Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qualys vulnerabilities and exploits
(subscribe to this query)
7
CVSSv3
CVE-2023-28143
Qualys Cloud Agent for macOS (versions 2.5.1-75 prior to 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT c...
Qualys Cloud Agent
6.5
CVSSv3
CVE-2023-6147
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to conf...
Qualys Policy Compliance
5.4
CVSSv3
CVE-2023-6148
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and acc...
Qualys Policy Compliance
7
CVSSv3
CVE-2023-28140
An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions prior to 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when proc...
Qualys Cloud Agent
6.3
CVSSv3
CVE-2023-28141
An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions prior to 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows malicious users to assume the privileges of the process, and they may delete or...
Qualys Cloud Agent
7
CVSSv3
CVE-2023-28142
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and prior to 4.5.3.1. This allows malicious users to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain ...
Qualys Cloud Agent
4.3
CVSSv3
CVE-2023-4777
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and previous versions allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in ...
Qualys Container Scanning Connector
5.4
CVSSv3
CVE-2023-6146
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser deta...
Qualys Private Cloud Platform
6.5
CVSSv3
CVE-2023-6149
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit...
Qualys Web Application Screening
7.3
CVSSv3
CVE-2022-29549
An issue exists in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known ...
Qualys Cloud Agent For Linux
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »