Cloud Agent
Monthly
Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older). Rated high severity (CVSS 7.0). No vendor patch available.
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. Rated high severity (CVSS 7.0). No vendor patch available.
An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Rated medium severity (CVSS 6.3). No vendor patch available.
An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
An issue was discovered in Qualys Cloud Agent 4.8.0-49. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older). Rated high severity (CVSS 7.0). No vendor patch available.
A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. Rated high severity (CVSS 7.0). No vendor patch available.
An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Rated medium severity (CVSS 6.3). No vendor patch available.
An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
An issue was discovered in Qualys Cloud Agent 4.8.0-49. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.