Lucene search
K
QualysblogMost viewed

1089 matches found

Qualys Blog
Qualys Blog
added 2019/10/30 7:40 p.m.5452 views

PHP Remote Code Execution Vulnerability (CVE-2019-11043)

Certain versions of PHP 7 running on NGINX with php-fpm enabled can be vulnerable to the remote code execution vulnerability CVE-2019-11043. Given the simplicity of the exploit, all web servers using the vulnerable version of PHP should be upgraded to non-vulnerable PHP versions as soon as...

7.5CVSS9.8AI score0.9947EPSS
Exploits54
Qualys Blog
Qualys Blog
added 2019/05/16 2:17 a.m.4726 views

Windows RDP Remote Code Execution Vulnerability (BlueKeep) – How to Detect and Patch

This month's Microsoft Patch Tuesday included a very high-risk vulnerability CVE-2019-0708, aka BlueKeep in Remote Desktop that impacts Windows XP, Windows 7, Server 2003, Server 2008, and Server 2008 R2. This vulnerability allows an unauthenticated attacker or malware to execute code on the...

10CVSS1.2AI score0.99999EPSS
Exploits123
Qualys Blog
Qualys Blog
added 2020/01/09 12:12 a.m.4411 views

Citrix ADC and Gateway Remote Code Execution Vulnerability (CVE-2019-19781)

Update January 17, 2020: A new detection in Qualys Web Application Scanning was added. See "Detecting with Qualys WAS" below. Citrix released a security advisory CVE-2019-19781 for a remote code execution vulnerability in Citrix Application Delivery Controller ADC and Citrix Gateway products. The...

7.5CVSS10AI score0.99999EPSS
Exploits48
Qualys Blog
Qualys Blog
added 2017/06/13 6:28 p.m.4124 views

Microsoft Fixes 94 Security Issues in Massive June Update

Today Microsoft released patches to fix 94 vulnerabilities out of which 27 fix remote code execution issues which can allow an attackers to remotely take control of victim machines. This is a massive update and fixes more than double the number of vulnerabilities as compared to the last two month...

10CVSS2.4AI score0.99823EPSS
Exploits68
Qualys Blog
Qualys Blog
added 2019/12/27 6:1 p.m.3743 views

Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking

A recent report identified 19+ vulnerabilities that should be mitigated by end of year 2019. These are a range of top vulnerabilities attacked and leveraged by Advance Persistent Threat APT actors from all parts of the world. The list below shows those top 19 vulnerabilities, and it should be no...

10CVSS0.3AI score0.99999EPSS
Exploits494
Qualys Blog
Qualys Blog
added 2018/08/23 8:27 p.m.2380 views

Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776

A new remote code execution vulnerability in Apache Struts 2, CVE-2018-11776, was disclosed yesterday. While this vulnerability does not exist with a default configuration of Struts, it does exist in commonly seen configurations for some Struts plugins. Update August 24, 2018: A dashboard for thi...

9.3CVSS1.8AI score0.99993EPSS
Exploits87
Qualys Blog
Qualys Blog
added 2019/04/22 8:40 a.m.2042 views

Zombie POODLE and GOLDENDOODLE Vulnerabilities

Recently new vulnerabilities like Zombie POODLE, GOLDENDOODLE, 0-Length OpenSSL and Sleeping POODLE were published for websites that use CBC Cipher Block Chaining block cipher modes. These vulnerabilities are applicable only if the server uses TLS 1.2 or TLS 1.1 or TLS 1.0 with CBC cipher modes...

4.3CVSS6.9AI score0.17139EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2020/01/15 4:0 p.m.1966 views

Introducing Periscope: Out-of-Band Vulnerability Detection Mechanism in Qualys WAS

Web applications and REST APIs can be susceptible to a certain class of vulnerabilities that can't be detected by a traditional HTTP request-response interaction. These vulnerabilities are challenging to find but provide a way for attackers to target otherwise inaccessible, internal systems. An...

7.5CVSS9.9AI score0.99964EPSS
Exploits35
Qualys Blog
Qualys Blog
added 2021/03/03 10:12 p.m.1795 views

Microsoft Exchange Server Zero-Days (ProxyLogon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR

Update March 10, 2021: A new section describes how to respond with mitigation controls if patches cannot be applied, as recommended by Microsoft. This section details the Qualys Policy Compliance control ids for each vulnerability. Update March 8, 2021: Qualys has released an additional QID: 5010...

7.5CVSS0.1AI score0.99999EPSS
Exploits69
Qualys Blog
Qualys Blog
added 2020/12/10 12:48 a.m.1634 views

Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach

Update Jan 5, 2021: New patching section with two new dashboard widgets showing the number of missing FireEye-related patches in your environment and the number of assets in your environment missing one of those patches. Update Dec 23, 2020: Added a new section on compensating controls. Update De...

10CVSS0.3AI score0.99999EPSS
Exploits393
Qualys Blog
Qualys Blog
added 2017/06/19 3:14 p.m.1501 views

The Stack Clash

What is the Stack Clash? The Stack Clash is a vulnerability in the memory management of several operating systems. It affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. It can be exploited by attackers to corrupt memory and execute arbitrary code. Qualys researchers discovere...

7.2CVSS8AI score0.08018EPSS
Exploits15
Qualys Blog
Qualys Blog
added 2020/09/15 7:55 p.m.1458 views

Microsoft Netlogon Vulnerability (CVE-2020-1472 – Zerologon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®

Update October 1, 2020: Microsoft has added step-by-step Zerologon patching instructions because the original instructions "proved confusing to users and may have caused issues with other business operations." Update October 1, 2020: Qualys released new QID 91680 to add a remote unauthenticated...

9.3CVSS0.1AI score0.99512EPSS
Exploits75
Qualys Blog
Qualys Blog
added 2021/01/26 6:9 p.m.1434 views

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)

Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the exploit. Original Post: The Qualys Research Team has discovered a heap overflow vulnerability in sudo...

7.2CVSS0.4AI score0.99295EPSS
Exploits81
Qualys Blog
Qualys Blog
added 2020/12/22 9:17 p.m.1389 views

Qualys Security Advisory: SolarWinds / FireEye

Qualys Researchers found Millions of devices exposed to vulnerabilities used in the stolen FireEye Red Team tools and SolarWinds Orion by analyzing the anonymized set of vulnerabilities across Qualys’ worldwide customer base Qualys to offer a free 60-day integrated Vulnerability Management,...

10CVSS0.2AI score0.99999EPSS
Exploits268
Qualys Blog
Qualys Blog
added 2018/05/07 4:0 p.m.1356 views

How To Prioritize Vulnerabilities in a Modern IT Environment

Here’s a stat that shows the importance of prioritizing vulnerability remediation: Almost 30% of the CVEs disclosed in 2017 had a CVSS score of “High” or “Critical.” That works out to about 3,000 such vulnerabilities, or about 58 every week. Given this large number of severe vulnerabilities, it’s...

10CVSS0.2AI score0.99999EPSS
Exploits44
Qualys Blog
Qualys Blog
added 2021/07/07 11:30 p.m.1300 views

Microsoft Windows Print Spooler RCE Vulnerability (PrintNightmare-CVE-2021-34527) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®

Update July 9, 2021: Added "Registry Settings Check After Installing the Updates" section below. Original Post: On June 29, 2021, a zero-day exploit was observed on Microsoft Windows systems which allows authenticated users with a regular Domain User account to gain full SYSTEM-level privileges. ...

9.3CVSS0.7AI score0.99759EPSS
Exploits75
Qualys Blog
Qualys Blog
added 2022/02/23 5:39 a.m.1204 views

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any...

10CVSS0.6AI score0.99999EPSS
Exploits2414
Qualys Blog
Qualys Blog
added 2021/05/12 3:34 p.m.1200 views

Nefilim Ransomware

Over the past year there has been a rise in extortion malware that focuses on stealing sensitive data and threatening to publish the data unless a ransom is paid. This technique bypasses some of the mitigations put in place, such as backups, which would allow IT organizations to recover data...

7.5CVSS0.1AI score0.99999EPSS
Exploits48
Qualys Blog
Qualys Blog
added 2022/05/04 9:40 a.m.1199 views

Ransomware Insights from the FBI’s 2021 Internet Crime Report

The FBI has published its annual report on Internet crime. Qualys has analyzed its trends and statistics. In this post, we review our findings, especially with regards to the prevalence of Ransomware, and our recommendations for actions that enterprises should take to mitigate their risk. Every...

10CVSS0.6AI score0.99898EPSS
Exploits141
Qualys Blog
Qualys Blog
added 2020/03/11 11:38 p.m.1122 views

Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)

This month's Patch Tuesday, Microsoft disclosed a remote code execution vulnerability in SMB 3.1.1 v3 protocol. Even though initial release of the Patch Tuesday did not mention this vulnerability, details of the issue CVE-2020-0796 were published accidentally on another security vendor’s blog...

7.5CVSS1.7AI score0.9981EPSS
Exploits125
Qualys Blog
Qualys Blog
added 2022/03/07 5:18 a.m.1060 views

AvosLocker Ransomware Behavior Examined on Windows & Linux

AvosLocker is a ransomware group that was identified in 2021, specifically targeting Windows machines. Now a new variant of AvosLocker malware is also targeting Linux environments. In this blog, we examine the behavior of these two AvosLocker Ransomware in detail. AvosLocker is a relatively new...

10CVSS8.9AI score0.99999EPSS
Exploits18
Qualys Blog
Qualys Blog
added 2020/07/06 11:9 p.m.1037 views

F5 BIG-IP Remote Code Execution Vulnerability (CVE-2020-5902)

Update July 10, 2020: F5 updated their mitigation section of security advisory on July 8, 2020 at 17:00 Pacific time, and provided a new mitigation mechanism to help customers mitigate currently known unauthenticated exploits. Qualys also updated QID 38791 to reflect these changes and are availab...

10CVSS0.5AI score0.99999EPSS
Exploits60
Qualys Blog
Qualys Blog
added 2019/08/13 11:58 p.m.1029 views

Windows Remote Desktop Vulnerabilities (Seven Monkeys) – How to Detect and Patch

In the August 2019 Patch Tuesday release, Microsoft disclosed 7 RDP Vulnerabilities, out of which 4 are labeled as critical and 3 as important. All the critical vulnerabilities exist in Remote Desktop Services – formerly known as Terminal Services – and do not require authentication or user...

10CVSS9.4AI score0.75194EPSS
Exploits0
Qualys Blog
Qualys Blog
added 2021/02/01 8:40 p.m.1009 views

Unpacking the CVEs in the FireEye Breach – Start Here First

In a blog post on Dec. 22, 2020, Qualys revealed it has identified 7.5 million instances of vulnerability to the stolen FireEye Red Team assessment tools across an anonymized set of its 15,700-member customer base. Of the 7.5 million instances of vulnerability, 99.84% were caused by only 8 CVEs,...

10CVSS0.4AI score0.99999EPSS
Exploits228
Qualys Blog
Qualys Blog
added 2017/04/11 6:24 p.m.990 views

Microsoft Fixes 45 Vulnerabilities with new Security Update Guide – says goodbye to Security Bulletins

Today is the first month since 1998 in which Microsoft stopped releasing security bulletins with the familiar MSxx-xxx format and replaced it with the new security update guide. We talked about this change earlier in a few blog posts and finally today it’s time to say good bye to security bulleti...

9.3CVSS2.6AI score0.99933EPSS
Exploits31
Qualys Blog
Qualys Blog
added 2021/12/10 7:30 p.m.969 views

CVE-2021-44228: Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell)

Update Take advantage of our free service to quickly detect vulnerabilities in your external attack surface. Visit qualys.com/was-log4shell-help to get started. Update – December 22, 2021 7:53 PM ET A bug in external scanners could result in false negatives when unauthenticated Log4Shell scans we...

9.3CVSS0.6AI score0.99999EPSS
Exploits352
Qualys Blog
Qualys Blog
added 2020/03/10 10:9 p.m.851 views

Detect Apache Tomcat AJP File Inclusion Vulnerability (CVE-2020-1938) using Qualys WAS

As previously reported, a severe vulnerability exists in Apache Tomcat’s Apache JServ Protocol. The Chinese cyber security company Chaitin Tech discovered the vulnerability, named “Ghostcat”, which is tracked using CVE-2020-1938 and rated critical severity with a CVSS v3 score of 9.8. This blog...

7.5CVSS9.7AI score0.9927EPSS
Exploits45
Qualys Blog
Qualys Blog
added 2022/05/06 12:19 p.m.841 views

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

The U.S. Cybersecurity & Infrastructure Security Agency has published its report on the top exploited vulnerabilities of 2021. This blog summarizes the report’s findings and how you can use Qualys VMDR to automatically detect and remediate these risks in your enterprise environment. The...

10CVSS0.7AI score0.99999EPSS
Exploits664
Qualys Blog
Qualys Blog
added 2022/06/14 8:52 p.m.798 views

Detect the Follina MSDT Vulnerability (CVE-2022-30190) with Qualys Multi-Vector EDR & Context XDR

A new remote code execution vulnerability called “Follina” has been found lurking in most Microsoft products. In this blog, we examine a potential attack vector as well as technical details of Follina, and chart the ability to detect this new vulnerability using both Qualys Multi-Vector EDR and...

9.3CVSS8.6AI score0.99374EPSS
Exploits62
Qualys Blog
Qualys Blog
added 2020/08/11 7:2 p.m.786 views

August 2020 Patch Tuesday – 120 Vulnerabilities, 17 Critical, Media Foundation, Windows Codecs, Workstation, Adobe

This month’s Microsoft Patch Tuesday addresses 120 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Media Foundation, .NET Framework, Browsers, Scripting Engines, Office, Outlook, Windows Codecs and several other workstation vulnerabilities. Adobe release...

9.3CVSS1.3AI score0.41131EPSS
Exploits1
Qualys Blog
Qualys Blog
added 2021/07/29 12:20 a.m.729 views

CISA Alert: Top Routinely Exploited Vulnerabilities

On July 28, 2021, the U.S. Cybersecurity and Infrastructure Security Agency CISA released a cybersecurity advisory detailing the top 30 publicly known vulnerabilities that have been routinely exploited by cyber threat actors in 2020 and 2021. Organizations are advised to prioritize and apply...

10CVSS1.1AI score0.99999EPSS
Exploits453
Qualys Blog
Qualys Blog
added 2022/06/06 12:55 p.m.727 views

Introducing Qualys VMDR 2.0

Over the last five years, the number of vulnerabilities disclosed has doubled. The speed at which vulnerabilities are weaponized and leveraged for mass exploitation is down to mere days from weeks. For example, mass exploitation of the Log4Shell vulnerability at the end of 2021 occurred 48 hours...

5CVSS0.66023EPSS
Exploits4
Qualys Blog
Qualys Blog
added 2021/10/05 12:50 p.m.721 views

The Rise of Ransomware

With most employees still working from remote locations, ransomware attacks have increased steadily since the early months of the Covid-19 pandemic. According to the FBI’s 2020 Internet Crime Report 2400+ ransomware-related incidents in 2020 resulted in a loss of about 29 million dollars. These...

10CVSS0.7AI score0.99999EPSS
Exploits272
Qualys Blog
Qualys Blog
added 2017/09/12 6:23 p.m.698 views

September Patch Tuesday: 27 Critical Vulnerabilities from Microsoft, plus Critical Adobe Patches

Today Microsoft released a fairly large batch of patches covering 81 vulnerabilities as part of September’s Patch Tuesday update, with 38 of them impacting Windows. Patches covering 27 of these vulnerabilities are labeled as Critical, and 39 can result in Remote Code Execution RCE. According to...

9.3CVSS2.1AI score0.88698EPSS
Exploits16
Qualys Blog
Qualys Blog
added 2018/01/04 2:17 a.m.660 views

Processor Vulnerabilities – Meltdown and Spectre

UPDATE 1/4/2018: Qualys has released several QIDs for detecting missing patches for these vulnerabilities. UPDATE 1/5/2018: Pre-built AssetView dashboards to visualize impact and remediation progress. Vulnerabilities potentially impacting all major processor vendors were disclosed today by Google...

4.7CVSS7.3AI score0.93838EPSS
Exploits12
Qualys Blog
Qualys Blog
added 2020/01/14 10:57 p.m.659 views

Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate

Update January 31, 2020: Client testing is now available at clienttest.ssllabs.com. Update January 15, 2020: Detection dashboard now available. Today, Microsoft released patch for CVE-2020-0601, aka Curveball, a vulnerability in windows "crypt32.dll" component that could allow attackers to perfor...

5.8CVSS0.4AI score0.89436EPSS
Exploits14
Qualys Blog
Qualys Blog
added 2020/02/11 7:47 p.m.653 views

February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 99 vulnerabilities with 12 of them labeled as Critical. Of the 12 Critical vulns, 7 are for browser and scripting engines, 2 are for Remote Desktop Client, and the remaining 3 are for LNK files, Media Foundation, and Windows. The IE 0-day disclosed i...

9.3CVSS2AI score0.99965EPSS
Exploits47
Qualys Blog
Qualys Blog
added 2020/03/16 11:34 p.m.651 views

Automatically Discover, Prioritize and Remediate Microsoft SMBv3 RCE Vulnerability (CVE-2020-0796) using Qualys VMDR

This month’s Patch Tuesday, Microsoft disclosed a critical “wormable” remote code execution RCE vulnerability in Microsoft Server Message Block 3.1.1 SMBv3 protocol. The exploitation of this vulnerability opens systems up to a 'wormable' attack, which means it would be easy to move from victim to...

7.5CVSS0.2AI score0.9981EPSS
Exploits125
Qualys Blog
Qualys Blog
added 2022/08/09 8:0 p.m.642 views

August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical.

Microsoft Patch Tuesday Summary Microsoft has fixed 121 vulnerabilities aka flaws in the August 2022 update, including 17 vulnerabilities classified as Critical as they allow Elevation of Privilege EoP and Remote Code Execution RCE. This months Patch Tuesday fixes two 2 zero-day vulnerabilities,...

9.3CVSS0.2AI score0.99374EPSS
Exploits67
Qualys Blog
Qualys Blog
added 2017/05/26 8:32 p.m.613 views

Samba Vulnerability CVE-2017-7494

On Wednesday, the Samba Team patched a vulnerability that exists in all versions of Samba including and after version 3.5.0. Exploitation of this vulnerability could result in remote code execution on the affected host. Samba is used to provide SMB and CIFS services for Linux systems, and is...

10CVSS0.2AI score0.99448EPSS
Exploits24
Qualys Blog
Qualys Blog
added 2019/02/12 7:46 p.m.590 views

February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns

This month's Patch Tuesday is very large, with 74 vulns being addressed of which 20 are labeled as critical. Fifteen of these critical vulns are in the Scripting Engine and browsers, with the remainder being GDI+, SharePoint, and DHCP. Microsoft also issued an Advisory for an Exchange 0-day, alon...

9.3CVSS9.7AI score0.99913EPSS
Exploits31
Qualys Blog
Qualys Blog
added 2022/02/26 8:20 p.m.518 views

Russia-Ukraine Crisis: How to Strengthen Your Security Posture to Protect against Cyber Attack, based on CISA Guidelines

CISA has created Shields Up as a response to the Russian invasion of Ukraine. Qualys is responding with additional security, monitoring and governance measures. This blog details how and what our enterprise customers can do to immediately strengthen their security posture and meet CISA’s...

10CVSS1AI score0.99999EPSS
Exploits448
Qualys Blog
Qualys Blog
added 2017/04/15 7:11 a.m.513 views

The Shadow Brokers Release Zero Day Exploit Tools

On Friday, a hacker group known as The Shadow Brokers publicly released a large number of functional exploit tools. Several of these tools make use of zero-day vulnerabilities, most of which are in Microsoft Windows. Exploiting these vulnerabilities in many cases leads to remote code execution an...

10CVSS1.3AI score0.99823EPSS
Exploits67
Qualys Blog
Qualys Blog
added 2022/09/30 11:25 p.m.510 views

Qualys Response to ProxyNotShell Microsoft Exchange Server Zero-Day Threat Using Qualys Cloud Platform

On September 29, 2022, active attacks against Microsoft Exchange were reported by Vietnamese cybersecurity company GTSC. The researcher at GTSC reported two critical vulnerabilities now named “ProxyNotShell” in Microsoft Exchange Server via two advisories issued by Zero Day Initiative:...

0.8AI score0.99964EPSS
Exploits16
Qualys Blog
Qualys Blog
added 2022/10/11 8:0 p.m.508 views

October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.

Microsoft Patch Tuesday Summary Microsoft has fixed 84 vulnerabilities aka flaws in the October 2022 update, including 13 vulnerabilities classified as Critical as they allow Elevation of Privilege EoP, Remote Code Execution RCE, and Spoofing. This months Patch Tuesday fixes two 2 zero-day...

0.99984EPSS
Exploits53
Qualys Blog
Qualys Blog
added 2018/08/27 6:32 p.m.502 views

Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug

Ransomware raids aimed at specific targets with big pockets. Another Struts vulnerability -- but scarier than last year’s. An Android spyware that records your phone calls. These are some of the security news that have caught our attention. New Struts Bug Should Be Patched Yesterday Apache patche...

9.3CVSS9.2AI score0.99993EPSS
Exploits41
Qualys Blog
Qualys Blog
added 2022/03/31 9:0 a.m.494 views

Spring Framework Zero-Day Remote Code Execution (Spring4Shell) Vulnerability

This page last updated: April 7th A new zero-day Remote Code Execution RCE vulnerability, “Spring4Shell” or “SpringShell” was disclosed in the Spring framework. An unauthorized attacker can exploit this vulnerability to remotely execute arbitrary code on the target device. What is Spring Framewor...

7.5CVSS0.2AI score0.99939EPSS
Exploits131
Qualys Blog
Qualys Blog
added 2021/11/18 5:17 p.m.493 views

Conti Ransomware

Conti is a sophisticated Ransomware-as-a-Service RaaS model first detected in December 2019. Since its inception, its use has grown rapidly and has even displaced the use of other RaaS tools like Ryuk. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigati...

9.3CVSS10.6AI score0.99759EPSS
Exploits166
Qualys Blog
Qualys Blog
added 2019/11/12 7:28 p.m.493 views

November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe

This month’s Microsoft Patch Tuesday addresses 74 vulnerabilities with 13 of them labeled as Critical. Of the 13 Critical vulns, 5 are for browsers and scripting engines. Out of the 8 remaining Critical vulns, 4 are potential hypervisor escapes in Hyper-V, as well as vulnerabilities in Microsoft...

9CVSS1.6AI score0.72626EPSS
Exploits3
Qualys Blog
Qualys Blog
added 2021/07/20 12:54 p.m.483 views

Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)

The Qualys Research Team has discovered a sizet-to-int type conversion vulnerability in the Linux Kernel’s filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. Abou...

7.2CVSS7.7AI score0.09808EPSS
Exploits7
Total number of security vulnerabilities1089