference
    CVE-2022-27387
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for mariadb to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2018-25032
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (9143-1)

    Severity
    Critical4
    Qualys ID
    901486
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9143-1
    CVE Reference
    CVE-2018-25032
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for zlib to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 9143-1
  • CVE-2022-27383
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (9694)

    Severity
    Critical4
    Qualys ID
    901470
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9694
    CVE Reference
    CVE-2022-27383
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for mariadb to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2022-27386
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for mariadb (9360)

    Severity
    Critical4
    Qualys ID
    901461
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_9360
    CVE Reference
    CVE-2022-27386
    CVSS Scores
    Base 7.5 / Temporal 6.9
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has NOT released a security update for mariadb to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    Patch is NOT available for the package.

  • CVE-2020-25219
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for libproxy (7270-1)

    Severity
    Critical4
    Qualys ID
    901450
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_7270-1
    CVE Reference
    CVE-2020-25219
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for libproxy to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 7270-1
  • CVE-2021-41771
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for golang (6451-1)

    Severity
    Critical4
    Qualys ID
    901446
    Date Published
    May 17, 2022
    Vendor Reference
    Mariner_2.0_6451-1
    CVE Reference
    CVE-2021-41771
    CVSS Scores
    Base 7.5 / Temporal 6.5
    Description
    CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.
    CBL-Mariner has released a security update for golang to fix the vulnerabilities.
    Consequence
    Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
    Solution

    CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0

    Patches
    CBL-Mariner Linux 2\\.0 6451-1
  • CVE-2020-12663
    Recently Published

    Common Base Linux Mariner (CBL-Mariner) Security Update for unbound (6930-1)

    Severity
    Critical