VYPR

Cloud Agent

by Qualitor

CVEs (9)

  • CVE-2025-43079MedNov 10, 2025
    risk 0.41cvss 6.3epss 0.00

    The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and without sanitizing the $PATH environment. If the uninstall script is executed…

  • CVE-2023-28143Apr 18, 2023
    risk 0.00cvss epss 0.00

    Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer allows a local escalation of privilege bounded only to the time of installation and only on older macOSX (macOS 10.15 and older) versions. Attackers may exploit incorrect file permissions to give them ROOT…

  • CVE-2023-28142Apr 18, 2023
    risk 0.00cvss epss 0.00

    A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM…

  • CVE-2023-28141Apr 18, 2023
    risk 0.00cvss epss 0.00

    An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or…

  • CVE-2023-28140Apr 18, 2023
    risk 0.00cvss epss 0.00

    An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library (DLL) via a local attack vector instead of the DLL that the application was expecting, when…

  • CVE-2023-20044Jan 19, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the…

  • CVE-2023-20043Jan 19, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit…

  • CVE-2022-29549Aug 18, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison…

  • CVE-2022-29550Aug 18, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (from environment variables) to disk in cleartext. NOTE: there are no common…