Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qualys vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2022-29550
An issue exists in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common circu...
Qualys Cloud Agent 4.8.0-49
6.5
CVSSv3
CVE-2023-39154
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and previous versions allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, cap...
Jenkins Qualys Web App Scanning Connector
7.8
CVSSv3
CVE-2019-19519
In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c.
Openbsd Openbsd 6.6
7.8
CVSSv3
CVE-2019-19522
OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned b...
Openbsd Openbsd 6.6
1 Github repository
7.8
CVSSv3
CVE-2019-19520
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
Openbsd Openbsd 6.6
1 Github repository
9.8
CVSSv3
CVE-2019-19521
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c).
Openbsd Openbsd 6.6
1 Github repository
9.8
CVSSv3
CVE-2020-28020
Exim 4 prior to 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
Exim Exim
7
CVSSv3
CVE-2017-1000409
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
Gnu Glibc 2.5
1 EDB exploit
7.5
CVSSv3
CVE-2020-3811
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.
Netqmail Netqmail 1.06
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 20.04
5.5
CVSSv3
CVE-2020-3812
qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's...
Netqmail Netqmail 1.06
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 20.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »