Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for all severities.
Under investigation:
We are researching a detection and will publish one if
it is feasible.
In development:
We are coding a detection and will typically publish it
within a few days.
Recently published:
We have published the detection on the date indicated,
and it will typically be available in the KnowledgeBase
on shared platforms within a day.
Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.
Affected Products:
openSUSE Leap 15.3
Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources.
Grafana is vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: grafana_host_url/public/plugins/"plugin-id" where "plugin-id" is the plugin ID for any installed plugin.
Affected Versions:
Grafana versions from v8.0.0-beta1 through v8.3.0
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable installation of Grafana Enterprise by sending a path traversal payload to the Grafana Server and tries to read the /etc/passwd file on Linux systems and the system.ini and /etc/hosts file on Windows systems
Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources.
Affected versions of Grafana is vulnerable to a path traversal attack, allowing remote attackers to read arbitrary files from the vulnerable server. Affected Versions:
QID Detection Logic (Unauthenticated) :
This QID sends an HTTP GET request with path traversal payload to access the server file /etc/passwd and grafana.ini and based on the response confirms if the Grafana server is vulnerable.
Affected products:
Tridium NiagaraAX, all versions.
QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys
Customers are advised to refer to CERT MITIGATIONS section ICSA-13-045-01 for affected packages and patching details.
Affected products:
This vulnerability affects all IntegraXor versions prior to Version 3.60 (Build 4090).
QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys
Customers are advised to refer to CERT MITIGATIONS section ICSA-11-147-01B for affected packages and patching details.
tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).CVE-2018-10105
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.CVE-2018-14882
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. CVE-2019-15166
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).CVE-2018-16230
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.CVE-2018-16300
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART). CVE-2018-14881
The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option(). CVE-2018-16229
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().CVE-2018-16228
The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.CVE-2018-16227
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.CVE-2018-16451
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.CVE-2018-16452
Vulnerable Component: BIG-IP ASM,LTM,APM
Affected Versions:
15.0.0 - 15.1.2
14.0.0 - 14.1.3
13.1.0 - 13.1.4
12.1.0 - 12.1.6
11.5.2 - 11.6.5
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
AFFECTED PRODUCTS
The following versions of Siemens SENTRON powermanager, a power monitoring software to analyze energy consumption, are affected:
SENTRON powermanager Version 3: All versions
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of Siemens using registry "HKLM\SOFTWARE\Siemens"
Note: As we are unable to check for the patch mentioned so making this a Potential check.
Customers are advised to refer to CERT MITIGATIONS section ICSA-21-315-10 for affected packages and patching details.
CVE-2021-21980: The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
CVE-2021-22049: The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.
Affected Versions:
VMware vCenter Server 6.5 prior to build 18711281
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware vCenter Server with build version using web service present on the target.
Refer to VMware advisory VMSA-2021-0027 for more information.
CVE-2021-21980: The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
CVE-2021-22049: The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.
Affected Versions:
VMware vCenter Server 6.7 prior to build 18831049
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware vCenter Server with build version using web service present on the target.
Refer to VMware advisory VMSA-2021-0027 for more information.
network security services (nss) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Security Fix(es):Affected Products:
mozilla thunderbird is a standalone mail and newsgroup client.
Security Fix(es):Affected Products:
Affected Products:
openSUSE Leap 15.3
Affected Products:
openSUSE Leap 15.3
Affected Products:
openSUSE Leap 15.2
Affected Products:
openSUSE Leap 15.3
Affected Products:
openSUSE Leap 15.3
Affected Products:
openSUSE Leap 15.3
Affected Products:
openSUSE Leap 15.3
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
AFFECTED PRODUCTS
Mitsubishi Electric reports these vulnerabilities affect the following FA Engineering Software Products that communicate with MELSEC, FREQROL, or GOT products:
CPU Module Logging Configuration Tool, Versions 1.112R and prior
CW Configurator, Versions 1.011M and prior
Data Transfer, Versions 3.44W and prior
FR Configurator2, versions 1.24A and prior
GT Designer3 Version1(GOT1000), Versions 1.250L and prior.
QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys
Customers are advised to refer to CERT MITIGATIONS section ICSA-21-049-02 for affected packages and patching details.
Affected Versions:
OpenSSL version 1.1.1k and below
QID Detection Logic:(Unauthenticated)
This QID matches vulnerable versions based on the exposed banner information.
Affected OS:
Fedora 34
ManageEngine SupportCenter Plus is prone to unauthenticated remote code execution (RCE).
Affected Version:
Zoho ManageEngine SupportCenter Plus 11012 and 11013.
QID Detection logic:(authenticated and unauthenticated)
It checks for vulnerable version of Zoho ManageEngine SupportCenter Plus
ManageEngine ServiceDesk Plus is a Help Desk and Asset Management Software. It offers an Integrated Package with Incident Management(Trouble Ticketing), Asset Tracking, Purchasing, Contract Management, Self-Service Portal, and Knowledge Base.
Zoho ManageEngine ServiceDesk Plus (SDP) before 11306 allows unauthenticated remote code execution (RCE).
Affected Versions:
Zoho ServiceDesk Plus (SDP) before 11306
QID Detection logic:(authenticated and unauthenticated)
It checks for vulnerable version of Zoho ManageEngine ServiceDesk Plus
Adobe InDesign is a desktop publishing software application.
Affected Version:
16.4 and earlier versions for MAC and Windows OS
QID Detection Logic (Authenticated):
This checks for vulnerable versions of InDesign.
This update addresses a critical vulnerability. Privilege escalation in Adobe Lightroom.
Affected Versions:
Adobe Lightroom Classic 10.3 and earlier versions.
QID Detection Logic:
This QID checks Windows registry to see if Adobe Lightroom Classic is installed. If found, it checks the installed versions is vulnerable or not.
The vulnerability allows a local user to escalate privileges on the system. The vulnerability exists due to improper input validation in the command line interface. A local user can execute arbitrary shell commands as root via specifically crafted CLI command parameters.
Affected Products:
FortiManager versions 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5
FortiAnalyzer versions 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5
QID Detection Logic(Authenticated):
QID will fire the command get system status and will match the affected version
Customers are advised to refer to CVE-2021-26104 for more information.
Affected OS:
Fedora 34
Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):Affected Products:
Affected Products:
openSUSE Leap 15.2
Soundweb London represents a truly flexible and scalable system implementing all the major networked audio protocols.
QID Detection Logic:
This QID requests telnet session with credentials 'bssaudio:monkey'
Customers are advised not to use default credentials.
network security services (nss) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Security Fix(es):Affected Products:
Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):Affected Products:
Symantec ProxySG and ASG is prone:
CVE-2021-30648:Authentication Bypass Vulnerability
Affected ASG Versions.
ASG 6.6 and 6.7 prior to 6.7.5.12.
ASG 7.2 prior to 7.2.7.2.
ASG 7.3 prior to 7.3.3.3.
Affected ProxySG Versions.
ProxySG 6.5, 6.6, and 6.7 prior to 6.7.5.12.
ProxySG 7.2 prior to 7.2.7.2.
ProxySG 7.3 prior to 7.3.3.3.
Qid Detection Logic
The QID checks for vulnerable versions of ProxySG and ASG, the version is retrieved via SNMP.
An authentication bypass vulnerability in ManageEngine Desktop Central that could result in remote code execution.
Affected Versions:
For Enterprise:
Builds 10.1.2127.17 and below, upgrade to 10.1.2127.18
Builds 10.1.2128.0 to 10.1.2137.2, upgrade to 10.1.2137.3
For MSP:
Builds 10.1.2127.17 and below, upgrade to 10.1.2127.18
Builds 10.1.2128.0 to 10.1.2137.2, upgrade to 10.1.2137.3
QID Detection Logic:(Authenticated)
This QID checks for vulnerable version of Desktop Central by checking file "product.conf", the location of file is retrieved by registry values.
Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):Affected Products:
mailman is a program used to help manage e-mail discussion lists.
Security Fix(es):Affected Products:
These updates address critical vulnerabilities in Adobe Prelude.
Affected Versions:
Adobe Prelude 10.1 and earlier versions
QID Detection Logic:(Authenticated)
This QID checks the Windows registry to see if Adobe Prelude is installed. If found, it checks if the installed versions are vulnerable.
Grafana is an open-source, general purpose dashboard and graph composer, which runs as a web application.
Affected By Below Vulnerabilies:
CVE-2021-41244: In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations.
Affected Versions:
Grafana Version 8.0.0 to 8.2.3
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable version of Grafana Enterprise from the server response
If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.
network security services (nss) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Security Fix(es):<H2></H2>
Affected Products:
openSUSE Leap 15.3
Affected Products:
openSUSE Leap 15.3
Affected Products:
openSUSE Leap 15.3
Affected Versions for Windows
Adobe Animate 21.0.9 and earlier versions
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges.
Affected Versions:
PAN-OS 10.1 versions earlier than PAN-OS 10.1.3
PAN-OS 10.0 versions earlier than PAN-OS 10.0.8
PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2
PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3
PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1
QID Detection Logic (Authenticated):
This QID looks for the vulnerable version of PAN-OS
NOTE:This vulnerability is only applicable to PAN-OS firewalls configured to use the XML API.
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges.
Refer to PAN-176653 for more information about patching this vulnerability.
Workaround:
Enable signatures for Unique Threat ID 91715 on traffic processed by the firewall to block attacks against CVE-2021-3058.
This issue requires the attacker to have authenticated access to the PAN-OS web interface. You can mitigate the impact of this issue by following best practices for securing the PAN-OS web interface. Please review the Best Practices for Securing Administrative Access in the PAN-OS technical documentation at https://docs.paloaltonetworks.com/best-practices.
QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys
Customers are advised to refer to CERT MITIGATIONS section Advisory 2020-03 for affected packages and patching details.
Vulnerable Component: BIG-IP APM,LTM,ASM
Affected Versions:
16.0.0 - 16.0.1
15.1.0 - 15.1.4
14.1.0 - 14.1.4
13.1.0 - 13.1.4
12.1.0 - 12.1.6
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
The get_gallery_categories() and get_galleries() functions in the plugin did not use whitelist or validate the order by parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard
Affected versions:
before 4.4.4
Nss (network security services) up to and including 3.73 is vulnerable to a heap overflow when handling der-encoded dsa or rsa-pss signatures.
Applications using nss for handling signatures encoded within cms, s/mime, pkcs \#7, or pkcs \#12 are likely to be impacted.
Applications using nss for certificate validation or other tls, x.509, ocsp or crl functionality may be impacted, depending on how they configure nss. when verifying a der-encoded signature, nss decodes the signature into a fixed-size buffer and passes the buffer to the underlying pkcs \#11 module.
The length of the signature is not correctly checked when processing dsa and rsa-pss signatures.
Dsa and rsa-pss signatures larger than 16384 bits will overflow the buffer in vfycontextstr.
The vulnerable code is located within secvfy.c:vfy_createcontext. (
( CVE-2021-43527)
Nss (network security services) up to and including 3.73 is vulnerable to a heap overflow when handling der-encoded dsa or rsa-pss signatures.
Applications using nss for handling signatures encoded within cms, s/mime, pkcs \#7, or pkcs \#12 are likely to be impacted.
Applications using nss for certificate validation or other tls, x.509, ocsp or crl functionality may be impacted, depending on how they configure nss. when verifying a der-encoded signature, nss decodes the signature into a fixed-size buffer and passes the buffer to the underlying pkcs \#11 module.
The length of the signature is not correctly checked when processing dsa and rsa-pss signatures.
Dsa and rsa-pss signatures larger than 16384 bits will overflow the buffer in vfycontextstr.
The vulnerable code is located within secvfy.c:vfy_createcontext. (
( CVE-2021-43527)
network security services (nss) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Security Fix(es):Affected Products:
network security services (nss) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
Security Fix(es):Affected Products:
Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):Affected Products:
Affected Products:
openSUSE Leap 15.3
Red Hat openshift container platform is Red Hat's cloud computing kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):Affected Products:
Affected Products:
openSUSE Leap 15.3
Affected Products:
openSUSE Leap 15.3
Affected Products:
openSUSE Leap 15.3
Affected Software:
Windows 10 Version 20H2
Windows 10 Version 21H1
Windows 10 Version 2004
Windows 10 Version 1909
Windows 10 Version 1903
Windows 10 Version 1809
Note: Windows Servers, Windows 11, Windows 10(Version 1803 and earlier) are not affected.
Security Fix(es): jenkins-2-plugins/subversion: does not restrict the name of a file when looking up a subversion key (CVE-2021-21698)
jenkins: FilePath#mkdirs does not check permission to create parent directories (CVE-2021-21685)
jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories (CVE-2021-21686)
jenkins: FilePath#untar does not check permission to create symbolic links when unarchiving a symbolic link (CVE-2021-21687)
jenkins: FilePath#reading(FileVisitor)
does not reject any operations allowing users to have unrestricted read access (CVE-2021-21688)
jenkins: FilePath#unzip and FilePath#untar were not subject to any access control (CVE-2021-21689)
jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path (CVE-2021-21690)
jenkins: Creating symbolic links is possible without the symlink permission (CVE-2021-21691)
jenkins: The operations FilePath#renameTo and FilePath#moveAllChildrenTo only check read permission on the source path (CVE-2021-21692)
jenkins: When creating temporary files, permission to create files is only checked after they have been created. (CVE-2021-21693)
jenkins: FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions (CVE-2021-21694)
jenkins: FilePath#listFiles lists files outside directories with agent read access when following symbolic links. (CVE-2021-21695)
Refer to Red Hat security advisory RHSA-2021:4833 to address this issue and obtain more information.
Affected OS:
Fedora 34
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
For more information about
the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 34 Update
Affected Products:
openSUSE Leap 15.3
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
To install packages using the command line interface, use the command "yum update".
Refer to SUSE security advisory openSUSE-SU-2021:3815-1 to address this issue and obtain further details.
the kernel-rt packages provide the real time linux kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):Affected Products:
Refer to Refer to :
Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2021:4875 Update to address this issue and obtain more information.
the kernel packages contain the linux kernel, the core of any linux operating system.
Security Fix(es):Affected Products:
Refer to Refer to :
Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2021:4871 Update to address this issue and obtain more information.
this is a kernel live patch module which is automatically loaded by the rpm post-install script to modify the code of a running kernel.
Security Fix(es):Affected Products:
Refer to Refer to :
Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2021:4859 Update to address this issue and obtain more information.
Red Hat jboss web server is a fully integrated and certified set of components for hosting java web applications.
It is comprised of the apache tomcat servlet container, jboss http connector (mod_cluster), the picketlink vault extension for apache tomcat, and the tomcat native library.
Affected Products:
Refer to Refer to :
Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2021:4861 Update to address this issue and obtain more information.
Affected OS:
Fedora 34
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
For more information about
the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 34 Update
