Vulnerabilities > Qualys

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2023-6148 Cross-site Scripting vulnerability in Qualys Policy Compliance 1.0.5
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.
network
low complexity
qualys CWE-79
5.4
2024-01-09 CVE-2023-6149 XXE vulnerability in Qualys web Application Screening
Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.
network
low complexity
qualys CWE-611
6.5
2024-01-09 CVE-2023-6147 XXE vulnerability in Qualys Policy Compliance 1.0.5
Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services.
network
low complexity
qualys CWE-611
6.5
2023-12-08 CVE-2023-6146 Cross-site Scripting vulnerability in Qualys Private Cloud Platform
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users.
network
low complexity
qualys CWE-79
5.4
2023-09-08 CVE-2023-4777 Incorrect Permission Assignment for Critical Resource vulnerability in Qualys Container Scanning Connector 1.6.2.6
An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. 
network
low complexity
qualys CWE-732
4.3
2023-04-18 CVE-2023-28140 Uncontrolled Search Path Element vulnerability in Qualys Cloud Agent 3.1.3.34
An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1.
local
high complexity
qualys CWE-427
7.0
2023-04-18 CVE-2023-28141 Unspecified vulnerability in Qualys Cloud Agent 3.1.3.34/4.5.3.1
An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31.
local
high complexity
qualys
6.3
2023-04-18 CVE-2023-28142 Race Condition vulnerability in Qualys Cloud Agent 3.1.3.34
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1.
local
high complexity
qualys CWE-362
7.0
2023-04-18 CVE-2023-28143 Untrusted Search Path vulnerability in Qualys Cloud Agent 2.5.175
Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT command execution privileges on the host.
local
high complexity
qualys CWE-426
7.0
2022-08-18 CVE-2022-29549 Improper Validation of Integrity Check Value vulnerability in Qualys Cloud Agent for Linux
An issue was discovered in Qualys Cloud Agent 4.8.0-49.
local
low complexity
qualys CWE-354
7.3