Platform
OVERVIEW

Enterprise TruRisk Platform

Everything you need to measure, manage, and reduce your cyber risk in one place

CAPABILITIES

All

Asset Management

Vulnerability & Configuration Management

Risk Remediation

Threat Detection & Response

Compliance

Cloud Security

PLATFORM APPS

ASSET MANAGEMENT

CyberSecurity Asset Management (CSAM)
See entire attack surface, continuously maintain your CMDB, and track EOL/EOS software

External Attack Surface Management (EASM) - New
Gain an attacker’s view of your external internet-facing assets and unauthorized software

Vulnerability & Configuration Management

Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster

Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools

Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Risk REMEDIATION

Patch Management (PM)
Efficiently remediate vulnerabilities and patch systems

Custom Assessment and Remediation (CAR)
Quickly create custom scripts and controls for faster, more automated remediation

Threat Detection and Response

Multi-Vector EDR
Advanced endpoint threat protection, improved threat context, and alert prioritization

Context XDR
Extend detection and response beyond the endpoint to the enterprise

Compliance

Policy Compliance
Reduce risk, and comply with internal policies and external regulations with ease

File Integrity Monitoring (FIM)
Reduce alert noise and safeguard files from nefarious actors and cyber threats

Cloud Security

TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.

Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.

Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates

SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack

Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment

Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.

Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Solutions
Use Cases

Endpoint Security

Compliance

PCI Compliance

DORA Compliance

Cloud Security

Application Security

DevOps

Threat Protection

NIS2

Zero-Trust Security

Segments

Small Business

Mid-Sized Business

Enterprise

Federal
Resources
RESOURCES

Resources Library

Product Tours

Blog

Webinars

Qualys Stream

Fundamentals

RESEARCH

Threat Research Unit

Security Alerts

Security Advisories
Support
SUPPORT
More
Customers

Overview

Best Practices

Success Stories

Testimonials
Partners

Overview

Partner Program

VAD Partners

VAR Resellers

MSP/MSSP Partners

Integration Partners

Partner FAQs

Find a Partner
Company

About Us

Our Team

Investor Relations

News

Awards

Events

Careers

Community
- Overview
- Discuss
- Blog
- Training
- Docs
- Resources
Login
What’s my platform?
Contact us
Contact us below to request a quote, or for any product-related questions
Create Account. It’s Free!
Try PM for free
Try VMDR for free
Try VMDR TruRisk for free
Try CS for free
Sign up for TotalCloud
Sign up for CDR
Try CSAM for free
Try PCI for free
Try DORA for free
Try Policy Compliance for free
Try VMDR for Mobile Devices
Try SaaSDR for free
Try Multi-Vector EDR for Free
Try CAR for Free
Request a Demo
Try it
Enterprise TruRisk Platform
- Cloud Platform - Free Trial
Free Services

Try it

Overview
Platform Apps
Vulnerability Management, Detection & Response (VMDR) - Most Popular
Discover, assess, prioritize, and patch critical vulnerabilities up to 50% faster
Enterprise TruRisk Management (ETM) - New
Consolidate & translate security & vulnerability findings from 3rd party tools
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Web App Scanning (WAS)
Automate scanning in CI/CD environments with shift left DAST testing

Overview
Platform Apps
TotalCloud (CNAPP)
Cloud-Native Application Protection Platform (CNAPP) for multi-cloud environment.
Cloud Security Posture Management (CSPM)
Continuously discover, monitor, and analyze your cloud assets for misconfigurations and non-standard deployments.
Infrastructure as Code Security (IaC)
Detect and remediate security issues within IaC templates
SaaS Security Posture Management (SSPM) - New
Manage your security posture and risk across your entire SaaS application stack
Cloud Workload Protection (CWP)
Detect, prioritize, and remediate vulnerabilities in your cloud environment
Cloud Detection and Response (CDR)
Continuous real-time protection of the multi-cloud environment against active exploitation, malware, and unknown threats.
Container Security (CS)
Discover, track, and continuously secure containers – from build to runtime

Security advisories.

Software flaws found by Qualys.

The Qualys Vulnerability and Malware Research Labs (VMRL) is tasked with the investigation of software packages to find new flaws. Once found, we work with the software owner to get the flaw registered (CVEs), and then we assist with the quickest resolution possible by providing detailed technical information, including proof of concept code.

This list of advisories provides insight into the specific vulnerabilities reported.

Jul 1, 2024

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (cve-2024-6387)

Read the advisory
Jan 30, 2024

Heap-based buffer overflow in the glibc's syslog() (CVE-2023-6246)

Read the advisory
Jan 30, 2024

Nontransitive comparison functions lead to out-of-bounds read & write in glibc's qsort()

Read the advisory
Oct 3, 2023

Looney Tunables: Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911)

Read the advisory
Jul 19, 2023

Remote code execution in OpenSSH's forwarded ssh-agent (CVE-2023-38408)

Read the advisory

Accompanying code:
rce-openssh-forwarded-ssh-agent.tar.gz
Jun 6, 2023

LPE and RCE in RenderDoc (CVE-2023-33865, CVE-2023-33864 and CVE-2023-33863)

Read the advisory
Nov 30, 2022

Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)

Read the advisory
Oct 24, 2022

Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)

Read the advisory
Feb 17, 2022

Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine) (CVE-2021-44731)

Read the advisory
Jan 25, 2022

pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

Read the advisory
Jul 20, 2021

Denial of service (stack exhaustion) in systemd (PID 1) (CVE-2021-33910)

Read the advisory

Accompanying exploit:
cve-2021-33910-crasher.c
Jul 20, 2021

Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)

Read the advisory

Accompanying exploit:
cve-2021-33909-crasher.c
cve-2021-33909-exploit.tar.gz
May 4, 2021

21Nails: Multiple Vulnerabilities in Exim Mail Server

Read the advisory

Patch
Jan 26, 2021

Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)

Read the advisory
May 19, 2020

15 years later: Remote Code Execution in qmail (CVE-2005-1513)

Read the advisory

Accompanying exploit:
remote-code-execution-qmail.tar.gz
Feb 24, 2020

LPE and RCE in OpenSMTPD's Default Install (CVE-2020-8794)

Read the advisory

Accompanying exploit:
lpe-rce-opensmtpd-default-install-exploit.c
Feb 24, 2020

Local Information Disclosure in OpenSMTPD (CVE-2020-8793)

Read the advisory

Accompanying exploit:
local-information-disclosure-opensmtpd-exploit.c
Jan 28, 2020

LPE and RCE in OpenSMTPD (CVE-2020-7247)

Read the advisory

Blog post: How to detect and remediate
Patch available at https://www.openbsd.org/errata66.html
Dec 11, 2019

Local Privilege Escalation in OpenBSD's Dynamic Loader (CVE-2019-19726)

Read the advisory
Dec 4, 2019

Authentication Vulnerabilities in OpenBSD (CVE-2019-19521)

Read the advisory
Jun 5, 2019

The Return of the WIZard: RCE in Exim (CVE-2019-10149)

Read the advisory
Jan 9, 2019

System Down: A systemd-journald Exploit

Read the advisory

Accompanying exploit:
system-down.tar.gz
Sep 25, 2018

Mutagen Astronomy: Integer overflow in Linux's create_elf_tables() (CVE-2018-14634)

Read the advisory

Accompanying exploits:
poc-exploit.c
poc-suidbin.c
Jun 11, 2018

Team Password Manager Multiple Security Vulnerabilities

Read the advisory
May 17, 2018

Procps-ng Audit Report

Read the advisory

Patches
Apr 10, 2018

Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability (DSA-2018-025)

Read the advisory
Mar 1, 2018

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates

Read the advisory
Dec 13, 2017

Open-iSCSI Potential code execution vulnerability (CVE-2017-17840)

Read the advisory
Dec 11, 2017

Memory Leak (CVE-2017-1000408) and Buffer Overflow (CVE-2017-1000409) in GNU C Library Dynamic Loader (ld.so)

Read the advisory
Oct 26, 2017

Use of hard-coded cryptographic key (CVE-2017-14021) and hard-coded credentials (CVE-2017-14027) in multiple Korenix JetNet devices

Read the advisory
Sep 26, 2017

Linux PIE/stack Corruption (CVE-2017-1000253)

Read the advisory

cve-2017-1000253.c - accompanying exploit for CentOS-7 kernel versions 3.10.0-514.21.2.el7.x86_64 and 3.10.0-514.26.1.el7.x86_64
Aug 24, 2017

Westermo Routers Multiple Vulnerabilities (ICSA-17-236-01)

Read the advisory
Jul 1, 2017

Dell Active Roles Unquoted Service Path Vulnerability (KB232543)

Read the advisory
Jul 1, 2017

Unquoted Search Path Vulnerability (Active Roles Synchronization Service)

Read the advisory

Workaround and fix
Active Roles 7.2 release notes
Jun 27, 2017

Multiple Vulnerabilities in Multiple Brickcom Devices (CVE-2017-9235, CVE-2017-9236, CVE-2017-9237, CVE-2017-9238)

Read the advisory
Jun 19, 2017

The Stack Clash

Read the advisory

Accompanying exploits:
solaris_rsh.c
openbsd_at.c
netbsd_cve-2017-1000375.c
linux_offset2lib.c
linux_ldso_hwcap.c
linux_ldso_hwcap_64.c
linux_ldso_dynamic.c
freebsd_cve-2017-fgpu.c
freebsd_cve-2017-fgpe.c
freebsd_cve-2017-1085.c
Jun 16, 2017

Unquoted Search Path Vulnerability (Active Roles Administration Service)

Read the advisory

Workaround and fix
Active Roles 7.2 release notes
Jun 8, 2017

Cron: group-crontab-to-root privilege escalation (CVE-2017-9525)

Read the advisory
May 30, 2017

Sudo's get_process_ttyname() for Linux (CVE-2017-1000367)

Read the advisory
Mar 26, 2017

D-Link Network Camera DCS-936L Weak CSRF Protection Vulnerability (CVE-2017-7851)

Read the advisory

DCS-936L Firmware Release
Mar 12, 2017

D-Link DIR-615 Router Multiple Vulnerabilities (CVE-2017-7404, CVE-2017-7405 and CVE-2017-7406)

Read the advisory
Mar 10, 2017

Manage Engine OpManager Multiple Security Vulnerabilities

Read the advisory
Mar 7, 2017

Multiple Vulnerabilities in ACTi Cameras Models from the D, B, I, and E series (CVE-2017-3184, CVE-2017-3185, CVE-2017-3186)

Read the advisory
Feb 28, 2017

Session Fixation Vulnerability in Sophos Secure Web Appliance

Read the advisory
Feb 22, 2017

Insecure CrossDomain.XML in D-Link DCS Series Cameras

Read the advisory
Jan 18, 2017

Zoho ManageEngine OpManager Multiple Vulnerabilities

Read the advisory
Jan 12, 2017

Multiple Vulnerabilities in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x

Read the advisory
Jan 3, 2017

Information Disclosure vulnerability in Netgear DGN2200, DGND3700 & WNDR4500 routers (CVE-2016-5649, CVE-2016-5638)

Read the advisory
Dec 6, 2016

Accellion FTP Multiple Security Vulnerabilities

Read the advisory
Nov 2, 2016

Sensitive Information Disclosure Vulnerability in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x

Read the advisory
Oct 26, 2016

Multiple Vulnerabilities in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x

Read the advisory
Jun 10, 2016

Netgear D6000 and D3600 hard-coded cryptographic keys authentication bypass (CVE-2015-8288, CVE-2015-8289)

Read the advisory
Jan 14, 2016

OpenSSH (CVE-2016-0777 and CVE-2016-0778)

Read the advisory
Oct 15, 2015

LibreSSL (CVE-2015-5333 and CVE-2015-5334)

Read the advisory
Oct 2, 2015

OpenSMTPD Audit Report (CVE-2015-7687)

Read the advisory
Aug 24, 2015

login-utils: file name collision due to incorrect mkstemp use (CVE-2015-5224)

Read the advisory
Jul 23, 2015

userhelper chfn() newline filtering and libuser passwd file handling (CVE-2015-3245 and CVE-2015-3246)

Read the advisory

roothelper.c - an unusual local root exploit
Feb 12, 2015

Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities

Read the advisory
Jan 27, 2015

GHOST: glibc gethostbyname buffer overflow vulnerability (CVE-2015-0235)

Read the advisory
Jul 27, 2014

ZeroCMS Persistent Cross-Site Scripting

Read the advisory
Feb 2, 2014

Foscam Dynamic DNS Predictable Credentials Vulnerability (CVE-2014-1849)

Read the advisory
Jun 15, 2012

ModSecurity and ModSecurity Core Rule Set Multipart Bypasses

Read the advisory
May 7, 2012

Memory Corruption when Adobe Shockwave Player Parses .dir Media File (CVE-2012-2031)

Read the advisory
May 7, 2012

Memory Corruption when Adobe Shockwave Player Parses .dir Media File (CVE-2012-2030)

Read the advisory
May 7, 2012

Memory Corruption when Adobe Shockwave Player Parses .dir Media File (CVE-2012-2029)

Read the advisory
May 7, 2012

Adobe Reader All Versions Memory Corruption - APB11-16 (CVE-2011-2098)

Read the advisory
May 7, 2012

Memory Corruption when Apple Quicktime Parses .pct File (CVE-2012-0671)

Read the advisory
May 4, 2012

Apache Reverse Proxy Security Bypass Vulnerability (CVE-2011-4317)

Read the advisory

OVERVIEW

CAPABILITIES

PLATFORM APPS

ASSET MANAGEMENT

Vulnerability & Configuration Management

Risk REMEDIATION

Threat Detection and Response

Compliance

Cloud Security

Use Cases

Segments

RESOURCES

RESEARCH

Customers

Partners

Company

Overview

CAPABILITIES

Platform Apps

Use Cases

Segments

Resources

Research

Enterprise TruRisk Platform

Free Services

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Security advisories.

Software flaws found by Qualys.

regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems (cve-2024-6387)

Heap-based buffer overflow in the glibc's syslog() (CVE-2023-6246)

Nontransitive comparison functions lead to out-of-bounds read & write in glibc's qsort()

Looney Tunables: Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911)

Remote code execution in OpenSSH's forwarded ssh-agent (CVE-2023-38408)

LPE and RCE in RenderDoc (CVE-2023-33865, CVE-2023-33864 and CVE-2023-33863)

Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)

Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)

Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine) (CVE-2021-44731)

pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

Denial of service (stack exhaustion) in systemd (PID 1) (CVE-2021-33910)

Sequoia: A deep root in Linux's filesystem layer (CVE-2021-33909)

21Nails: Multiple Vulnerabilities in Exim Mail Server

Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)

15 years later: Remote Code Execution in qmail (CVE-2005-1513)

LPE and RCE in OpenSMTPD's Default Install (CVE-2020-8794)

Local Information Disclosure in OpenSMTPD (CVE-2020-8793)

LPE and RCE in OpenSMTPD (CVE-2020-7247)

Local Privilege Escalation in OpenBSD's Dynamic Loader (CVE-2019-19726)

Authentication Vulnerabilities in OpenBSD (CVE-2019-19521)

The Return of the WIZard: RCE in Exim (CVE-2019-10149)

System Down: A systemd-journald Exploit

Mutagen Astronomy: Integer overflow in Linux's create_elf_tables() (CVE-2018-14634)

Team Password Manager Multiple Security Vulnerabilities

Procps-ng Audit Report

Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability (DSA-2018-025)

Citrix NetScaler Application Delivery Controller and NetScaler Gateway Multiple Security Updates

Open-iSCSI Potential code execution vulnerability (CVE-2017-17840)

Memory Leak (CVE-2017-1000408) and Buffer Overflow (CVE-2017-1000409) in GNU C Library Dynamic Loader (ld.so)

Use of hard-coded cryptographic key (CVE-2017-14021) and hard-coded credentials (CVE-2017-14027) in multiple Korenix JetNet devices

Linux PIE/stack Corruption (CVE-2017-1000253)

Westermo Routers Multiple Vulnerabilities (ICSA-17-236-01)

Dell Active Roles Unquoted Service Path Vulnerability (KB232543)

Unquoted Search Path Vulnerability (Active Roles Synchronization Service)

Multiple Vulnerabilities in Multiple Brickcom Devices (CVE-2017-9235, CVE-2017-9236, CVE-2017-9237, CVE-2017-9238)

The Stack Clash

Unquoted Search Path Vulnerability (Active Roles Administration Service)

Cron: group-crontab-to-root privilege escalation (CVE-2017-9525)

Sudo's get_process_ttyname() for Linux (CVE-2017-1000367)

D-Link Network Camera DCS-936L Weak CSRF Protection Vulnerability (CVE-2017-7851)

D-Link DIR-615 Router Multiple Vulnerabilities (CVE-2017-7404, CVE-2017-7405 and CVE-2017-7406)

Manage Engine OpManager Multiple Security Vulnerabilities

Multiple Vulnerabilities in ACTi Cameras Models from the D, B, I, and E series (CVE-2017-3184, CVE-2017-3185, CVE-2017-3186)

Session Fixation Vulnerability in Sophos Secure Web Appliance

Insecure CrossDomain.XML in D-Link DCS Series Cameras

Zoho ManageEngine OpManager Multiple Vulnerabilities

Multiple Vulnerabilities in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) 6.5.x