Browse, filter by detection status, or search by CVE to get
visibility into upcoming and new detections (QIDs) for all
severities.
Disclaimer: The Vulnerability Detection Pipeline is intended to give users an early insight into some of the CVEs the Qualys Research Team is investigating. It may not show all the CVEs that are actively being investigated. Specific CVE feature requests filed via a Qualys Support case may or may not show up on this page. Please reach out to Qualys Support for status of such support cases.
Detection Status
Under investigation:
We are researching a detection and will publish one if
it is feasible.
In development:
We are coding a detection and will typically publish it
within a few days.
Recently published:
We have published the detection on the date indicated,
and it will typically be available in the KnowledgeBase
on shared platforms within a day.
A vulnerability in the DNS application layer gateway (ALG) functionality that is used by Network Address Translation (NAT) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
Affected Products
This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS XE Software that is configured for NAT operation and has the DNS ALG for TCP feature enabled. The DNS ALG feature is enabled as soon as NAT is configured on the device.
ASR 1000 Series Embedded Services Processors models ESP 100-X and ESP 200-X
Catalyst 8500 Series Edge Platforms models C8500-12X4QC and C8500-12X
QID Detection Logic (Authenticated): The check matches Cisco IOS XE version retrieved via Unix Auth using "show version" command. QID Detection Logic (Unauthenticated): The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet.
Consequence
A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on the affected device.
Fedora has released a security update for lighttpd to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
Oracle Enterprise Linux has released a security update for squid to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for kubernetes to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for kubernetes to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Red hat jboss enterprise application platform 7 is a platform for java applications based on the wildfly application runtime. This release of Red Hat jboss enterprise application platform 7.4.7 serves as a replacement for Red Hat jboss enterprise application platform 7.4.6, and includes bug fixes and enhancements. See the Red Hat jboss enterprise application platform 7.4.7 release notes for information about the most significant bug fixes and enhancements included in this release...Security Fix(es):
undertow: large ajp request may cause dos (cve-2022-2053). Undertow: potential security issue in flow control over http/2 may lead to dos. Incomplete fix for cve-2021-3629 (cve-2022-1259). Snakeyaml: denial of service due missing to nested depth limitation for collections. ( Cve-2022-25857).
Affected Products:
jboss enterprise application platform 7.4 for rhel 7 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6821 for updates and patch information.
Red hat jboss enterprise application platform 7 is a platform for java applications based on the wildfly application runtime. This release of Red Hat jboss enterprise application platform 7.4.7 serves as a replacement for Red Hat jboss enterprise application platform 7.4.6, and includes bug fixes and enhancements. See the Red Hat jboss enterprise application platform 7.4.7 release notes for information about the most significant bug fixes and enhancements included in this release...Security Fix(es):
undertow: large ajp request may cause dos (cve-2022-2053). Undertow: potential security issue in flow control over http/2 may lead to dos. Incomplete fix for cve-2021-3629 (cve-2022-1259). Snakeyaml: denial of service due missing to nested depth limitation for collections. ( Cve-2022-25857).
Affected Products:
jboss enterprise application platform 7.4 for rhel 9 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6823 for updates and patch information.
Red hat jboss enterprise application platform 7 is a platform for java applications based on the wildfly application runtime. This release of Red Hat jboss enterprise application platform 7.4.7 serves as a replacement for Red Hat jboss enterprise application platform 7.4.6, and includes bug fixes and enhancements. See the Red Hat jboss enterprise application platform 7.4.7 release notes for information about the most significant bug fixes and enhancements included in this release...Security Fix(es):
undertow: large ajp request may cause dos (cve-2022-2053). Undertow: potential security issue in flow control over http/2 may lead to dos. Incomplete fix for cve-2021-3629 (cve-2022-1259). Snakeyaml: denial of service due missing to nested depth limitation for collections. ( Cve-2022-25857).
Affected Products:
jboss enterprise application platform 7.4 for rhel 8 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6822 for updates and patch information.
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for expat to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.CVE-2019-11068
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
Consequence
This vulnerability allows an unauthenticated attacker with network access from multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert, or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial-of-service (DoS) of Java SE.
Solution
For more information about patch details please refer to K30444545
Fedora has released a security update for scala to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
Fedora has released a security update for scala to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
Fedora has released a security update for chromium to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
Fedora has released a security update for chromium to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
SUSE has released a security update for libgit2 to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2022:3495-1 for updates and patch information.
Fedora has released a security update for squid to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
Fedora has released a security update for squid to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
Fedora has released a security update for bash to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
Squid is a high-performance proxy caching server for web clients, supporting ftp, gopher, and http data objects...Security Fix(es):
squid: buffer-over-read in sspi and smb authentication (cve-2022-41318).
Affected Products:
Red Hat enterprise linux server 7 x86_64. Red hat enterprise linux workstation 7 x86_64. Red hat enterprise linux for ibm z systems 7 s390x. Red hat enterprise linux for power, big endian 7 ppc64. Red hat enterprise linux for power, little endian 7 ppc64le.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6815 for updates and patch information.
Squid is a high-performance proxy caching server for web clients, supporting ftp, gopher, and http data objects...Security Fix(es):
squid: buffer-over-read in sspi and smb authentication (cve-2022-41318).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.2 x86_64. Red hat enterprise linux server - aus 8.2 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.2 s390x. Red hat enterprise linux for power, little endian - extended update support 8.2 ppc64le. Red hat enterprise linux server - tus 8.2 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.2 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.2 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.2 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6777 for updates and patch information.
Squid is a high-performance proxy caching server for web clients, supporting ftp, gopher, and http data objects...Security Fix(es):
squid: buffer-over-read in sspi and smb authentication (cve-2022-41318).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64. Red hat enterprise linux server - aus 8.4 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.4 s390x. Red hat enterprise linux for power, little endian - extended update support 8.4 ppc64le. Red hat enterprise linux server - tus 8.4 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.4 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.4 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.4 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6776 for updates and patch information.
Squid is a high-performance proxy caching server for web clients, supporting ftp, gopher, and http data objects...Security Fix(es):
squid: buffer-over-read in sspi and smb authentication (cve-2022-41318).
Affected Products:
Red Hat enterprise linux for x86_64 8 x86_64. Red hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux for ibm z systems 8 s390x. Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x. Red hat enterprise linux for power, little endian 8 ppc64le. Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux for arm 64 8 aarch64. Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6775 for updates and patch information.
Oracle Enterprise Linux has released a security update for squid:4 to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Fedora has released a security update for postgresql to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
Fedora has released a security update for postgresql to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
Oracle Enterprise Linux has released a security update for unbreakable enterprise kernel to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
SUSE has released a security update for bind to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise (Desktop|Server) 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server 12 SP5
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2022:3499-1 for updates and patch information.
The berkeley internet name domain (bind) is an implementation of the domain name system (dns) protocols. Bind includes a dns server (named); a resolver library (routines for applications to use when interfacing with dns); and tools for verifying that the dns server is operating correctly...Security Fix(es):
bind: memory leak in ecdsa dnssec verification code (cve-2022-38177). Bind: memory leaks in eddsa dnssec verification code (cve-2022-38178).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64. Red hat enterprise linux server - aus 8.4 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.4 s390x. Red hat enterprise linux for power, little endian - extended update support 8.4 ppc64le. Red hat enterprise linux server - tus 8.4 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.4 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.4 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.4 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6779 for updates and patch information.
The berkeley internet name domain (bind) is an implementation of the domain name system (dns) protocols. Bind includes a dns server (named); a resolver library (routines for applications to use when interfacing with dns); and tools for verifying that the dns server is operating correctly...Security Fix(es):
bind: memory leak in ecdsa dnssec verification code (cve-2022-38177). Bind: memory leaks in eddsa dnssec verification code (cve-2022-38178).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.2 x86_64. Red hat enterprise linux server - aus 8.2 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.2 s390x. Red hat enterprise linux for power, little endian - extended update support 8.2 ppc64le. Red hat enterprise linux server - tus 8.2 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.2 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.2 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.2 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6780 for updates and patch information.
The berkeley internet name domain (bind) is an implementation of the domain name system (dns) protocols. Bind includes a dns server (named); a resolver library (routines for applications to use when interfacing with dns); and tools for verifying that the dns server is operating correctly...Security Fix(es):
bind: memory leak in ecdsa dnssec verification code (cve-2022-38177). Bind: memory leaks in eddsa dnssec verification code (cve-2022-38178).
Affected Products:
Red Hat enterprise linux for x86_64 8 x86_64. Red hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux for ibm z systems 8 s390x. Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x. Red hat enterprise linux for power, little endian 8 ppc64le. Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux for arm 64 8 aarch64. Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6778 for updates and patch information.
Oracle Enterprise Linux has released a security update for bind9.16 to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for bind to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for powershell to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for libjpeg-turbo to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2021-3521
QID: 904106
Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10647-1)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for rpm to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-39188
QID: 904080
Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10875-1)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-41848
QID: 904111
Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11079)
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-41849
QID: 904091
Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11086)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-41848
QID: 904087
Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11085)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2021-22289
QID: 591083
B and R Industrial Automation Automation Studio 4 Vulnerability (icsa-22-228-05)
AFFECTED PRODUCTS
B and R Automation reports the vulnerabilities affect the following versions of Automation Studio, a programmable logic controller (PLC) automation programming software:
Automation Studio 4: All versions
QID Detection Logic (Authenticated) QID checks for the Vulnerable version using windows registry keys
Consequence
An attacker could leverage this vulnerability to execute code within the context of the affected system, which may threaten the integrity and confidentiality of data or cause a denial-of-service condition
Solution
Customers are advised to refer to Schneider Electric MITIGATIONS section icsa-22-228-05 for affected packages and patching details.
CVE-2018-7243+
QID: 591080
Schneider Electric MGE Network Management Card Transverse installed in MGE UPS and MGE STS Multiple Vulnerabilities (SEVD-2018-074-01)
AFFECTED PRODUCTS
MGE SNMP/Web Card Transverse
MGE Network Management Card Transverse, part number: SF66074. All card versions affected, when installed in following products: MGE Galaxy 5000,MGE Galaxy 6000,MGE Galaxy 9000,MGE EPS 7000,MGE EPS 8000MGE EPS 6000,MGE Comet UPS,MGE Galaxy PW,MGE Galaxy 3000,MGE Galaxy 4000,STS (MGE Upsilon)
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
The vulnerabilities identified include:
1. Authorization Bypass
2. Information Exposure
3. Improper Authorization
4. Cleartext Transmission of Sensitive Information
Solution
Customers are advised to refer to CERT MITIGATIONS section SEVD-2018-074-01 for affected packages and patching details.
QID Detection Logic (Authenticated) QID checks for the Vulnerable version using windows registry keys
Consequence
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to send arbitrary messages within the affected system or to crash attached applications.
Solution
Customers are advised to refer to Schneider Electric MITIGATIONS section ssa-580125 for affected packages and patching details.
AFFECTED PRODUCTS
SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0): All versions prior to V3.3.46
SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0): All versions prior to V3.3.46
SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0): All versions prior to V3.3.46
SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0): All versions prior to V3.3.46
SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0): All versions prior to V3.3.46
SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0): All versions v2.0 and later
SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0): All versions prior to v3.0.22
SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0): All versions v2.0 and later
SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0): All versions v2.0 and later
SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0): All versions v2.0 and later
SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0): All versions v2.0 and later
SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0): All versions prior to V3.3.46
SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0): All versions prior to v3.0.22
SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0): All versions prior to V3.3.46
SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0): All versions prior to V3.3.46
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
These vulnerabilities, if successfully exploited when authorized personnel are using the SINEMA Remote Connect Server (SRCS) VPN feature, could allow an attacker to execute arbitrary code with elevated privileges under certain circumstances.
Solution
Customers are advised to refer to CERT MITIGATIONS section ssa-517377 for affected packages and patching details.
A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
Affected Products:
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IOS XE Software and have MPLS configured:
Catalyst 3650 Series Switches
Catalyst 3850 Series Switches
Catalyst 9300 Series Switches
Catalyst 9400 Series Switches
Catalyst 9500 Series Switches
Catalyst 9600 Series Switches
QID Detection Logic (Authenticated):
The check matches Cisco IOS XE version retrieved via Unix Auth using "show version" command.
QID Detection Logic (Unauthenticated):
The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet.
Consequence
A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
FileZilla is an FTP program for file uploading and downloading to and from your FTP site, server, or host.
CVE-2014--0224: OpenSSL does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to hijack sessions or obtain sensitive information, via a crafted TLS handshake, also known as the "CCS Injection" vulnerability.
Affected versions
Filezilla server prior to 0.9.45
QID detection logic
It checks for the vulnerable version from the file FileZilla Server.exe
An improper access control vulnerability [CWE-284] in FortiOS and FortiProxy autod daemon may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.
Affected Products:
FortiOS version 7.0.0
FortiOS versions 6.4.6 and below
FortiOS versions 6.2.9 and below
FortiOS versions 6.0.12 and below
FortiOS versions 5.6.x
FortiOS-6K7K version 6.4.2
FortiOS-6K7K version 6.2.6 and below
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOS may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-20-131
An improper verification of source of a communication channel vulnerability [CWE-940] in FortiOS may allow a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. This is possible only if at least a firewall policy has inspection mode set to flow-based (default), AND at least a Security Profile is enabled (Web Filter, AntiVirus, IPS, DLP, Application Control, SSL, File filter).
Affected Products:
FortiOS version 7.2.0
FortiOS version 7.0.0 through 7.0.5
FortiOS version 6.4.0 through 6.4.8
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.0.0 through 6.0.14
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOSmay allow a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-22-073
Drupal is a free and open source content management framework written in PHP and distributed under the GNU General Public License.
Drupal uses the Twig third-party library for content templating and sanitization. Twig is vulnerable to path traversal. When using the filesystem loader to load templates for which the name is a user input, it is possible to use the source or include statement to read arbitrary files from outside the templates directory when using a namespace like @somewhere/../some.file (in such a case, validation is bypassed).
Affected Versions:
Drupal 8.0.0 to 9.3.22
Drupal 9.4.0 to 9.4.7
QID Detection Logic:(Unauthenticated)
This QID checks for vulnerable version of Drupal installed on the target.
Consequence
Successful exploitation of the vulnerability may allow remote attackers to read sensitive files on the target server.
Solution
Customers are advised to install latest Drupal version.
For more information visit Drupal security advisory SA-CORE-2022-016.
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS may allow an attacker in possession of the encrypted file to decipher it.
Affected Products:
FortiOS version 7.2.0
FortiOS version 7.0.0 through 7.0.5
FortiOS version 6.4.0 through 6.4.10
FortiOS version 6.2.0 through 6.2.11
FortiOS version 6.0.0 through 6.0.15
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOS may allow an attacker in possession of the encrypted file to decipher it.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-22-158
AFFECTED PRODUCTS
The following Elipse E3 versions are affected:
Elipse E3, Versions 4.5.232-4.6.161,
QID Detection Logic (Authenticated) QID checks for the Vulnerable version using windows registry keys
Consequence
Successful exploitation of this vulnerability would require the victim to install and execute malicious code that could result in arbitrary code execution
Solution
Customers are advised to refer to Schneider Electric MITIGATIONS section ICSA-15-069-04A for affected packages and patching details.
A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point.
Affected Products
Cisco Embedded Wireless Controllers on Catalyst Access Points if they are running a vulnerable release of Cisco IOS XE Software.
Note: No support for Catalyst 9800-CL Wireless Controllers for Cloud
QID Detection Logic (Authenticated): The check matches Cisco IOS XE SDWAN version retrieved via Unix Auth using "show version" command. QID Detection Logic (Unauthenticated): The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet.
Consequence
To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.
JWT token in Authorization header uses symmetric algorithm.
Severity
Minimal1
Qualys ID
150572
Date Published
October 5, 2022
CVSS Scores
Base 7.3 / Temporal 7.1
Description
During the WAS scan , it was observed that JWT token is used in Authorization header contains symmetric algorithm.
Consequence
If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.
Symmetric algorithm uses a secret key to sign and verify messages. If the key is not strong it will be possible to break it using a brute-force or dictionary attack.
Solution
Review the JWT token set in Authorization header to use only one selected signature algorithm.
—
QID: 150571
JWT token in Authorization header uses "none" algorithm.
Severity
Minimal1
Qualys ID
150571
Date Published
October 5, 2022
CVSS Scores
Base 7.3 / Temporal 7.1
Description
During the WAS scan , it was observed that JWT token is used in Authorization header contains "none" algorithm.
Consequence
Vulnerability in JWTDecoder.decode can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated.
Solution
Review the JWT token set in Authorization header to use the signing algorithms, such as HMAC SHA256 or RSA.
—
QID: 150546
First Link Crawled Response Code Information
Severity
Minimal1
Qualys ID
150546
Date Published
October 5, 2022
CVSS Scores
Base / Temporal
Description
The Web server returned the following information from where the Web application scanning engine initiated.
Information reported includes First Link Crawled, response Code, response Header, and response Body (first 500 characters).
The first link crawled is the "Web Application URL (or Swagger file URL)" set in the Web Application profile.
Consequence
An erroneous response might be indicative of a problem in the Web server, or the scan configuration.
Solution
Review the information to check if this is in line with the expected scan configuration. Refer to the output of QIDs 150009, 150019, 150021, 150042 and 150528 (if present) for additional details.
—
QID: 150528
Server Returns HTTP 4XX Error Code During Scanning
Severity
Minimal1
Qualys ID
150528
Date Published
October 5, 2022
CVSS Scores
Base / Temporal
Description
During the WAS scan, links with HTTP 4xx response code were observed and these are listed in the Results section. The HTTP 4xx message indicates a client error. The list of supported 4xx response code are as below:
400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not Found
405 - Method Not Allowed
407 - Proxy Authentication Required
408 - Request Timeout
413 - Payload Too Large
414 - URI Too Long
Consequence
The presence of a HTTP 4xx error during the crawl phase indicates that some problem exists on the website that will be encountered during normal usage of the Web application. Note WAS depends on responses to detect many vulnerabilities if the link does not respond with an expected response then any vulnerabilities present on such links may not be detected.
Solution
Review each link to determine why the client encountered an error while requesting the link. Review and investigate the results of QID 150042 which lists 5xx errors and QID 150019 which lists unexpected response codes.
CVE-2015-20107+
QID: 240700
Red Hat Update for rh-python38-python (RHSA-2022:6766)
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems...Security Fix(es):
python(mailcap): findmatch() function does not sanitise the second argument (cve-2015-20107). Python: int() type in pylong_fromstring() does not limit amount of digits converting text to int leading to dos (cve-2020-10735). Python: an open redirection vulnerability in lib/http/server.py may lead to information disclosure (cve-2021-28861).
Affected Products:
Red Hat software collections (for rhel server) 1 for rhel 7 x86_64. Red hat software collections (for rhel server for system z) 1 for rhel 7 s390x. Red hat software collections (for rhel server for ibm power le) 1 for rhel 7 ppc64le. Red hat software collections (for rhel workstation) 1 for rhel 7 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6766 for updates and patch information.
SUSE has released a security update for webkit2gtk3 to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise (Desktop|Server) 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server 12 SP5
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2022:3492-1 for updates and patch information.
EdgeChromium has released security update for Mac and Windows to fix the vulnerabilities. QID Detection Logic: (Authenticated). It checks package versions to check for the vulnerable packages.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Oracle Enterprise Linux has released a security update for kubernetes to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for kubernetes to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
The berkeley internet name domain (bind) is an implementation of the domain name system (dns) protocols. Bind includes a dns server (named); a resolver library (routines for applications to use when interfacing with dns); and tools for verifying that the dns server is operating correctly...Security Fix(es):
bind: memory leak in ecdsa dnssec verification code (cve-2022-38177). Bind: memory leaks in eddsa dnssec verification code (cve-2022-38178).
Affected Products:
Red Hat enterprise linux server 7 x86_64. Red hat enterprise linux workstation 7 x86_64. Red hat enterprise linux desktop 7 x86_64. Red hat enterprise linux for ibm z systems 7 s390x. Red hat enterprise linux for power, big endian 7 ppc64. Red hat enterprise linux for scientific computing 7 x86_64. Red hat enterprise linux for power, little endian 7 ppc64le.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6765 for updates and patch information.
Oracle Enterprise Linux has released a security update for bind to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for bind to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Fedora has released a security update for efl to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
Fedora has released a security update for efl to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
Cisco Internetwork Operating System (IOS) XE Software Internet Protocol (IPv6) Virtual Private Network (VPN) over MPLS Denial of Service (DoS) Vulnerability (cisco-sa-iosxe-6vpe-dos-tJBtf5Zv)
A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
Affected Products:
This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS XE Software and have both 6VPE and ZBFW features enabled.
QID Detection Logic (Authenticated): The check matches Cisco IOS XE version retrieved via Unix Auth using "show version" command. QID Detection Logic (Unauthenticated): The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet.
Note: This QID does not checks for the workaround hence kept as practice
Consequence
A successful exploit could allow the attacker to reload the device, resulting in a DoS condition.
PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.
Affected versions of PHP has multiple vulnerabilities:
CVE-2022-31628 : The vulnerability exists due to infinite loop within the phar uncompressor code when processing "quines" gzip files. A remote attacker can pass a specially crafted archive to the application, consume all available system resources and cause denial of service conditions.
CVE-2022-31629: The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a '__Host-' or '__Secure-' cookie by PHP applications.
Affected Versions:
PHP versions before 7.4.31
PHP versions 8.0.0 prior to 8.0.24
PHP versions 8.1.0 prior to 8.1.11
QID Detection Logic (Unauthenticated):
This QID checks the HTTP Server header to see if the server is running a vulnerable version of PHP.
Consequence
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or bypass implemented security restrictions.
Solution
Customers are advised to upgrade to the latest version of PHP.
For more information please refer to Sec Bug 81726 and Sec Bug 81727 .
Apache Tomcat is an open source web server and servlet container developed by the Apache Software Foundation.
The simplified implementation of blocking reads and writes exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
Affected Versions:
Apache Tomcat 10.1.0-M1 to 10.1.0-M12
Apache Tomcat 10.0.0-M1 to 10.0.18
Apache Tomcat 9.0.0-M1 to 9.0.60
Apache Tomcat 8.5.0 to 8.5.77
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request to a invalid URL and based on the response confirms the vulnerable instance of Apache Tomcat running on the host.
Consequence
Successful exploitation of this vulnerability could reveal sensitive information to an unauthorized attacker.
Solution
Customers are advised to upgrade Apache Tomcat to new version to remediate this vulnerability. For more information please refer to Apache Tomcat Security Advisory.
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for unbound to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-20847
QID: 317223
Cisco Internetwork Operating System (IOS) XE Wireless Controller Software for the Catalyst 9000 Family DHCP Processing Denial of Service (DoS) Vulnerability (cisco-sa-wlc-dhcp-dos-76pCjPxK)
A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
Affected Products
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IOS XE Software and they have the DHCP TLV caching feature enabled:
Catalyst 9800-CL Wireless Controllers for Cloud
Catalyst 9800 Series Wireless Controllers
Note: This QID does not check if DHCP TLV caching feature is enabled.
Consequence
A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources.
Affected versions of Grafana is vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance.
Affected Versions:
Grafana versions before 8.5.13
Grafana versions from 9.0.0 to 9.0.9
Grafana versions from 9.1.0 to 9.1.6
QID Detection Logic :
This QID sends an HTTP GET request and retrieves a vulnerable version of a Grafana running on the target application.
Consequence
Successful exploitation could allow an attacker to take over the server admin account and gain full control of the grafana instance.
Solution
Customers are advised to upgrade to Grafana to later version to remediate this vulnerability. For more information regarding this vulnerability please refer Github Advisory.
SAP NetWeaver Application Server or SAP Web Application Server is a component of SAP NetWeaver which works as a web application server for SAP products.
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
QID Detection Logic :
This QID sends an HTTP GET request and determines version based on the Server Header.
Consequence
Exploitation of the vulnerability could lead to HTTP request smuggling attack.
Solution
Customers are advised to upgrade latest version to remediate this vulnerability. For more information regarding this vulnerability please refer SAP Security Blog.
AFFECTED PRODUCTS Siemens reports these vulnerabilities affect the following Simcenter Femap simulation applications: Simcenter Femap: All versions prior to v2022.1
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of Siemens using registry "HKLM\SOFTWARE\Siemens"
Consequence
Successful exploitation of these vulnerabilities could allow an attacker to leverage the vulnerabilities to leak information or perform remote code execution in the context of the current process.
Solution
Customers are advised to refer to CERT MITIGATIONS section ICSA-22-069-10 or SSA-94918 for affected packages and patching details.
Fedora has released a security update for kitty to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
Oracle Enterprise Linux has released a security update for squid to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Fedora has released a security update for thunderbird to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-3352
QID: 904072
Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11075)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-33741+
QID: 198967
Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5648-1)
Fedora has released a security update for knot to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
Fedora has released a security update for knot to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
Fedora has released a security update for bind to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
Fedora has released a security update for python3.6 to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
Fedora has released a security update for python3.6 to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for php to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-31628
QID: 904078
Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (11069)
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for php to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-38128
QID: 904077
Common Base Linux Mariner (CBL-Mariner) Security Update for binutils (11058)
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for binutils to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-38127
QID: 904075
Common Base Linux Mariner (CBL-Mariner) Security Update for binutils (11057)
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for binutils to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-38126
QID: 904074
Common Base Linux Mariner (CBL-Mariner) Security Update for binutils (11056)
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for binutils to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-38128
QID: 904073
Common Base Linux Mariner (CBL-Mariner) Security Update for binutils (11073)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for binutils to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-38127
QID: 904071
Common Base Linux Mariner (CBL-Mariner) Security Update for binutils (11072)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for binutils to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-38126
QID: 904070
Common Base Linux Mariner (CBL-Mariner) Security Update for binutils (11071)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for binutils to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2020-35538
QID: 752640
SUSE Enterprise Linux Security Update for libjpeg-turbo (SUSE-SU-2022:3475-1)
SUSE has released a security update for expat to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise (Desktop|Server) 12 SP5
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2022:3466-1 for updates and patch information.
Under certain ldap conditions, cacti authentication can be bypassed with certain credential types. ( ( CVE-2022-0730)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS-2022-1634 for affected packages and patching details, or update with your package manager.
The httpd packages provide the apache http server, a powerful, efficient, and extensible web server...Security Fix(es):
httpd: mod_sed: read/write beyond bounds (cve-2022-23943). Httpd: request splitting via http/2 method injection and mod_proxy (cve-2021-33193). Httpd: null pointer dereference via malformed requests (cve-2021-34798). Httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (cve-2021-36160). Httpd: out-of-bounds write in ap_escape_quotes() via malicious input (cve-2021-39275). Httpd: possible null dereference or ssrf in forward proxy configurations (cve-2021-44224). Httpd: mod_lua: use of uninitialized value of in r:parsebody (cve-2022-22719). Httpd: core: possible buffer overflow with very large or unlimited limitxmlrequestbody (cve-2022-22721). Httpd: mod_proxy_ajp: possible request smuggling (cve-2022-26377). Httpd: mod_lua: dos in r:parsebody (cve-2022-29404). Httpd: mod_sed: dos vulnerability (cve-2022-30522). Httpd: mod_proxy: x-forwarded-for dropped by hop-by-hop mechanism (cve-2022-31813). Httpd: out-of-bounds read via ap_rwrite() (cve-2022-28614). Httpd: out-of-bounds read in ap_strcmp_match() (cve-2022-28615). Httpd: mod_lua: information disclosure with websockets (cve-2022-30556).
Affected Products:
Red Hat software collections (for rhel server) 1 for rhel 7 x86_64. Red hat software collections (for rhel server for system z) 1 for rhel 7 s390x. Red hat software collections (for rhel server for ibm power le) 1 for rhel 7 ppc64le. Red hat software collections (for rhel workstation) 1 for rhel 7 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6753 for updates and patch information.
a flaw was found in golang. The http/1 client accepted invalid transfer-encoding headers indicating "chunked" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid. ( ( CVE-2022-1705) a flaw was found in the golang standard library, go/parser. When calling any parse functions on the go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability. ( ( CVE-2022-1962) authorization bypass through user-controlled key in github repository emicklei/go-restful prior to v3.8.0. ( ( CVE-2022-1996) a buffer overflow flaw was found in golangs library encoding/pem. This flaw allows an attacker to use a large pem input (more than 5 mb) ), causing a stack overflow in decode, which leads to a loss of availability. ( ( CVE-2022-24675) a broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentification with rsa keys to servers that reject signature algorithms based on sha-2, enabling an attacker to crash the server, resulting in a loss of availability. ( ( CVE-2022-27191) a flaw was found in golang encoding/xml. When calling decoder. Skip while parsing a deeply nested xml document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.
Consequence
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
Solution
Please refer to Amazon advisory: ALAS-2022-1635 for affected packages and patching details, or update with your package manager.
Multiple vulnerabilities were discovered in Resource Data Management's Data Manager Application.
Affected Versions: Versions prior to 2.2
QID Detection Logic (Authenticated) QID checks for the Vulnerable version using windows registry keys
Consequence
Privilege escalation allows an attacker to gain elevated access to resources that are normally protected from an application or user. This includes altering logs and parameters.
Solution
Customers are advised to refer to CERT MITIGATIONS section ICSA-15-265-01 for affected packages and patching details.
Fedora has released a security update for bash to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-3324
QID: 904065
Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11055)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-41322
QID: 710632
Gentoo Linux Kitty Arbitrary Code Execution Vulnerability (GLSA 202209-22)
A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload.
Affected Products
This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS or IOS XE Software and are configured to accept SSH connections.
QID Detection Logic (Authenticated):
The check matches Cisco IOS XE version retrieved via Unix Auth using "show version" command.
QID Detection Logic (Unauthenticated):
The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet.
Consequence
A successful exploit could allow the attacker to cause the affected device to reload.
Thunderbird is a free and open-source cross-platform email client developed for Windows, OS X, and Linux, with a mobile version for Android.
Mozilla Thunderbird is prone to
CVE-2022-39249: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators
CVE-2022-39250: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack
CVE-2022-39251: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack
CVE-2022-39236: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue
Affected Products:
Prior to Mozilla Thunderbird 102.3.1
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Thunderbird.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Vendor has released fix to address these vulnerabilities. Refer to MFSA2022-43 or later
Cisco Internetwork Operating System (IOS) and Internetwork Operating System (IOS) XE Software Common Industrial Protocol Request Denial of Service (DoS) Vulnerability (cisco-sa-iosxe-cip-dos-9rTbKLt9)
A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.
Affected Products
Cisco products if they are running a vulnerable release of Cisco IOS or Cisco IOS XE Software and have CIP protocol enabled.
QID Detection Logic (Authenticated): The check matches Cisco IOS XE version retrieved via Unix Auth using "show version" command. QID Detection Logic (Unauthenticated): The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet.
Consequence
A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.
QID Detection Logic (Authenticated): The check matches Cisco IOS XE version retrieved via Unix Auth using "show version" command.
QID Detection Logic (Unauthenticated): The check matches Cisco IOS XE version retrieved via SNMP or TCP/IP Fingerprint or NTP or Telnet.
Consequence
A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
Ibm java se version 8 includes the ibm java runtime environment and the ibm java software development kit...Security Fix(es):
openjdk: incomplete enforcement of jar signing disabled algorithms (libraries, 8249906) (cve-2021-2163).
Affected Products:
Red Hat enterprise linux server 7 x86_64. Red hat enterprise linux workstation 7 x86_64. Red hat enterprise linux desktop 7 x86_64. Red hat enterprise linux for ibm z systems 7 s390x. Red hat enterprise linux for power, big endian 7 ppc64. Red hat enterprise linux for scientific computing 7 x86_64. Red hat enterprise linux for power, little endian 7 ppc64le.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6756 for updates and patch information.
Ibm java se version 7 release 1 includes the ibm java runtime environment and the ibm java software development kit...Security Fix(es):
openjdk: incomplete enforcement of jar signing disabled algorithms (libraries, 8249906) (cve-2021-2163).
Affected Products:
Red Hat enterprise linux server 7 x86_64. Red hat enterprise linux workstation 7 x86_64. Red hat enterprise linux desktop 7 x86_64. Red hat enterprise linux for ibm z systems 7 s390x. Red hat enterprise linux for power, big endian 7 ppc64. Red hat enterprise linux for scientific computing 7 x86_64. Red hat enterprise linux for power, little endian 7 ppc64le.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6755 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-3303
QID: 904064
Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11054)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-35252
QID: 904068
Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11046)
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-35252
QID: 904066
Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11053)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-39227
QID: 904061
Common Base Linux Mariner (CBL-Mariner) Security Update for python-jwt (11032)
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for python-jwt to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-39227
QID: 904058
Common Base Linux Mariner (CBL-Mariner) Security Update for python-jwt (11037)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for python-jwt to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
—
QID: 283155
Fedora Security Update for libofx (FEDORA-2022-c9028047bf)
Fedora has released a security update for libofx to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
Fedora has released a security update for gajim to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
Fedora has released a security update for firefox to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-3296
QID: 904060
Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11034)
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-3297
QID: 904057
Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11043)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-3296
QID: 904056
Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11042)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges.
Affected Products
Following Cisco products if they were running the vulnerable release:
SD-WAN vEdge Cloud Routers
SD-WAN vEdge Routers
SD-WAN vManage Software
Note: Support only for SD-WAN vManage and vedge-100-M.
QID detection logic: The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command
Consequence
A successful exploit could allow the attacker to execute arbitrary commands as the root user.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for unbound to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-3204
QID: 690948
Free Berkeley Software Distribution (FreeBSD) Security Update for unbound (5a1c2e06-3fb7-11ed-a402-b42e991fc52e)
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.
Affected Products:
1) Cisco WLC AireOS Software and they have FIPS mode enabled.
Note: Support only for Cisco WLC Software
QID Detection Logic (Authenticated):
The check matches affected versions retrieved via SNMP.
Consequence
A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition.
A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device.
Affected Products
Cisco products if they are running a vulnerable release of Cisco SD-WAN software:
SD-WAN vEdge Routers
SD-WAN vManage Software
Cisco SD-WAN Software releases :
Prior to 18.4.5
Note: Support only for SD-WAN vManage and vedge-100-M.
QID detection logic: The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command
Consequence
A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system.
Affected Products
Cisco products if they are running a vulnerable release of Cisco SD-WAN software:
SD-WAN vEdge Routers
SD-WAN vManage Software
Cisco SD-WAN Software releases :
Prior to 20.6.2
From 20.8 Prior to 20.8.1
From 20.9 Prior to 20.9.1
Note: Support only for SD-WAN vManage and vedge-100-M.
QID detection logic: The QID checks for Cisco SD WAN version retrieved via Unix Auth using "show system status" command
Consequence
A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.
Juniper Junos is the network operating system used in Juniper Networks hardware systems.
Command injection vulnerability in Junos Space may allow unprivileged users to execute code as root user on the device.
Affected releases are Junos OS:
Juniper Junos Space before version 15.2R2 allows attackers to execute arbitrary code as a root user.
QID detection logic: (Authenticated)
It checks for vulnerable Junos OS version.
Consequence
An attacker can exploit this issue and execute arbitrary code as a root user.
Solution
Users need to update the Junos Space to latest version.
Wordfence Security is a WordPress plugin which includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress sites.
Affected versions of Wordfence Security - Firewall and Malware Scan plugin is vulnerable to Stored Cross-Site Scripting via a setting on the options page due to insufficient escaping on the stored value which makes it possible for authenticated users, with administrative privileges, to inject malicious web scripts.
Affected versions:
Wordfence Security prior to version 7.6.1
QID Detection Logic (Unauthenticated):
This QID sends a HTTP GET request and checks for vulnerable version of Wordfence plugin running on the target WordPress application.
Consequence
Successful exploitation could allow an attacker to execute arbitrary JavaScript code in the context of the interface or allow the attacker to access sensitive, browser-based information.
VMware ESXi is an enterprise level computer virtualization product.
Affected Versions:
VMware ESXi 6.7.x before build 19898906
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Consequence
A malicious actor with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can take advantage of a flaw in memory-mapped I/O (MMIO) fill buffers that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host if the host utilizes Intel processors.
Solution
Refer to VMware advisory VMSA-2022-0016 for more information.
VMware ESXi is an enterprise level computer virtualization product.
Affected Versions:
VMware ESXi 6.5.x
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Consequence
A malicious actor with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can take advantage of a flaw in memory-mapped I/O (MMIO) fill buffers that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host if the host utilizes Intel processors.
Solution
Refer to VMware advisory VMSA-2022-0016 for more information.
Microsoft Exchange Server 2013, 2016, and 2019 are affected by two zero-day vulnerabilities. The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker.
QID Detection Logic (Authenticated):
This QID checks for vulnerable versions of MS Exchange Server and checks if the temporary mitigations have been applied.
Consequence
Successful exploitation of the vulnerability may allow remote code execution.
Solution
There are no patches yet, however, Microsoft advised users to apply temporary mitigations. For more information please refer to Microsoft Security Advisory
CVE-2018-7842
QID: 591075
Schneider Electric Modicon M580 UMAS Improper Authentication Vulnerability (TALOS-2018-0741)
AFFECTED PRODUCTS
Schneider Electric Modicon M580 BMEP582040 SV2.70
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
An exploitable improper authentication vulnerability exists in the UMAS PLC reservation function of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can allow an attacker to masquerade as an authenticated user, resulting in the ability to bypass password protections in place on the device. An attacker can send unauthenticated commands to trigger this vulnerability.
Solution
Customers are advised to refer to CERT MITIGATIONS section TALOS-2018-0741 for affected packages and patching details.
AFFECTED PRODUCTS
20-COMM-ER All Versions
ArmorStart 28xE All Versions
1715-AENTR All Versions
AADvance Safety Controller All Versions
AADvance Eurocard Controllers All Versions
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
If successfully exploited, these vulnerabilities may result in the products faulting and/or ceasing communications, requiring the power to be cycled to the product to recover.
Solution
Customers are advised to refer to CERT MITIGATIONS section PN1575 for affected packages and patching details.
CVE-2022-30264
QID: 591067
Emerson ROC800, ROC800L and DL8000 Vulnerability (ICSA-22-223-04)
AFFECTED PRODUCTS
The following versions of ROC800, a remote automation controller, are affected:
ROC800: All versions
ROC800L: All versions
DL8000: All versions
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
Successful exploitation of this vulnerability could cause file manipulation.
Solution
Customers are advised to refer to CERT MITIGATIONS section icsa-22-223-04 for affected packages and patching details.
AFFECTED PRODUCTS
The following versions of the SIMATIC CP 44x-1 RNA, which connect SIMATIC S7-400 CPUs to Industrial Ethernet, are affected:
SIMATIC CP 44x-1 RNA, all versions prior to Versions 1.4.1.
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
Successful exploitation of this vulnerability may allow an unauthenticated remote attacker to perform administrative actions under certain conditions.
Solution
Customers are advised to refer to CERT MITIGATIONS section ICSA-17-173-01 for affected packages and patching details.
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
Cleartext Transmission of Sensitive Information vulnerability exists, which could cause the disclosure of information when transferring applications to the controller using Modbus TCP protocol.
Solution
Customers are advised to refer to CERT MITIGATIONS section SEVD-2019-281-03 for affected packages and patching details.
CVE-2020-24686
QID: 591066
ABB AC500V2 Webserver Denial of Service (DoS) Vulnerability (ABBVU-ABBVREP0019-3ADR010645)
AFFECTED PRODUCTS
The following AC500 V2 products with onboard ethernet are affected by this vulnerability:
PM554
PM556
PM564
PM566
PM572
PM573
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder.
Solution
Customers are advised to refer to CERT MITIGATIONS section ABBVU-ABBVREP0019-3ADR010645 for affected packages and patching details.
CVE-2019-13941
QID: 591063
Siemens OZW Web Server Vulnerability (ICSA-20-042-09) (SSA-986695)
AFFECTED PRODUCTS
All Innominate mGuard devices running with any firmware version up to firmware version 8.1.3 are affected. The firmware versions 8.1.4 and higher are not affected. The mGuard firmware 7.6.6 patch release also fixes this issue.
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
An attacker authorized as user "admin" may use special configuration settings to execute arbitrary commands as root user with UID 0.
Solution
Customers are advised to refer to CERT MITIGATIONS section Security Advisory 2014/12/17-001 for affected packages and patching details.
AFFECTED PRODUCTS
SIMATIC RF350M: All versions with Summit Client Utility prior to V22.3.5.16
SIMATIC RF650M: All versions with Summit Client Utility prior to V22.3.5.16
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
These vulnerabilities could potentially allow an attacker within the radio range of the wireless network to decrypt, replay or inject forged network packets into the wireless communication.
Solution
Customers are advised to refer to CERT MITIGATIONS section ssa-418456 for affected packages and patching details.
AFFECTED PRODUCTS
Modicon M258 Firmware All versions prior to V5.0.4.11
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
Successful exploitation of this vulnerability may risk buffer overflow attack, which could result in arbitrary code execution or unavailability of the process or operations.
Solution
Customers are advised to refer to CERT MITIGATIONS section SEVD-2020-343-09 for affected packages and patching details.
AFFECTED PRODUCTS
The following Siemens SIMATIC S7-1200 CPU versions are affected:
SIMATIC S7-1200 CPU family Versions: V2.X and V3.X.
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
Attackers could use these vulnerabilities to perform attacks against the SIMATIC S7-1200 CPU family web server to disrupt integrity and availability of normal operations.
Solution
Customers are advised to refer to CERT MITIGATIONS section ICSA-14-114-02 for affected packages and patching details.
AFFECTED PRODUCTS
All Innominate mGuard devices running with any firmware version up to firmware version 8.1.4 are affected. The firmware versions 8.1.5 and higher are not affected. The mGuard firmware 7.6.7 patch release also fixes this issue.
QID Detection Logic (Authenticated): QID checks for the Vulnerable version of using passive scanning
Consequence
An attacker may use specially crafted NTP packets to remotely exploit the NTP vulnerability tracked as CVE-2014-9295 and execute arbitrary code as unprivileged user or to interrupt the NTP service. The mGuard is only vulnerable to this attack if the NTP service on the mGuard is enabled, which is not the default setting. Due to the nature of the NTP protocol exploiting the vulnerability from remote is possible if an attacker can inject malicious packets into communication opened from the mGuard to a remote NTP server.
Solution
Customers are advised to refer to CERT MITIGATIONS section Security Advisory 2015/01/20-001
for affected packages and patching details.
A custom Error Page can be set using a url or a custom regex in the WAS scan configuration. WAS will use the custom error set to compare against responses for 150004 Path-Based Vulnerability and 150174 Path Traversal Vulnerability and further filter responses that match the custom Error Page. If there is a match then respective vulnerabilities will not be reported.
Using the URL option will set the error page as the response received.
WAS will use the response from the URL to make an exact match (including spaces and tags) in order to filter out detections for 150004 and 150174.
The URL set must be in scope for WAS to be able to set the error page.
For the regex option make sure the regex is strict enough to catch the custom error page and not detect valid responses. Using a wildcard regex (.*) is a valid regex but not recommended for use with this configuration, since it will lead to filtering all 150004 and 150174 (potential true vulnerabilities).
Consequence
N/A
Solution
N/A
—
QID: 150506
Web Application Client Certificate Based Authentication Failure
Severity
Minimal1
Qualys ID
150506
Date Published
September 30, 2022
CVSS Scores
Base / Temporal
Description
Web application client certificate-based authentication was performed during the scan, but login attempts using the client certificate and key specified in the Web application's authentication record for this host failed.
Consequence
Vulnerabilities that require Web application authentication may not be detected.
Solution
Verify that the client certificate and key defined in the Web application's authentication record are valid for this host.
—
QID: 150505
Web Application Client Certificate Based Authentication Success
Severity
Minimal1
Qualys ID
150505
Date Published
September 30, 2022
CVSS Scores
Base / Temporal
Description
Web application client certificate based authentication was performed for the scan and was successfully authenticated.
Consequence
N/A
Solution
N/A
CVE-2022-29599
QID: 181084
Debian Security Update for maven-shared-utils (DSA 5242-1)
Oracle Enterprise Linux has released a security update for firefox to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for thunderbird to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for firefox to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Oracle Enterprise Linux has released a security update for thunderbird to fix the vulnerabilities. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation allows an attacker to compromise the system.
Solution
To resolve this issue, upgrade to the latest packages which contain a patch.Refer to Oracle Enterprise Linux advisory below for updates and patch information:
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.
Affected Versions:
McAfee DLP Endpoint for Windows prior to 11.6.600.212 and 11.9.100
QID Detection logic (Authenticated):
This QID checks for vulnerable McAfee DLP Endpoint for Windows version by checking the registry entry for McAfee DLP Agent.
Consequence
Successful exploitation of the vulnerability may allow a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.
Solution
Customers are advised to upgrade McAfee DLP Endpoint to version 11.6.600.212 and 11.9.100 to patch the vulnerability. For more information please refer to Trellix Security Advisory
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for wayland to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.
Apache ZooKeeper 3.5.x has reached EOL and will be effective from 1st of June, 2022
Currently supported versions of Apache ZooKeeper are 3.6.x, 3.7.x and 3.8.x
QID Detection Logic (Unauthenticated):
This QID checks the banner response to see if the server is running a vulnerable version of Apache ZooKeeper.
Consequence
The system is at high risk of exposure to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to attacks.
Solution
Customers are advised to upgrade to Apache ZooKeeper latest versions to remediate these vulnerabilities.
ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.
Apache ZooKeeper 3.4.x has reached EOL and will be effective from 1st of June, 2020
Currently supported versions of Apache ZooKeeper are 3.6.x, 3.7.x and 3.8.x
QID Detection Logic (Unauthenticated):
This QID checks the banner response to see if the server is running a vulnerable version of Apache ZooKeeper.
Consequence
The system is at high risk of exposure to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to attacks.
Solution
Customers are advised to upgrade to Apache ZooKeeper latest versions to remediate these vulnerabilities.
CVE-2022-29581+
QID: 752632
SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3450-1)
Jenkins is an open-source automation server written in Java. Jenkins helps to automate the non-human part of the software development process, with continuous integration and facilitating technical aspects of continuous delivery.
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI.
Affected Versions:
Jenkins weekly up to and including 2.369
Fixed Versions:
Jenkins weekly should be updated to version 2.370
QID Detection Logic(Unauthenticated):
This QID checks for vulnerable version by sending a crafted GET request to Jenkins. This QID also detects the vulnerable version from login page or HTTP header.
Consequence
A stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for finger to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:https://github.com/microsoft/CBL-Mariner/releases
Fedora has released a security update for libofx to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for snakeyaml to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2021-23282
QID: 591061
Eaton Intelligent Power Manager Vulnerability (ICSA-22-130-04) (ETN-VA-2021-1001a)
AFFECTED PRODUCTS
The following versions of Eaton IPM, a power management platform, are affected:
Eaton Intelligent Power Manager (IPM) v1: All versions prior to v1.70
QID Detection Logic (Authenticated) QID checks for the Vulnerable version using windows registry keys
Consequence
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code using untrusted data.
Solution
Customers are advised to refer to CERT MITIGATIONS section icsa-22-130-04 for affected packages and patching details.
The Apache Hadoop software library is a framework that allows for the distributed processing of large data sets across clusters of computers using simple programming models.
QID Detection Logic:(Unauthenticated)
This QID sends GET request to webhdfs/v1 to check Hadoop Namenode information is set to or not.
AFFECTED PRODUCTS
The following Rockwell Automation software products are affected:
Connected Component Workbench: v12.00 and prior
ISaGRAF Workbench: All versions prior to v6.6.10
ISaGRAF Workbench: v6.6.9 and prior
Safety Instrumented Systems Workstation: v1.1 and prior
QID Detection Logic (Authenticated) QID checks for the Vulnerable version using windows registry keys
Consequence
Successful exploitation of this vulnerability could allow an attacker to pass local file data to a remote web server, leading to loss of confidentiality.
Solution
Customers are advised to refer to Schneider Electric MITIGATIONS section icsa-22-088-01 for affected packages and patching details.
CVE-2022-36934
An integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call.
CVE-2022-27492
An integer underflow in WhatsApp for Android prior to v2.22.16.2, WhatsApp for iOS v2.22.15.9 could have caused remote code execution when receiving a crafted video file.
Consequence
On successful exploitation, it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to CVE-2022-27492 to address this issue and obtain more information.
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
Consequence
On successful exploitation, it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to CVE-2022-2623 to address this issue and obtain more information.
OpenSUSE has released a security update for opera to fix the vulnerabilities.
Affected Products: openSUSE Leap 15.4:NonFree
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
SUSE has released a security update for firefox to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise (Desktop|Server) 12 SP5 SUSE Linux Enterprise Server 12 SP5
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2022:3440-1 for updates and patch information.
Chrome has released security updates for Windows, Mac, and Linux to fix the vulnerabilities.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Chrome security advisory 106.0.5249.61 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for wayland to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
—
QID: 650057
EOL/Obsolete Software: Apache Traffic Server 7.x Detected
Apache Traffic Server is a fast, scalable and extensible HTTP/1.1 and HTTP/2.0 compliant caching proxy server.
Apache Traffic Server versions 7.1.12 was released on Jan 07, 2021 and no further releases for 7.1.x have been released.
Apache Traffic Server is currently on a two year major release cycle.
The LTS cycle is supported only for major releases up to 4 years.
Currently supported versions of Apache Traffic Server are 8.1.x, 9.1.x
QID Detection Logic (Unauthenticated):
This QID checks the HTTP Server response header to see if the server is running a vulnerable version of Apache Traffic Server.
Consequence
The system is at high risk of exposure to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to attacks.
Fedora has released a security update for webkit2gtk3 to fix the vulnerabilities.
Affected OS: Fedora 35
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 35 for updates and patch information.
Fedora has released a security update for firefox to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
Fedora has released a security update for bind to fix the vulnerabilities.
Affected OS: Fedora 36
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Solution
Refer to Fedora security advisory Fedora 36 for updates and patch information.
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-3278
QID: 904050
Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11018)
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-3278
QID: 904049
Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11023)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-2785
QID: 904048
Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11022)
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for kernel to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-2022-2048
QID: 730617
Eclipse Jetty Denial of Service (DoS) Vulnerability
Eclipse Jetty is a Java HTTP server and Java Servlet container. While Web Servers are usually associated with serving documents to people, Jetty is now often used for machine to machine communications, usually within larger software frameworks.
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources.
Versions Affected:
Eclipse Jetty Prior to 9.4.47
Eclipse Jetty 10.0.0 to 10.0.9
Eclipse Jetty 11.0.0 to 11.0.9
QID Detection Logic:(Unauthenticated)
It looks at http banner to check for vulnerable version of Jetty.
Consequence
This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
Solution
Customers are advised to refer to eclipse Jetty for more information.
Apache Traffic Server is a fast, scalable and extensible HTTP/1.1 and HTTP/2.0 compliant caching proxy server.
ATS is vulnerable to potential smuggle and MITM attacks
Version Affected:
ATS 7.0.0 to 7.1.12
ATS 8.0.0 to 8.1.1
ATS 9.0.0 to 9.0.1
QID Detection Logic:
This unauthenticated QID relies on the version reported by the ATS service.
Consequence
It allows an attacker to perform multiple attacks like cache poisoning, buffer overflow, and Denial of Service.
OpenSUSE has released a security update for opera to fix the vulnerabilities.
Affected Products: openSUSE Leap 15.3:NonFree
Consequence
Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
Mozilla firefox is an open-source web browser, designed for standards compliance, performance, and portability...Security Fix(es):
mozilla: bypassing featurepolicy restrictions on transient pages (cve-2022-40959). Mozilla: data-race when parsing non-utf-8 urls in threads (cve-2022-40960). Mozilla: memory safety bugs fixed in firefox 105 and firefox esr 102.3 (cve-2022-40962). Mozilla: bypassing secure context restriction for cookies with __host and __secure prefix (cve-2022-40958). Mozilla: content-security-policy base-uri bypass (cve-2022-40956). Mozilla: incoherent instruction cache when building wasm on arm64 (cve-2022-40957).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64. Red hat enterprise linux server - aus 8.4 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.4 s390x. Red hat enterprise linux for power, little endian - extended update support 8.4 ppc64le. Red hat enterprise linux server - tus 8.4 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.4 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.4 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.4 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6701 for updates and patch information.
Mozilla firefox is an open-source web browser, designed for standards compliance, performance, and portability...Security Fix(es):
mozilla: bypassing featurepolicy restrictions on transient pages (cve-2022-40959). Mozilla: data-race when parsing non-utf-8 urls in threads (cve-2022-40960). Mozilla: memory safety bugs fixed in firefox 105 and firefox esr 102.3 (cve-2022-40962). Mozilla: bypassing secure context restriction for cookies with __host and __secure prefix (cve-2022-40958). Mozilla: content-security-policy base-uri bypass (cve-2022-40956). Mozilla: incoherent instruction cache when building wasm on arm64 (cve-2022-40957).
Affected Products:
Red Hat enterprise linux server 7 x86_64. Red hat enterprise linux workstation 7 x86_64. Red hat enterprise linux desktop 7 x86_64. Red hat enterprise linux for ibm z systems 7 s390x. Red hat enterprise linux for power, big endian 7 ppc64. Red hat enterprise linux for power, little endian 7 ppc64le.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6711 for updates and patch information.
Mozilla thunderbird is a standalone mail and newsgroup client...Security Fix(es):
mozilla: leaking of sensitive information when composing a response to an html email with a meta refresh tag (cve-2022-3033). Mozilla: bypassing featurepolicy restrictions on transient pages (cve-2022-40959). Mozilla: data-race when parsing non-utf-8 urls in threads (cve-2022-40960). Mozilla: memory safety bugs fixed in firefox 105 and firefox esr 102.3 (cve-2022-40962). Mozilla: remote content specified in an html document that was nested inside an iframe's srcdoc attribute was not blocked (cve-2022-3032). Mozilla: an iframe element in an html email could trigger a network request (cve-2022-3034). Mozilla: matrix sdk bundled with thunderbird vulnerable to denial-of-service attack (cve-2022-36059). Mozilla: bypassing secure context restriction for cookies with __host and __secure prefix (cve-2022-40958). Mozilla: content-security-policy base-uri bypass (cve-2022-40956). Mozilla: incoherent instruction cache when building wasm on arm64 (cve-2022-40957).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.2 x86_64. Red hat enterprise linux server - aus 8.2 x86_64. Red hat enterprise linux for power, little endian - extended update support 8.2 ppc64le. Red hat enterprise linux server - tus 8.2 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.2 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.2 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.2 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6715 for updates and patch information.
Mozilla thunderbird is a standalone mail and newsgroup client...Security Fix(es):
mozilla: leaking of sensitive information when composing a response to an html email with a meta refresh tag (cve-2022-3033). Mozilla: bypassing featurepolicy restrictions on transient pages (cve-2022-40959). Mozilla: data-race when parsing non-utf-8 urls in threads (cve-2022-40960). Mozilla: memory safety bugs fixed in firefox 105 and firefox esr 102.3 (cve-2022-40962). Mozilla: remote content specified in an html document that was nested inside an iframe's srcdoc attribute was not blocked (cve-2022-3032). Mozilla: an iframe element in an html email could trigger a network request (cve-2022-3034). Mozilla: matrix sdk bundled with thunderbird vulnerable to denial-of-service attack (cve-2022-36059). Mozilla: bypassing secure context restriction for cookies with __host and __secure prefix (cve-2022-40958). Mozilla: content-security-policy base-uri bypass (cve-2022-40956). Mozilla: incoherent instruction cache when building wasm on arm64 (cve-2022-40957).
Affected Products:
Red Hat enterprise linux server 7 x86_64. Red hat enterprise linux workstation 7 x86_64. Red hat enterprise linux desktop 7 x86_64. Red hat enterprise linux for power, little endian 7 ppc64le.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6710 for updates and patch information.
Mozilla firefox is an open-source web browser, designed for standards compliance, performance, and portability...Security Fix(es):
mozilla: bypassing featurepolicy restrictions on transient pages (cve-2022-40959). Mozilla: data-race when parsing non-utf-8 urls in threads (cve-2022-40960). Mozilla: memory safety bugs fixed in firefox 105 and firefox esr 102.3 (cve-2022-40962). Mozilla: bypassing secure context restriction for cookies with __host and __secure prefix (cve-2022-40958). Mozilla: content-security-policy base-uri bypass (cve-2022-40956). Mozilla: incoherent instruction cache when building wasm on arm64 (cve-2022-40957).
Affected Products:
Red Hat enterprise linux for x86_64 8 x86_64. Red hat enterprise linux for x86_64 - extended update support 8.6 x86_64. Red hat enterprise linux server - aus 8.6 x86_64. Red hat enterprise linux for ibm z systems 8 s390x. Red hat enterprise linux for ibm z systems - extended update support 8.6 s390x. Red hat enterprise linux for power, little endian 8 ppc64le. Red hat enterprise linux for power, little endian - extended update support 8.6 ppc64le. Red hat enterprise linux server - tus 8.6 x86_64. Red hat enterprise linux for arm 64 8 aarch64. Red hat enterprise linux for arm 64 - extended update support 8.6 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.6 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.6 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6702 for updates and patch information.
Mozilla firefox is an open-source web browser, designed for standards compliance, performance, and portability...Security Fix(es):
mozilla: bypassing featurepolicy restrictions on transient pages (cve-2022-40959). Mozilla: data-race when parsing non-utf-8 urls in threads (cve-2022-40960). Mozilla: memory safety bugs fixed in firefox 105 and firefox esr 102.3 (cve-2022-40962). Mozilla: bypassing secure context restriction for cookies with __host and __secure prefix (cve-2022-40958). Mozilla: content-security-policy base-uri bypass (cve-2022-40956). Mozilla: incoherent instruction cache when building wasm on arm64 (cve-2022-40957).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.2 x86_64. Red hat enterprise linux server - aus 8.2 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.2 s390x. Red hat enterprise linux for power, little endian - extended update support 8.2 ppc64le. Red hat enterprise linux server - tus 8.2 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.2 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.2 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.2 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6707 for updates and patch information.
Mozilla firefox is an open-source web browser, designed for standards compliance, performance, and portability...Security Fix(es):
mozilla: bypassing featurepolicy restrictions on transient pages (cve-2022-40959). Mozilla: data-race when parsing non-utf-8 urls in threads (cve-2022-40960). Mozilla: memory safety bugs fixed in firefox 105 and firefox esr 102.3 (cve-2022-40962). Mozilla: bypassing secure context restriction for cookies with __host and __secure prefix (cve-2022-40958). Mozilla: content-security-policy base-uri bypass (cve-2022-40956). Mozilla: incoherent instruction cache when building wasm on arm64 (cve-2022-40957).
Affected Products:
Red Hat enterprise linux for x86_64 9 x86_64. Red hat enterprise linux for x86_64 - extended update support 9.0 x86_64. Red hat enterprise linux for ibm z systems 9 s390x. Red hat enterprise linux for ibm z systems - extended update support 9.0 s390x. Red hat enterprise linux for power, little endian 9 ppc64le. Red hat enterprise linux for power, little endian - extended update support 9.0 ppc64le. Red hat enterprise linux for arm 64 9 aarch64. Red hat enterprise linux for arm 64 - extended update support 9.0 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 9.0 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 9.0 x86_64. Red hat enterprise linux server for arm 64 - 4 years of updates 9.0 aarch64. Red hat enterprise linux server for ibm z systems - 4 years of updates 9.0 s390x.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6700 for updates and patch information.
Mozilla thunderbird is a standalone mail and newsgroup client...Security Fix(es):
mozilla: leaking of sensitive information when composing a response to an html email with a meta refresh tag (cve-2022-3033). Mozilla: bypassing featurepolicy restrictions on transient pages (cve-2022-40959). Mozilla: data-race when parsing non-utf-8 urls in threads (cve-2022-40960). Mozilla: memory safety bugs fixed in firefox 105 and firefox esr 102.3 (cve-2022-40962). Mozilla: remote content specified in an html document that was nested inside an iframe's srcdoc attribute was not blocked (cve-2022-3032). Mozilla: an iframe element in an html email could trigger a network request (cve-2022-3034). Mozilla: matrix sdk bundled with thunderbird vulnerable to denial-of-service attack (cve-2022-36059). Mozilla: bypassing secure context restriction for cookies with __host and __secure prefix (cve-2022-40958). Mozilla: content-security-policy base-uri bypass (cve-2022-40956). Mozilla: incoherent instruction cache when building wasm on arm64 (cve-2022-40957).
Affected Products:
Red Hat enterprise linux for x86_64 - extended update support 8.4 x86_64. Red hat enterprise linux server - aus 8.4 x86_64. Red hat enterprise linux for ibm z systems - extended update support 8.4 s390x. Red hat enterprise linux for power, little endian - extended update support 8.4 ppc64le. Red hat enterprise linux server - tus 8.4 x86_64. Red hat enterprise linux for arm 64 - extended update support 8.4 aarch64. Red hat enterprise linux server for power le - update services for sap solutions 8.4 ppc64le. Red hat enterprise linux for x86_64 - update services for sap solutions 8.4 x86_64.
.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:6713 for updates and patch information.
SUSE has released a security update for sqlite3 to fix the vulnerabilities.
Affected product(s): SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise (Desktop|Server) 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to SUSE security advisory SUSE-SU-2022:3401-1 for updates and patch information.
ManageEngine offers enterprise IT management software for your service management, operations management, Active Directory and security needs.
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
Affected Versions:
Access Manager Plus Prior to build 4302
Password Manager Pro Prior to build 12100
PAM360 Prior to build 5500
QID Detection Logic: .
Authenticated : This QID checks for file modified date to check if latest build is installed
Consequence
This remote code execution vulnerability could allow remote attackers to execute arbitrary code on affected installations of Password Manager Pro, PAM360 and Access Manager Plus
Solution
This remote code execution vulnerability could allow remote attackers to execute arbitrary code on affected installations of Password Manager Pro, PAM360 and Access Manager Plus
An integer overflow or wraparound vulnerability [CWE-190] in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
Affected Products:
Only when SSLVPN is enabled:
FortiOS version 7.0.0 and below
FortiOS version 6.4.5 and below
FortiOS version 6.2.9 and below
FortiOS version 6.0.12 and below
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOS may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-049
CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has NOT released a security update for bzr to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Patch is NOT available for the package.
CVE-1999-0612
QID: 904047
Common Base Linux Mariner (CBL-Mariner) Security Update for finger (6422-1)
CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft. CBL-Mariner has released a security update for finger to fix the vulnerabilities.
Consequence
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:https://github.com/microsoft/CBL-Mariner/tree/2.0
AFFECTED PRODUCTS
The following versions of Proficy Machine Edition, an engineering workstation that is part of the PACSystems control system software platform, are affected: Proficy Machine Edition Version 9.80 and prior
QID Detection Logic (Authenticated) QID checks for the Vulnerable version using windows registry keys
Consequence
Successful exploitation of these vulnerabilities could allow for remote hidden code execution on the connected programmable logic controller (PLC) and for malicious files to be uploaded from the PLC to connected workstations.
Solution
Customers are advised to refer to Schneider Electric MITIGATIONS section icsa-22-228-06 for affected packages and patching details.
CVE-2018-25047+
QID: 710622
Gentoo Linux Smarty Multiple Vulnerabilities (GLSA 202209-09)
The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device's location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center.
Consequence
On successful exploitation, it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to CVE-2021-33057 to address this issue and obtain more information.
A heap-based buffer overflow [CWE-122] in the firmware signature verification function of FortiOS may allow an attacker to execute arbitrary code via specially crafted installation images.
Affected Products:
FortiGate E-series and F-series models released in 2019 and later (specifically: 40F, 60F, 200F, 400E, 600E, 1100E, 1800F, 2200E, 2600F, 3300E, 3400E, 3500F, 3600E and 7121F) that are running the following versions of FortiOS:
FortiOS version 7.0.1 and below
FortiOS version 6.4.6 and below
FortiOS version 6.2.9 and below
FortiOS version 6.0.13 and below
FortiOS-6K7K version 6.4.2 and below
FortiOS-6K7K version 6.2.7 and below
FortiOS-6K7K version 6.0.10 and below
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOS may allow an attacker to execute arbitrary code via specially crafted installation images.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-115
A format string vulnerability [CWE-134] in the command line interpreter of FortiOS may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
Affected Products:
FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0 through 7.0.2
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable FortiOS may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-235
A format string vulnerability [CWE-134] in the command line interpreter of FortiMail may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
Affected Products:
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable FortiOS may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-235
A use of hard-coded cryptographic key vulnerability [CWE 321] in FortiOS SSLVPN may allow an attacker to retrieve the key by reverse engineering.
Affected Products:
Only when SSLVPN is enabled:
FortiOS 6.4.5 and below
FortiOS 6.2.8 and below
FortiOS 6.0.12 and below
FortiOS 5.6.13 and below
FortiOS-6K7K version 6.4.2
FortiOS-6K7K version 6.2.6 and below
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOS may allow an attacker to retrieve the key by reverse engineering when SSLVPN is enabled.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-051
A relative path traversal [CWE-23] vulnerability in FortiOS may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.
Affected Products:
FortiOS version7.0.1 and 7.0.0
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable FortiOS may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-181
A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS and FortiProxy may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.
Affected Products:
FortiOS version 6.0.0 through 6.0.14
FortiOS version 6.2.0 through 6.2.10
FortiOS version 6.4.0 through 6.4.8
FortiOS version 7.0.0 through 7.0.2
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable FortiOS may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-179
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths.
Consequence
On successful exploitation, it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to CVE-2022-28755 to address this issue and obtain more information.
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.
Affected Products:
FortiOS version 7.0.0 through 7.0.5
FortiOS version 6.4.0 through 6.4.9
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOS may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-057
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiProxy and FortiOS web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
Affected Products:
FortiOS version 7.0.3 and below
FortiOS version 6.4.8 and below
FortiOS version 6.2.10 and below
FortiOS version 6.0.14 to 6.0.0
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable FortiOS may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-230
An improper access control vulnerability [CWE-284] in FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.
Affected Products:
FortiOS version 6.2.0 through 6.2.10
QID Detection Logic (Authenticated):
Detection checks for vulnerable version of FortiOS.
Consequence
Vulnerable version of FortiOS may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands.
Solution
Vendor has released fixes to address this vulnerability For more details refer advisory FG-IR-21-147
Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.
Consequence
On successful exploitation, it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to CVE-2022-1495 to address this issue and obtain more information.
Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.
Consequence
On successful exploitation, it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch. Refer to CVE-2022-2479 to address this issue and obtain more information.
Under investigation:
We are researching a detection and will publish one if
it is feasible.
In development:
We are coding a detection and will typically publish it
within a few days.
Recently published:
We have published the detection on the date indicated,
and it will typically be available in the KnowledgeBase
on shared platforms within a day.
