Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qualys vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28143
Qualys Cloud Agent for macOS (versions 2.5.1-75 prior to 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT c...
Qualys Cloud Agent
NA
CVE-2023-6147
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to conf...
Qualys Policy Compliance
NA
CVE-2023-6148
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and acc...
Qualys Policy Compliance
NA
CVE-2023-28140
An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions prior to 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when proc...
Qualys Cloud Agent
NA
CVE-2023-28141
An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions prior to 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows malicious users to assume the privileges of the process, and they may delete or...
Qualys Cloud Agent
NA
CVE-2023-28142
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and prior to 4.5.3.1. This allows malicious users to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain ...
Qualys Cloud Agent
NA
CVE-2023-6146
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser deta...
Qualys Private Cloud Platform
NA
CVE-2023-6149
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit...
Qualys Web Application Screening
NA
CVE-2023-4777
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and previous versions allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in ...
Qualys Container Scanning Connector
NA
CVE-2022-29549
An issue exists in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known ...
Qualys Cloud Agent For Linux
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »