Browse, filter by detection status, or search by CVE to get visibility into upcoming and new detections (QIDs) for all severities.
This is a public beta. We welcome your feedback.
Under investigation:
We are researching a detection and will publish one if
it is feasible.
In development:
We are coding a detection and will typically publish it
within a few days.
Recently published:
We have published the detection on the date indicated,
and it will typically be available in the KnowledgeBase
on shared platforms within a day.
Non-Qualys customers can audit their network for all published vulnerabilities by signing up for a Qualys Free Trial or Qualys Community Edition.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3544-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3532-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3516-1 to address this issue and obtain further details.
QID Detection Logic:
This QID detects vulnerable versions of Windows 10 1709 post authentication.
IBM DB2 on Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client.
Affected Versions:
All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on Windows are affected.
QID Detection Logic: Authenticated (DB2):
This QID queries the DB2 server to get the server version and fix pack level and checks to see if it's vulnerable.
Please refer to the following link CVE-2020-4739 for more details.
HPE Smart Storage Administrator is prone to Remote Code Execution Vulnerability(CVE-2016-8523) .
Affected Products:
HPE SSA prior to 2.60.18.0.
QID Detection Logic:
This QID checks Windows Registry to see if it is running a vulnerable version.
Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)
Affected Products :
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Refer to Red Hat security advisory RHSA-2020:5146 to address this issue and obtain more information.
Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)
Affected Products :
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Refer to Red Hat security advisory RHSA-2020:5162 to address this issue and obtain more information.
Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)
Affected Products :
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Refer to Red Hat security advisory RHSA-2020:5163 to address this issue and obtain more information.
Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)
Affected Products :
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Refer to Red Hat security advisory RHSA-2020:5164 to address this issue and obtain more information.
Security Fix(es): chromium-browser: Inappropriate implementation in V8 (CVE-2020-16013)
chromium-browser: Inappropriate implementation in base (CVE-2020-16016)
chromium-browser: Use after free in site isolation (CVE-2020-16017)
Affected Products :
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Refer to Red Hat security advisory RHSA-2020:5165 to address this issue and obtain more information.
Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)
Affected Products :
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Refer to Red Hat security advisory RHSA-2020:5166 to address this issue and obtain more information.
Security Fix(es): hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)
Affected Products :
JBoss Enterprise Application Platform 7.3 for RHEL 8 x86_64
JBoss Enterprise Application Platform 7.3 for RHEL 7 x86_64
JBoss Enterprise Application Platform 7.3 for RHEL 6 x86_64
Refer to Red Hat security advisory RHSA-2020:5175 to address this issue and obtain more information.
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP8
Oracle HTTP Server is the Web server component for Oracle Fusion Middleware. It provides a listener for Oracle WebLogic Server and the framework for hosting static pages, dynamic pages, and applications over the Web.
Affected Versions:
Oracle HTTP Server, versions 12.2.1.3.0, 12.2.1.4.0
QID Detection Logic (Authenticated):
This QID checks the vulnerable version of Oracle HTTP Server from file "inventory.xml" from the Home Directory.
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP8
Affected OS:
Fedora 31
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 31 Update
Affected OS:
Fedora 32
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 32 Update
Affected OS:
Fedora 32
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 32 Update
Affected by following vulnerabilities:
CVE-2020-27930: A memory corruption issue was addressed with improved input validation.
CVE-2020-27932: A type confusion issue was addressed with improved state handling.
CVE-2020-27950: A memory initialization issue was addressed.
Affected versions:
Prior to Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave.
QID Detection Logic (Authenticated):
This QID looks for the missing security patches from Mojave, High Sierra
For more information regarding the update can be found at HT211946.
Affected OS:
Fedora 32
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 32 Update
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3477-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
SUSE Linux Enterprise Module for Server Applications 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3476-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3463-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3464-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Server for SAP 15
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3455-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3425-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3413-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3412-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3414-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Server for SAP 15
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3416-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Server for SAP 12-SP4
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3415-1 to address this issue and obtain further details.
CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
CVE-2020-26956: XSS through paste (manual and clipboard API)
CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
CVE-2020-26959: Use-after-free in WebRequestService
CVE-2020-26960: Potential use-after-free in uses of nsTArray
CVE-2020-15999: Heap buffer overflow in freetype
CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
CVE-2020-26965: Software keyboards may have remembered typed passwords
CVE-2020-26966: Single-word search queries were also broadcast to local network
CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
Affected Products:
Prior to Firefox ESR 78.5
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Firefox browser.
CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
CVE-2020-26956: XSS through paste (manual and clipboard API)
CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
CVE-2020-26959: Use-after-free in WebRequestService
CVE-2020-26960: Potential use-after-free in uses of nsTArray
CVE-2020-15999: Heap buffer overflow in freetype
CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
CVE-2020-26965: Software keyboards may have remembered typed passwords
CVE-2020-26966: Single-word search queries were also broadcast to local network
CVE-2020-26968: Memory safety bugs fixed in Thunderbird 78.5
Affected Products:
Prior to Firefox ESR 78.5
QID Detection Logic (Authenticated) :
This checks for vulnerable version of Firefox browser.
Affected Product:
SUSE Linux Enterprise Module for Live Patching 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3507-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Server for SAP 12-SP3
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3503-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Server for SAP 12-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3501-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Module for Live Patching 15
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3441-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Module for Live Patching 15
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3449-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3433-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3402-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Module for Live Patching 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3400-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Module for Live Patching 15-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3389-1 to address this issue and obtain further details.
Affected Versions:
Solaris 9, Solaris 10, Solaris 11.0
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP5
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 7
CVE-2020-25207: JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
Affected Versions:
JetBrains ToolBox before version 1.18
QID Detection Login
QID will check the version.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller
Affected Versions:
VMware Workstation 15.x prior to 15.5.5
VMware Fusion prior to 11.x prior to 11.5.7
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of Workstation and Fusion .exe file.
Note: Unable to check the workaround suggested by vendor in VMSA-2020-0026, hence added POTENTIAL CHECK.
Refer to VMware advisory VMSA-2020-0026 for more information.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) is vulnerable to a buffer overflow.
Affected Versions:
All fix pack levels of IBM Db2 V10.5, V11.1, and V11.5 editions on all platforms are affected
QID Detection Logic:Authenticated (DB2):
This QID queries the DB2 server to get the server version and fix pack level and checks to see if it's vulnerable.
Please refer to the following link cve-2020-4701 for more details.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.
Affected Versions:
VMware ESXi 6.5 prior to build 17167537
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Note: Unable to check the workaround suggested by vendor in VMSA-2020-0026, hence added POTENTIAL CHECK.
Refer to VMware advisory VMSA-2020-0026 for more information.
Workaround:
Remove a USB Controller from a Virtual Machine.
Please visit here for more information.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.
Affected Versions:
VMware ESXi 6.7 prior to build 17167734
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Note: Unable to check the workaround suggested by vendor in VMSA-2020-0026, hence added POTENTIAL CHECK.
Refer to VMware advisory VMSA-2020-0026 for more information.
Workaround:
Remove a USB Controller from a Virtual Machine.
Please visit here for more information.
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.
Affected Versions:
VMware ESXi 7.0 prior to build 17168206
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Note: Unable to check the workaround suggested by vendor in VMSA-2020-0026, hence added POTENTIAL CHECK.
Refer to VMware advisory VMSA-2020-0026 for more information.
Workaround:
Remove a USB Controller from a Virtual Machine.
Please visit here for more information.
VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed.
Affected Versions:
VMware ESXi 6.5 prior to build 17167537
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Refer to VMware advisory VMSA-2020-0026 for more information.
VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed.
Affected Versions:
VMware ESXi 6.7 prior to build 17167734
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Refer to VMware advisory VMSA-2020-0026 for more information.
VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed.
Affected Versions:
VMware ESXi 7.0 prior to build 17168206
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable versions of VMware ESXi with build version using web service present on target.
Refer to VMware advisory VMSA-2020-0026 for more information.
Affected Versions:
Squid from 3.0 to 3.5.28
Squid from 4.0 to 4.7
Squid from 5.0 to 5.0.1
QID Detection Logic:
This QID checks for vulnerable version of Squid.
Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges.
QID Detection Logic (Authenticated):
The check matches Cisco cimc version retrieved using "show cimc detail " command.
Customers are advised to refer to cisco-sa-ucs-api-rce-UXwpeDHd for more information.
Google Chrome is affected by following Vulnerability.
CVE-2020-16022: Insufficient policy enforcement in networking.
CVE-2020-16018: Use after free in payments.
CVE-2020-16019: Inappropriate implementation in filesystem
CVE-2020-16020: Inappropriate implementation in cryptohome.
CVE-2020-16021: Race in ImageBurner.
CVE-2020-16015: Insufficient data validation in WASM.
CVE-2020-16014: Use after free in PPAPI.
CVE-2020-16023: Use after free in WebCodecs.
CVE-2020-16024: Heap buffer overflow in UI.
CVE-2020-16025: Heap buffer overflow in clipboard.
CVE-2020-16026: Use after free in WebRTC.
CVE-2020-16027: Insufficient policy enforcement in developer tools.
CVE-2020-16028: Heap buffer overflow in WebRTC.
CVE-2020-16029: Inappropriate implementation in PDFium.
CVE-2020-16030: Insufficient data validation in Blink.
CVE-2019-8075: Insufficient data validation in Flash.
CVE-2020-16031: Incorrect security UI in tab preview.
CVE-2020-16032: Incorrect security UI in sharing.
CVE-2020-16033: Incorrect security UI in WebUSB.
CVE-2020-16034: Inappropriate implementation in WebRTC.
CVE-2020-16035: Insufficient data validation in cros-disks.
CVE-2020-16012: Side-channel information leakage in graphics.
CVE-2020-16036: Inappropriate implementation in cookies.
Affected Versions:
Google Chrome Prior to 87.0.4280.66
For Windows and Linux.
Google Chrome Prior to 87.0.4280.67
For MacOs.
QID Detection logic:
It checks for vulnerable versions of Google Chrome by checking its file version on Microsoft Windows, Linux and Mac.
Affected OS: EulerOS V2.0SP5
Affected OS: EulerOS V2.0SP2
Affected OS: EulerOS V2.0SP8
Affected Products:
SUSE Linux Enterprise Module for Server Applications 15-SP1
SUSE Linux Enterprise Module for Python2 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3243-1 to address this issue and obtain further details.
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP8
Affected OS: EulerOS V2.0SP8
Affected Product:
SUSE Linux Enterprise Server for SAP 15
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3283-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Module for Basesystem 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3282-1 to address this issue and obtain further details.
Affected Product:
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3255-1 to address this issue and obtain further details.
iTunes is affected with multiple vulnerabilities.
CVE-2020-10002: A local user may be able to read arbitrary files
CVE-2020-27912: Processing a maliciously crafted image may lead to arbitrary code execution
CVE-2020-27917: Processing maliciously crafted web content may lead to code execution
CVE-2020-27911: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
CVE-2020-27918: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2020-27895: A malicious application may be able to access local users Apple IDs
Affected Versions:
Apple iTunes prior to 12.11. for Windows 10 and later
QID Detection Logic: (Authenticated)
It checks for vulnerable versions of Apple iTunes.
Refer to Apple Security Updates for more information on the vulnerabilities and patching your system: HT211933
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3331-1 to address this issue and obtain further details.
Affected Products:
centos 7
Affected Product:
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3281-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3219-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Module for Legacy Software 15-SP2
SUSE Linux Enterprise Module for Legacy Software 15-SP1
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Development Tools 15-SP1
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP1
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3313-1 to address this issue and obtain further details.
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3351-1 to address this issue and obtain further details.
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP5
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3310-1 to address this issue and obtain further details.
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 7
Affected OS: EulerOS V2.0SP8
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP 12-SP3
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Module for Legacy Software 12
To install packages using the command line interface, use the command "yum update".
Refer to Suse security advisory SUSE-SU-2020:3315-1 to address this issue and obtain further details.
A use-after-free in sysstat was discovered which may allow arbitrary code execution.
Affected Package: app-admin/sysstat
Affected version : Prior to 12.2.1
Multiple vulnerabilities have been found in Twisted, the worst of which could result in a Denial of Service condition.
Affected Package:dev-python/twisted
Affected version : Prior to 20.3.0
Multiple vulnerabilities have been found in SQLite, the worst of which could result in the arbitrary execution of code.
Affected Package: dev-db/sqlite
Affected version : Prior to 3.32.3
Multiple vulnerabilities have been found in rssh, the worst of which could result in the arbitrary execution of code.
Affected Package: app-shells/rssh
Affected version : Prior and equal to 2.3.4_p3
Multiple vulnerabilities have been found in OSSEC, the worst of which could result in the arbitrary execution of code.
Affected Package:- net-analyzer/ossec-hids
Affected version : Prior to 3.6.0
Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)
Affected Products:
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Refer to Red Hat security advisory RHSA-2020:5099 to address this issue and obtain more information.
Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)
Affected Products:
Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Refer to Red Hat security advisory RHSA-2020:5100 to address this issue and obtain more information.
Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)
Affected Products:
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Refer to Red Hat security advisory RHSA-2020:5104 to address this issue and obtain more information.
Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
Refer to Red Hat security advisory RHSA-2020:5135 to address this issue and obtain more information.
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 6
Oracle Linux 7
Security Fix(es): Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950)
Affected Products:
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
Red Hat Enterprise Linux Server - TUS 8.2 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
Refer to Red Hat security advisory RHSA-2020:5139 to address this issue and obtain more information.
Multiple vulnerabilities have been found in libexif, the worst of which could result in the arbitrary execution of code.
Affected Package: media-libs/libexif
Affected version : Prior to 0.6.22_p20201105
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 6
Affected Products:
centos 6
Affected Product:
Oracle Linux 6
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 7
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 7
Affected Product:
Oracle Linux 7
Affected Product:
Oracle Linux 8
Affected Product:
Oracle Linux 8
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
Affected Package:www-client/chromium
Affected version : Prior to 86.0.4240.198 Affected Package:www-client/google-chrome
Affected version : Prior to 86.0.4240.198
iTunes is affected with multiple vulnerabilities.
CVE-2020-9983: Processing maliciously crafted web content may lead to code execution
CVE-2020-9951: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2020-9947: Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2020-9849: A remote attacker may be able to leak memory
CVE-2020-13631: A maliciously crafted SQL query may lead to data corruption
CVE-2020-13630: A remote attacker may be able to cause arbitrary code execution
CVE-2020-13434: A remote attacker may be able to cause a denial of service
CVE-2020-13435: A remote attacker may be able to cause a denial of service
CVE-2020-9981: Processing a maliciously crafted file may lead to arbitrary code execution
CVE-2020-9876: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
CVE-2020-9961: Processing a maliciously crafted image may lead to arbitrary code execution
CVE-2020-9999: Processing a maliciously crafted text file may lead to arbitrary code execution
Affected Version:
Apple iTunes prior to 12.10.9 for Windows 7 and later
QID Detection Logic: (Authenticated)
It checks for vulnerable versions of Apple iTunes.
Refer to Apple Security Updates for more information on the vulnerabilities and patching your system: HT211952
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.
Affected Products:
Cisco Security Manager releases prior to 4.22.
Customers are advised to refer to cisco-sa-csm-path-trav-NgeRnqgR for more information.
A vulnerability has been discovered in MariaDB which could result in the arbitrary execution of code.
Affected Package:dev-db/mariadb
Affected version : Prior to 10.5.6
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. (CVE-2019-12528 )
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. (CVE-2020-15049 )
A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2020-15810 )
A flaw was found in squid. Due to incorrect data validation, an HTTP Request Splitting attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity. (CVE-2020-15811 )
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. (CVE-2020-24606 )
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. (CVE-2020-8449 )
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. (CVE-2020-8450 )
</DIV>qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. (CVE-2018-15746 )
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat[] buffer. An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with privileges of the QEMU process. (CVE-2019-14378 )
An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. (CVE-2020-14364 )
A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ip_reass() routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host, resulting in a denial of service. (CVE-2020-1983 )
</DIV>Affected Products:
centos 7
In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2020-0423 )
A flaw was found in the way the Linux kernel's Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-12351 )
An information leak flaw was found in the way Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality. (CVE-2020-12352 )
A flaw was found in the Linux kernel. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14386 )
A heap buffer overflow flaw was found in the way the Linux kernel's Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-24490 )
A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-25211 )
</DIV>Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 6
Affected Products:
centos 6
Affected Products:
centos 6
Security Fix(es): net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862)
Affected Products:
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Refer to Red Hat security advisory RHSA-2020:5129 to address this issue and obtain more information.
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 6
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 7
Affected Products:
centos 6
Affected Products:
centos 6
Affected Version:
Microsoft Edge based on Chromium Prior to version 86.0.622.68
QID Detection Logic: (authenticated)
Operating System: Windows
The install path is checked via registry "HKLM\SOFTWARE\Clients\StartMenuInternet\Microsoft Edge\shell\open\command". The version is checked via file msedge.exe.
QID Detection Logic: (authenticated)
Operating System: MacOS
The QID checks for vulnerable version of Microsoft Edge from installed application list.
Affected Version:
Microsoft Edge based on Chromium Prior to version 86.0.622.69
QID Detection Logic: (authenticated)
Operating System: Windows
The install path is checked via registry "HKLM\SOFTWARE\Clients\StartMenuInternet\Microsoft Edge\shell\open\command". The version is checked via file msedge.exe.
QID Detection Logic: (authenticated)
Operating System: MacOS
The QID checks for vulnerable version of Microsoft Edge from installed application list.
Multiple vulnerabilities have been found in Salt, the worst of which could result in the arbitrary execution of code.
Affected Package: app-admin/salt
Affected version : Prior to 3000.5
A heap-based buffer overflow in OpenDMARC might allow remote attackers to execute arbitrary code.
Affected Package:mail-filter/opendm
Affected version : Prior to 1.3.3
Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.
Affected Package: www-client/firefox
Affected version : Prior to 82.0 Affected Package: www-client/firefox-bin
Affected version : Prior to 82.0 Affected Package: mail-client/thunderbird
Affected version : Prior to 78.4.0 Affected Package: mail-client/thunderbird-bin
Affected version : Prior to 78.4.0
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
Affected Package:www-client/chromium
Affected version : Prior to 86.0.4240.193
A vulnerability in BlueZ might allow remote attackers to execute arbitrary code.
Affected Package:-wireless/bluez
Affected version : Prior to 5.55
A vulnerability in kpmcore could result in privilege escalation.
Affected Package:ys-libs/kpm
Affected version : Prior to 4.2.0
Multiple vulnerabilities have been found in Nextcloud Desktop Sync client, the worst of which may allow execution of arbitrary code.
Affected Package:-net-misc/nextcloud-client-
Affected version : Prior to 2.6.5
A use-after-free in Mozilla Firefox might allow remote attacker(s) to execute arbitrary code.
Affected Package: www-client/firefox
Affected version : Prior to 82.0.3 Affected Package: www-client/firefox-bin
Affected version : Prior to 78.4.1
