Upload File

mcafee foundstone fsl update · 2019. 6. 22. · 2018-jul-19 fsl version 7.6.37 mcafee foundstone...

  • Home
  • Documents
  • McAfee Foundstone FSL Update · 2019. 6. 22. · 2018-JUL-19 FSL version 7.6.37 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update
40
2018-JUL-19 FSL version 7.6.37 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 23785 - Schneider Electric U.motion Builder Multiple Vulnerabilities (ICSA-18-163-01) Category: General Vulnerability Assessment -> NonIntrusive -> SCADA Risk Level: High CVE: CVE-2018-7784, CVE-2018-7785, CVE-2018-7786, CVE-2018-7787 Description Multiple vulnerabilities are present in some versions of Schneider Electric U.motion Builder. Observation Schneider Electric U.motion Builder is a tool used for creation of project for U.motion devices. Multiple vulnerabilities are present in some versions of Schneider Electric U.motion Builder. The flaws lie in multiple components. Successful exploitation could allow an attacker to bypass authentication mechanism, disclose sensitive information, execute arbitrary code or perform unauthorized actions. 23804 - Mozilla Firefox ESR Multiple Vulnerabilities Prior To 60.1 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018- 12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12371, CVE-2018-5156, CVE-2018- 5187, CVE-2018-5188 Description Multiple vulnerabilities are present in some versions of Mozilla Firefox ESR. Observation Mozilla Firefox ESR is a popular web browser. Multiple vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive information, escalate privileges, cause a denial of service condition or execute arbitrary code on the target system. 23805 - Mozilla Firefox ESR Multiple Vulnerabilities Prior To 60.1 Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018- 12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12371, CVE-2018-5156, CVE-2018- 5187, CVE-2018-5188

Upload: others

Post on 10-Feb-2021

14 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 2018-JUL-19FSL version 7.6.37

    MCAFEE FOUNDSTONE FSL UPDATE

    To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is adetailed summary of the new and updated checks included with this release.

    NEW CHECKS

    23785 - Schneider Electric U.motion Builder Multiple Vulnerabilities (ICSA-18-163-01)

    Category: General Vulnerability Assessment -> NonIntrusive -> SCADARisk Level: HighCVE: CVE-2018-7784, CVE-2018-7785, CVE-2018-7786, CVE-2018-7787

    DescriptionMultiple vulnerabilities are present in some versions of Schneider Electric U.motion Builder.

    ObservationSchneider Electric U.motion Builder is a tool used for creation of project for U.motion devices.

    Multiple vulnerabilities are present in some versions of Schneider Electric U.motion Builder. The flaws lie in multiple components. Successful exploitation could allow an attacker to bypass authentication mechanism, disclose sensitive information, execute arbitrary code or perform unauthorized actions.

    23804 - Mozilla Firefox ESR Multiple Vulnerabilities Prior To 60.1

    Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12371, CVE-2018-5156, CVE-2018-5187, CVE-2018-5188

    DescriptionMultiple vulnerabilities are present in some versions of Mozilla Firefox ESR.

    ObservationMozilla Firefox ESR is a popular web browser.

    Multiple vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive information, escalate privileges, cause a denial of service condition or execute arbitrary code on the target system.

    23805 - Mozilla Firefox ESR Multiple Vulnerabilities Prior To 60.1

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12371, CVE-2018-5156, CVE-2018-5187, CVE-2018-5188

  • DescriptionMultiple vulnerabilities are present in some versions of Mozilla Firefox ESR.

    ObservationMozilla Firefox ESR is a popular web browser.

    Multiple vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive information, escalate privileges, cause a denial of service condition or execute arbitrary code on the target system.

    23836 - Mozilla Firefox Multiple Vulnerabilities Prior To 61

    Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188

    DescriptionMultiple vulnerabilities are present in some versions of Mozilla Firefox.

    ObservationMozilla Firefox is a popular web browser.

    Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a exploitable denial-of-service, obtain sensitive information, engage cross-site request forgery attacks or potentially execute arbitrary remote code.

    23837 - Mozilla Firefox Multiple Vulnerabilities Prior To 61

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188

    DescriptionMultiple vulnerabilities are present in some versions of Mozilla Firefox.

    ObservationMozilla Firefox is a popular web browser.

    Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a exploitable denial-of-service, obtain sensitive information, engage cross-site request forgery attacks or potentially execute arbitrary remote code.

    23865 - Cisco NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability (cisco-sa-20180620-fx-os-fabric-execution)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0314

  • DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.

    ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.

    A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco Fabric Services component. Successful exploitation could allow an attacker to execute arbitrary code on the target system.

    23875 - Cisco NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability (cisco-sa-20180620-fx-os-cli-execution)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0312

    DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.

    ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.

    A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in Cisco Fabric Services component of Cisco NX-OS software. Successful exploitation could allow a remote attacker to execute arbitrary code in the system or cause a denial of service condition.

    132470 - Oracle VM OVMSA-2018-0236 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: HighCVE: CVE-2017-11600, CVE-2017-18017, CVE-2017-7616, CVE-2017-8824, CVE-2018-10087, CVE-2018-10124, CVE-2018-1130, CVE-2018-5803

    DescriptionThe scan detected that the host is missing the following update:OVMSA-2018-0236

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000872.html

    OVM3.4x86_64kernel-uek-4.1.12-124.17.1.el6uekkernel-uek-firmware-4.1.12-124.17.1.el6uek

    182735 - FreeBSD couchdb Multiple Vulnerabilities (1e54d140-8493-11e8-a795-0028f8d09152)

    Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2017-12635, CVE-2017-12636, CVE-2018-8007

  • DescriptionThe scan detected that the host is missing the following update:couchdb -- multiple vulnerabilities (1e54d140-8493-11e8-a795-0028f8d09152)

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://www.vuxml.org/freebsd/1e54d140-8493-11e8-a795-0028f8d09152.html

    Affected packages: couchdb < 1.7.2

    23779 - Cisco NX-OS Software NX-API Privilege Escalation Vulnerability (sa-20180620-nxos-nxapi)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0330

    DescriptionA vulnerability is present in some versions of Cisco NX-OS.

    ObservationCisco NX-OS is a network operating system.

    A vulnerability is present in some versions of Cisco NX-OS. The flaw lies in the NX-API management API. Successful exploitation could allow an attacker to escalate privileges and probably execute arbitrary code on the target system.

    23781 - Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability (cisco-sa-20180620-nxos-bo)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0301

    DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.

    ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.

    A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in NX-API feature. Successful exploitation could allow a remote attacker to execute arbitrary code on the target system.

    23855 - Cisco NX-OS Software NX-API Arbitrary Command Execution Vulnerability (cisco-sa-20180620-nx-os-api-execution)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0313

    DescriptionA vulnerability is present in some versions of Cisco NX-OS.

  • ObservationCisco NX-OS is a network operating system.

    A vulnerability is present in some versions of Cisco NX-OS. The flaw lies in the NX-API subsystem. Successful exploitation could allow an authenticated attacker to execute arbitrary commands.

    23873 - Cisco NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability (cisco-sa-20180620-fxnxos-fab-ace)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0308

    DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.

    ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.

    A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco Fabric Services component. Successful exploitation could allow remote attacker to execute arbitrary code or cause a denial of service condition.

    23874 - Cisco NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability (cisco-sa-20180620-fxnxos-ace)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0304

    DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.

    ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.

    A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco Fabric Services component. Successful exploitation could allow a remote attacker to execute arbitrary code, obtain sensitive information or cause a denial of service condition.

    23883 - (HT208933) Apple iTunes Vulnerabilities Prior To 12.8

    Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267,CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-4293

    DescriptionMultiple vulnerabilities are present in some versions of Apple iTunes.

    ObservationApple iTunes is a media management software.

  • Multiple vulnerabilities are present in some versions of Apple iTunes. The flaws lie in several components. Successful exploitation could allow an attacker to remotely execute arbitrary code or cause a denial of service condition on the target system.

    33388 - Oracle Solaris 152922-01 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2008-2086, CVE-2009-3910

    DescriptionThe scan detected that the host is missing the following update:152922-01

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://getupdates.oracle.com/readme/152922-01

    JavaSE 6(x86): update 201 patch (equivalent to JDK 6u201), 64bit

    SOLARIS_10_x86

    SUNWj6rtx:1.6.0,REV=2006.11.29.02.51SUNWj6dvx:1.6.0,REV=2006.11.29.02.51SUNWj6dmx:1.6.0,REV=2006.11.29.02.51

    33389 - Oracle Solaris 152921-01 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2008-2086, CVE-2009-3910

    DescriptionThe scan detected that the host is missing the following update:152921-01

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://getupdates.oracle.com/readme/152921-01

    JavaSE 6(x86): update 201 patch (equivalent to JDK 6u201)

    SOLARIS_10_x86

    SUNWj6cfg:1.6.0,REV=2006.11.29.05.03SUNWj6jmp:1.6.0,REV=2006.12.07.19.34SUNWj6dev:1.6.0,REV=2006.11.29.05.03SUNWj6rt:1.6.0,REV=2006.11.29.05.03SUNWj6dmo:1.6.0,REV=2006.11.29.05.03SUNWj6man:1.6.0,REV=2006.12.07.16.42

  • 33390 - Oracle Solaris 152919-01 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2008-2086, CVE-2009-3910

    DescriptionThe scan detected that the host is missing the following update:152919-01

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://getupdates.oracle.com/readme/152919-01

    JavaSE 6: update 201 patch (equivalent to JDK 6u201)

    SOLARIS_10

    SUNWj6dev:1.6.0,REV=2006.11.29.05.57SUNWj6dmo:1.6.0,REV=2006.11.29.05.57SUNWj6jmp:1.6.0,REV=2006.12.07.19.24SUNWj6man:1.6.0,REV=2006.12.07.16.37SUNWj6cfg:1.6.0,REV=2006.11.29.05.57SUNWj6rt:1.6.0,REV=2006.11.29.05.57

    33391 - Oracle Solaris 152920-01 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2008-2086, CVE-2009-3910

    DescriptionThe scan detected that the host is missing the following update:152920-01

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://getupdates.oracle.com/readme/152920-01

    JavaSE 6: update 201 patch (equivalent to JDK 6u201), 64bit

    SOLARIS_10

    SUNWj6dmx:1.6.0,REV=2006.11.29.04.58SUNWj6rtx:1.6.0,REV=2006.11.29.04.58SUNWj6dvx:1.6.0,REV=2006.11.29.04.58

    131154 - Debian Linux 9.0 DSA-4243-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: High

  • CVE: CVE-2017-15400, CVE-2018-4180, CVE-2018-4181, CVE-2018-6553

    DescriptionThe scan detected that the host is missing the following update:DSA-4243-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://www.debian.org/security/2018/dsa-4243

    Debian 9.0allcups_2.2.1-8+deb9u2

    160433 - CentOS 7 CESA-2018-2113 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126

    DescriptionThe scan detected that the host is missing the following update:CESA-2018-2113

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.centos.org/pipermail/centos-announce/2018-July/022960.html

    CentOS 7x86_64firefox-60.1.0-4.el7.centos

    i686firefox-60.1.0-4.el7.centos

    160436 - CentOS 6 CESA-2018-2112 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126

    DescriptionThe scan detected that the host is missing the following update:CESA-2018-2112

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

  • http://lists.centos.org/pipermail/centos-announce/2018-July/022962.html

    CentOS 6x86_64firefox-60.1.0-5.el6.centos

    i686firefox-60.1.0-5.el6.centos

    193921 - Fedora Linux 28 FEDORA-2018-e5a8b72d0d Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2016-6811, CVE-2017-15713, CVE-2017-15718, CVE-2017-3166, CVE-2018-8009

    DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-e5a8b72d0d

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2

    Fedora Core 28

    hadoop-2.7.6-4.fc28

    193935 - Fedora Linux 27 FEDORA-2018-1a467757ce Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15591, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597, CVE-2017-17044, CVE-2017-17045, CVE-2017-17563, CVE-2017-17564, CVE-2017-17565, CVE-2017-17566, CVE-2018-10981, CVE-2018-10982, CVE-2018-12891, CVE-2018-12892, CVE-2018-12893, CVE-2018-3639, CVE-2018-3665, CVE-2018-7540, CVE-2018-7541, CVE-2018-7542, CVE-2018-8897

    DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-1a467757ce

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2

    Fedora Core 27

    xen-4.9.2-6.fc27

    196042 - Red Hat Enterprise Linux RHSA-2018-2175 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes

  • Risk Level: HighCVE: CVE-2018-5007, CVE-2018-5008

    DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2175

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://www.redhat.com/archives/rhsa-announce/2018-July/msg00014.html

    RHEL6Dx86_64flash-plugin-30.0.0.134-1.el6

    i386flash-plugin-30.0.0.134-1.el6

    RHEL6Sx86_64flash-plugin-30.0.0.134-1.el6

    i386flash-plugin-30.0.0.134-1.el6

    RHEL6WSx86_64flash-plugin-30.0.0.134-1.el6

    i386flash-plugin-30.0.0.134-1.el6

    23774 - Cisco NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability (cisco-sa-20180620-nxosrbac)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0293

    DescriptionA vulnerability is present in some versions of Cisco NX-OS.

    ObservationCisco NX-OS is a network operating system.

    A vulnerability is present in some versions of Cisco NX-OS. The flaw lies in the role-based access control (RBAC) component. Successful exploitation could allow an attacker to execute CLI commands normally restricted to administrative users.

    23788 - Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability(cisco-sa-20180620-nxossnm

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: High

  • CVE: CVE-2018-0291

    DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.

    ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.

    A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in SNMP input packet processor of Cisco NX-OS software. Successful exploitation could allow a remote attacker to cause a denial of service condition.

    23744 - Rockwell Automation RSLinx Classic Unquoted Search Path Vulnerability (1073800)

    Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-10619

    DescriptionA vulnerability is present in some versions of Rockwell Automation RSLinx Classic.

    ObservationRockwell Automation RSLinx Classic is a product used to connect Rockwell Automation applications through Logix5000 Programmable Automation controllers.

    A vulnerability is present in some versions of Rockwell Automation RSLinx Classic. The flaw exists because this product uses a search path containing unquoted elements. Successful exploitation could allow a local attacker to escalate privileges or execute arbitrary code on the target system.

    23783 - Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability (cisco-sa-20180620-nxosbgp)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0295

    DescriptionA denial-of-service vulnerability is present in some versions of Cisco NX-OS Software.

    ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.

    A denial-of-service vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the BGP protocol implementation in Cisco NX-OS systems. Successful exploitation could allow a remote attacker to cause a denial of service.

    23846 - (VMSA-2018-0016) VMware Fusion Multiple Vulnerabilities

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-6965, CVE-2018-6966, CVE-2018-6967

    DescriptionMultiple vulnerabilities are present in some versions of VMware Fusion.

  • ObservationVMware Fusion is a popular virtualization platform.

    Multiple vulnerabilities are present in some versions of VMware Fusion. The flaws lie in multiple components. Successful exploitation could allow an attacker to retrieve sensitive data or cause a denial of service condition in the target system.

    23863 - Mozilla Firefox ESR Vulnerabilities Prior To ESR 52.9

    Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-5156, CVE-2018-5188

    DescriptionMultiple Vulnerabilities are present in some versions of Mozilla Firefox ESR.

    ObservationMozilla Firefox ESR is a popular web browser.

    Multiple Vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in multiple components. Successful exploitation could allow an attacker to bypass security access restrictions, retrieve sensitive data, remotely execute arbitrary code on the target system and cause a denial of service condition.

    23864 - Mozilla Firefox ESR Vulnerabilities Prior To ESR 52.9

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-5156, CVE-2018-5188

    DescriptionMultiple Vulnerabilities are present in some versions of Mozilla Firefox ESR.

    ObservationMozilla Firefox ESR is a popular web browser.

    Multiple Vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in multiple components. Successful exploitation could allow an attacker to bypass security access restrictions, retrieve sensitive data, remotely execute arbitrary code on the target system and cause a denial of service condition.

    23866 - Mozilla Thunderbird Multiple Vulnerabilities Prior To 52.9

    Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-12372, CVE-2018-12373, CVE-2018-12374, CVE-2018-5188

    DescriptionMultiple vulnerabilities are present in some versions of Mozilla Thunderbird.

    Observation

  • Mozilla Thunderbird is an open-source email, newsgroup, news feed, and chat client.

    Multiple vulnerabilities are present in some versions of Mozilla Thunderbird. The flaws lie in several components. Successful exploitation could allow an attacker to cause buffer overflow, retrieve sensitive data, remotely execute arbitrary code on the target system or cause a denial of service condition.

    23867 - Mozilla Thunderbird Multiple Vulnerabilities Prior To 52.9

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-12372, CVE-2018-12373, CVE-2018-12374, CVE-2018-5188

    DescriptionMultiple vulnerabilities are present in some versions of Mozilla Thunderbird.

    ObservationMozilla Thunderbird is an open-source email, newsgroup, news feed, and chat client.

    Multiple vulnerabilities are present in some versions of Mozilla Thunderbird. The flaws lie in several components. Successful exploitation could allow an attacker to cause buffer overflow, retrieve sensitive data, remotely execute arbitrary code on the target system or cause a denial of service condition.

    23870 - Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability (cisco-sa-20180620-fx-os-fabric-dos)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0305

    DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.

    ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.

    A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco Fabric Services component. Successful exploitation could allow an attacker to cause denial of service condition on the target system.

    23876 - Cisco NX-OS Software CLI Arbitrary Command Execution Vulnerability (cisco-sa-20180620-nx-os-cli-execution)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0306

    DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.

    ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.

    A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco CLI parser. Successful exploitation could allow a local attacker to escalate privileges.

  • 132469 - Oracle VM OVMSA-2018-0237 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: HighCVE: CVE-2015-8575, CVE-2016-2384, CVE-2016-2543, CVE-2016-2544, CVE-2016-2545, CVE-2016-2547, CVE-2016-2548,CVE-2016-2549, CVE-2017-1000410, CVE-2017-11600, CVE-2017-17741, CVE-2017-18203, CVE-2017-7616, CVE-2017-8824,CVE-2018-1000199, CVE-2018-10087, CVE-2018-10124, CVE-2018-10323, CVE-2018-1130, CVE-2018-3665, CVE-2018-5803,CVE-2018-8781

    DescriptionThe scan detected that the host is missing the following update:OVMSA-2018-0237

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000874.html

    OVM3.3x86_64kernel-uek-3.8.13-118.22.1.el6uekkernel-uek-firmware-3.8.13-118.22.1.el6uek

    139094 - Oracle Solaris 11.3.33.5.0 Update Is Not Installed (Third Party Components)

    Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2016-10713, CVE-2016-6131, CVE-2016-8625, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-12448, CVE-2017-12449, CVE-2017-12450, CVE-2017-12451, CVE-2017-12452,CVE-2017-12453, CVE-2017-12454, CVE-2017-12455, CVE-2017-12456, CVE-2017-12457, CVE-2017-12458, CVE-2017-12459,CVE-2017-12799, CVE-2017-12967, CVE-2017-13710, CVE-2017-13716, CVE-2017-13757, CVE-2017-14128, CVE-2017-14129,CVE-2017-14130, CVE-2017-14333, CVE-2017-14529, CVE-2017-14729, CVE-2017-14745, CVE-2017-14930, CVE-2017-14932,CVE-2017-14933, CVE-2017-14934, CVE-2017-14938, CVE-2017-14939, CVE-2017-14940, CVE-2017-14974, CVE-2017-15020,CVE-2017-15021, CVE-2017-15022, CVE-2017-15023, CVE-2017-15024, CVE-2017-15025, CVE-2017-15225, CVE-2017-15938,CVE-2017-15939, CVE-2017-15996, CVE-2017-16826, CVE-2017-16827, CVE-2017-16828, CVE-2017-16829, CVE-2017-16830,CVE-2017-16831, CVE-2017-16832, CVE-2017-17080, CVE-2017-17121, CVE-2017-17122, CVE-2017-17123, CVE-2017-17124,CVE-2017-17125, CVE-2017-17126, CVE-2017-17689, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0492,CVE-2018-1000005, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000156,CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549, CVE-2018-11356, CVE-2018-11357,CVE-2018-11358, CVE-2018-11359, CVE-2018-11360, CVE-2018-11362, CVE-2018-2755, CVE-2018-2758, CVE-2018-2761,CVE-2018-2766, CVE-2018-2771, CVE-2018-2773, CVE-2018-2781, CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2805, CVE-2018-2813, CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5161, CVE-2018-5162, CVE-2018-5168, CVE-2018-5170,CVE-2018-5174, CVE-2018-5178, CVE-2018-5183, CVE-2018-5184, CVE-2018-5185, CVE-2018-5702, CVE-2018-5712, CVE-2018-6543, CVE-2018-6759, CVE-2018-6872, CVE-2018-6942, CVE-2018-6951, CVE-2018-6952

    DescriptionThe scan detected that the host is missing the following update:SRU 11.3.33.5.0

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://support.oracle.com/rs?type=doc&id=2410158.1

  • https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=507462766511768&id=1448883.1&_afrWindowMode=0&_adf.ctrl-state=98kg3qcn0_33#aref_section26

    139095 - Oracle Solaris 11.3.32.4.0 Update Is Not Installed (Third Party Components)

    Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2017-12837, CVE-2017-12883, CVE-2017-14746, CVE-2017-15275, CVE-2017-15710, CVE-2017-15715, CVE-2017-18210, CVE-2017-18211, CVE-2017-3738, CVE-2018-0733, CVE-2018-0739, CVE-2018-1050, CVE-2018-1057, CVE-2018-11251, CVE-2018-11655, CVE-2018-11656, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-2908, CVE-2018-6930, CVE-2018-7443, CVE-2018-7470, CVE-2018-7750, CVE-2018-9256, CVE-2018-9257,CVE-2018-9258, CVE-2018-9259, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274

    DescriptionThe scan detected that the host is missing the following update:SRU 11.3.32.4.0

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://support.oracle.com/rs?type=doc&id=2396704.1https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=507462766511768&id=1448883.1&_afrWindowMode=0&_adf.ctrl-state=98kg3qcn0_33#aref_section26

    146860 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1972-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-12015, CVE-2018-6797, CVE-2018-6798, CVE-2018-6913

    DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1972-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.suse.com/pipermail/sle-security-updates/2018-July/004278.html

    SuSE SLED 12 SP3x86_64perl-5.18.2-12.14.1perl-base-debuginfo-5.18.2-12.14.1perl-debuginfo-32bit-5.18.2-12.14.1perl-32bit-5.18.2-12.14.1perl-base-5.18.2-12.14.1perl-debugsource-5.18.2-12.14.1perl-debuginfo-5.18.2-12.14.1

    noarchperl-doc-5.18.2-12.14.1

  • SuSE SLES 12 SP3noarchperl-doc-5.18.2-12.14.1

    x86_64perl-5.18.2-12.14.1perl-base-debuginfo-5.18.2-12.14.1perl-debuginfo-32bit-5.18.2-12.14.1perl-32bit-5.18.2-12.14.1perl-base-5.18.2-12.14.1perl-debugsource-5.18.2-12.14.1perl-debuginfo-5.18.2-12.14.1

    146864 - SuSE Linux 42.3 openSUSE-SU-2018:1962-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-7167

    DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1962-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.opensuse.org/opensuse-updates/2018-07/msg00034.html

    SuSE Linux 42.3i586nodejs6-6.14.3-12.1npm6-6.14.3-12.1nodejs6-debugsource-6.14.3-12.1nodejs6-devel-6.14.3-12.1nodejs6-debuginfo-6.14.3-12.1

    noarchnodejs6-docs-6.14.3-12.1

    x86_64nodejs6-6.14.3-12.1npm6-6.14.3-12.1nodejs6-debugsource-6.14.3-12.1nodejs6-devel-6.14.3-12.1nodejs6-debuginfo-6.14.3-12.1

    146865 - SuSE Linux 15.0, 42.3 openSUSE-SU-2018:1924-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-3761, CVE-2018-3762

    DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1924-1

  • ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.opensuse.org/opensuse-updates/2018-07/msg00023.html

    SuSE Linux 15.0noarchnextcloud-13.0.4-lp150.2.3.1

    SuSE Linux 42.3noarchnextcloud-13.0.4-9.1

    146866 - SuSE Linux 15.0 openSUSE-SU-2018:1958-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-17833

    DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1958-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.opensuse.org/opensuse-updates/2018-07/msg00030.html

    SuSE Linux 15.0x86_64openslp-debuginfo-2.0.0-lp150.5.3.1openslp-32bit-2.0.0-lp150.5.3.1openslp-debugsource-2.0.0-lp150.5.3.1openslp-2.0.0-lp150.5.3.1openslp-server-2.0.0-lp150.5.3.1openslp-32bit-debuginfo-2.0.0-lp150.5.3.1openslp-devel-2.0.0-lp150.5.3.1openslp-server-debuginfo-2.0.0-lp150.5.3.1

    i586openslp-debuginfo-2.0.0-lp150.5.3.1openslp-debugsource-2.0.0-lp150.5.3.1openslp-2.0.0-lp150.5.3.1openslp-server-2.0.0-lp150.5.3.1openslp-devel-2.0.0-lp150.5.3.1openslp-server-debuginfo-2.0.0-lp150.5.3.1

    146869 - SuSE Linux 15.0 openSUSE-SU-2018:1955-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-10995

  • DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1955-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.opensuse.org/opensuse-updates/2018-07/msg00027.html

    SuSE Linux 15.0x86_64perl-slurm-17.11.7-lp150.5.7.1slurm-slurmdbd-17.11.7-lp150.5.7.1slurm-sview-debuginfo-17.11.7-lp150.5.7.1slurm-seff-17.11.7-lp150.5.7.1slurm-node-debuginfo-17.11.7-lp150.5.7.1slurm-doc-17.11.7-lp150.5.7.1libpmi0-17.11.7-lp150.5.7.1slurm-torque-17.11.7-lp150.5.7.1slurm-sjstat-17.11.7-lp150.5.7.1slurm-pam_slurm-debuginfo-17.11.7-lp150.5.7.1slurm-node-17.11.7-lp150.5.7.1libslurm32-debuginfo-17.11.7-lp150.5.7.1slurm-plugins-17.11.7-lp150.5.7.1slurm-debuginfo-17.11.7-lp150.5.7.1slurm-slurmdbd-debuginfo-17.11.7-lp150.5.7.1slurm-sql-17.11.7-lp150.5.7.1slurm-plugins-debuginfo-17.11.7-lp150.5.7.1slurm-pam_slurm-17.11.7-lp150.5.7.1slurm-17.11.7-lp150.5.7.1slurm-torque-debuginfo-17.11.7-lp150.5.7.1slurm-munge-17.11.7-lp150.5.7.1slurm-munge-debuginfo-17.11.7-lp150.5.7.1slurm-auth-none-debuginfo-17.11.7-lp150.5.7.1slurm-lua-debuginfo-17.11.7-lp150.5.7.1libslurm32-17.11.7-lp150.5.7.1slurm-config-17.11.7-lp150.5.7.1libpmi0-debuginfo-17.11.7-lp150.5.7.1perl-slurm-debuginfo-17.11.7-lp150.5.7.1slurm-sql-debuginfo-17.11.7-lp150.5.7.1slurm-auth-none-17.11.7-lp150.5.7.1slurm-sview-17.11.7-lp150.5.7.1slurm-openlava-17.11.7-lp150.5.7.1slurm-debugsource-17.11.7-lp150.5.7.1slurm-lua-17.11.7-lp150.5.7.1slurm-devel-17.11.7-lp150.5.7.1

    160432 - CentOS 7 CESA-2018-2181 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020

    DescriptionThe scan detected that the host is missing the following update:CESA-2018-2181

  • ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.centos.org/pipermail/centos-announce/2018-July/022963.html

    CentOS 7x86_64gnupg2-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5

    160437 - CentOS 6 CESA-2018-2180 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020

    DescriptionThe scan detected that the host is missing the following update:CESA-2018-2180

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.centos.org/pipermail/centos-announce/2018-July/022966.html

    CentOS 6x86_64gnupg2-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10

    i686gnupg2-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10

    160438 - CentOS 6 CESA-2018-2164 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2018-10675, CVE-2018-10872, CVE-2018-3639, CVE-2018-3665

    DescriptionThe scan detected that the host is missing the following update:CESA-2018-2164

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.centos.org/pipermail/centos-announce/2018-July/022968.html

    CentOS 6i686

  • kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6

    noarchkernel-doc-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-abi-whitelists-2.6.32-754.2.1.el6

    x86_64kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6

    163660 - Oracle Enterprise Linux ELSA-2018-2181 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020

    DescriptionThe scan detected that the host is missing the following update:ELSA-2018-2181

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://oss.oracle.com/pipermail/el-errata/2018-July/007879.html

    OEL7x86_64gnupg2-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5

    163662 - Oracle Enterprise Linux ELSA-2018-4172 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2015-8575, CVE-2017-11600, CVE-2017-17741, CVE-2017-7616, CVE-2017-8824, CVE-2018-10087, CVE-2018-10124, CVE-2018-1130

    DescriptionThe scan detected that the host is missing the following update:ELSA-2018-4172

    ObservationUpdates often remediate critical security problems that should be quickly addressed.

  • For more information see:

    http://oss.oracle.com/pipermail/el-errata/2018-July/007888.html

    OEL6x86_64kernel-uek-debug-2.6.39-400.300.2.el6uekkernel-uek-2.6.39-400.300.2.el6uekkernel-uek-firmware-2.6.39-400.300.2.el6uekkernel-uek-debug-devel-2.6.39-400.300.2.el6uekkernel-uek-devel-2.6.39-400.300.2.el6uekkernel-uek-doc-2.6.39-400.300.2.el6uek

    i386kernel-uek-debug-2.6.39-400.300.2.el6uekkernel-uek-2.6.39-400.300.2.el6uekkernel-uek-firmware-2.6.39-400.300.2.el6uekkernel-uek-debug-devel-2.6.39-400.300.2.el6uekkernel-uek-devel-2.6.39-400.300.2.el6uekkernel-uek-doc-2.6.39-400.300.2.el6uek

    163663 - Oracle Enterprise Linux ELSA-2018-2164 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-10675, CVE-2018-10872, CVE-2018-3639, CVE-2018-3665

    DescriptionThe scan detected that the host is missing the following update:ELSA-2018-2164

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://oss.oracle.com/pipermail/el-errata/2018-July/007874.html

    OEL6x86_64kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-doc-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6kernel-abi-whitelists-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6

    i386kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-doc-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6

  • kernel-abi-whitelists-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6

    163664 - Oracle Enterprise Linux ELSA-2018-2180 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020

    DescriptionThe scan detected that the host is missing the following update:ELSA-2018-2180

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://oss.oracle.com/pipermail/el-errata/2018-July/007880.html

    OEL6x86_64gnupg2-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10

    i386gnupg2-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10

    175421 - Scientific Linux Security ERRATA Important: gnupg2 on SL6.x i386/x86_64 (1807-6667)

    Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2018-12020

    DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: gnupg2 on SL6.x i386/x86_64 (1807-6667)

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=6667

    SL6x86_64gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10

    i386gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10

  • 175422 - Scientific Linux Security ERRATA Important: gnupg2 on SL7.x x86_64 (1807-6995)

    Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2018-12020

    DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: gnupg2 on SL7.x x86_64 (1807-6995)

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=6995

    SL7x86_64gnupg2-2.0.22-5.el7_5gnupg2-debuginfo-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5

    193920 - Fedora Linux 27 FEDORA-2018-4197fff086 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-9258, CVE-2017-9259, CVE-2017-9260

    DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-4197fff086

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1

    Fedora Core 27

    soundtouch-2.0.0-3.fc27

    193924 - Fedora Linux 28 FEDORA-2018-50075276e8 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-10322, CVE-2018-10323, CVE-2018-10840, CVE-2018-10853, CVE-2018-1108, CVE-2018-1120, CVE-2018-11506, CVE-2018-12232, CVE-2018-12633, CVE-2018-12714, CVE-2018-12896, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-13405, CVE-2018-13406, CVE-2018-3639

    DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-50075276e8

  • ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2

    Fedora Core 28

    kernel-4.17.5-200.fc28

    193928 - Fedora Linux 28 FEDORA-2018-57779d51c1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-0500, CVE-2018-1000300, CVE-2018-1000301

    DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-57779d51c1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1

    Fedora Core 28

    curl-7.59.0-5.fc28

    193929 - Fedora Linux 28 FEDORA-2018-93a43993aa Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-9258, CVE-2017-9259, CVE-2017-9260

    DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-93a43993aa

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1

    Fedora Core 28

    soundtouch-2.0.0-3.fc28

    193933 - Fedora Linux 27 FEDORA-2018-8484550fff Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: High

  • CVE: CVE-2017-1000405, CVE-2017-12193, CVE-2017-15115, CVE-2017-16532, CVE-2017-16538, CVE-2017-16644, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17712, CVE-2017-17741, CVE-2017-17852, CVE-2017-17853, CVE-2017-17854, CVE-2017-17855, CVE-2017-17856, CVE-2017-17857, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864, CVE-2017-18232, CVE-2017-8824, CVE-2018-1000004,CVE-2018-1000026, CVE-2018-10021, CVE-2018-10322, CVE-2018-10323, CVE-2018-1065, CVE-2018-10840, CVE-2018-10853, CVE-2018-1108, CVE-2018-1120, CVE-2018-11506, CVE-2018-12232, CVE-2018-12633, CVE-2018-12714, CVE-2018-12896, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-13405, CVE-2018-13406, CVE-2018-3639, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344, CVE-2018-5750, CVE-2018-5803, CVE-2018-7757, CVE-2018-7995,CVE-2018-8043

    DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-8484550fff

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2

    Fedora Core 27

    kernel-4.17.5-100.fc27

    193942 - Fedora Linux 28 FEDORA-2018-d82a45d9ab Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-10322, CVE-2018-10323, CVE-2018-10840, CVE-2018-10853, CVE-2018-1108, CVE-2018-1120, CVE-2018-11506, CVE-2018-12232, CVE-2018-12633, CVE-2018-12714, CVE-2018-3639

    DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-d82a45d9ab

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2

    Fedora Core 28

    kernel-tools-4.17.4-200.fc28kernel-4.17.4-200.fc28

    196040 - Red Hat Enterprise Linux RHSA-2018-2181 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020

    DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2181

  • ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://www.redhat.com/archives/rhsa-announce/2018-July/msg00018.html

    RHEL7Dx86_64gnupg2-2.0.22-5.el7_5gnupg2-debuginfo-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5

    RHEL7Sx86_64gnupg2-2.0.22-5.el7_5gnupg2-debuginfo-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5

    RHEL7WSx86_64gnupg2-2.0.22-5.el7_5gnupg2-debuginfo-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5

    196043 - Red Hat Enterprise Linux RHSA-2018-2180 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020

    DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2180

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://www.redhat.com/archives/rhsa-announce/2018-July/msg00017.html

    RHEL6Dx86_64gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10

    i386gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10

    RHEL6Si386gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10

  • x86_64gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10

    RHEL6WSx86_64gnupg2-2.0.14-9.el6_10gnupg2-debuginfo-2.0.14-9.el6_10

    i386gnupg2-2.0.14-9.el6_10gnupg2-debuginfo-2.0.14-9.el6_10

    23778 - Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability (sa-20180620-nxos-rbaccess)

    Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: MediumCVE: CVE-2018-0337

    DescriptionA vulnerability is present in some versions of Cisco NX-OS.

    ObservationCisco NX-OS is a network operating system.

    A vulnerability is present in some versions of Cisco NX-OS. The flaw lies in the role-based access control (RBAC) component. Successful exploitation could allow an attacker to locally execute arbitrary code on the target system.

    23859 - Joomla! PHP 5.3 Local File Inclusion Vulnerability (20180601)

    Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: MediumCVE: CVE-2018-12712

    DescriptionA vulnerability is present in some versions of Joomla!.

    ObservationJoomla! is an open source content management system.

    A vulnerability is present in some versions of Joomla!. The flaw is due to an inadequate validation of classnames. Successful exploitation could allow an attacker to local file inclusion on the target system.

    23892 - Oracle Java SE Critical Patch Update July 2018

    Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-2938, CVE-2018-2940, CVE-2018-2941, CVE-2018-2942, CVE-2018-2952, CVE-2018-2964, CVE-2018-2972,CVE-2018-2973

    Description

  • Multiple vulnerabilities are present in some versions of Oracle Java SE.

    ObservationOracle Java SE is used to run Java applications.

    Multiple vulnerabilities are present in some versions of Oracle Java SE. The flaws lie in multiple components. Successful exploitation could allow an attacker to elevate its privilege, disclose private information or cause a denial of service condition.

    131152 - Debian Linux 9.0 DSA-4245-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2018-11251, CVE-2018-12599, CVE-2018-12600, CVE-2018-5248

    DescriptionThe scan detected that the host is missing the following update:DSA-4245-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://www.debian.org/security/2018/dsa-4245

    Debian 9.0allimagemagick_8:6.9.7.4+dfsg-11+deb9u5

    135205 - Oracle Solaris 11.3.34.4.0 Update Is Not Installed (CVE-2018-1171)

    Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1171

    DescriptionThe scan detected that the host is missing the following update:SRU 11.3.34.4.0

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://support.oracle.com/epmos/faces/DocumentDisplay?id=2419155.1&_adf.ctrl-state=19c95xvm8y_4&_afrLoop=331578995839425

    139096 - Oracle Solaris 11.3.34.4.0 Update Is Not Installed (Third Party Components)

    Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: MediumCVE: CVE-2017-12613, CVE-2017-17969, CVE-2017-7418, CVE-2018-1000021, CVE-2018-10115, CVE-2018-11233, CVE-2018-11235, CVE-2018-1171, CVE-2018-12020, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-2926, CVE-2018-2928, CVE-2018-5156, CVE-2018-5188, CVE-2018-5996, CVE-2018-6126

  • DescriptionThe scan detected that the host is missing the following update:SRU 11.3.34.4.0

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://support.oracle.com/rs?type=doc&id=2421850.1https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=507462766511768&id=1448883.1&_afrWindowMode=0&_adf.ctrl-state=98kg3qcn0_33#aref_section26

    146861 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1950-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-1000422

    DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1950-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.suse.com/pipermail/sle-security-updates/2018-July/004273.html

    SuSE SLED 12 SP3x86_64libgdk_pixbuf-2_0-0-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.11.1libgdk_pixbuf-2_0-0-2.34.0-19.11.1gdk-pixbuf-query-loaders-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.11.1libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.11.1gdk-pixbuf-debugsource-2.34.0-19.11.1typelib-1_0-GdkPixbuf-2_0-2.34.0-19.11.1libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-2.34.0-19.11.1

    noarchgdk-pixbuf-lang-2.34.0-19.11.1

    SuSE SLES 12 SP3noarchgdk-pixbuf-lang-2.34.0-19.11.1

    x86_64libgdk_pixbuf-2_0-0-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.11.1libgdk_pixbuf-2_0-0-2.34.0-19.11.1gdk-pixbuf-query-loaders-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.11.1libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.11.1gdk-pixbuf-debugsource-2.34.0-19.11.1typelib-1_0-GdkPixbuf-2_0-2.34.0-19.11.1

  • libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-2.34.0-19.11.1

    146862 - SuSE Linux 15.0 openSUSE-SU-2018:1961-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-11337, CVE-2017-11338, CVE-2017-11339, CVE-2017-11340, CVE-2017-11553, CVE-2017-11591, CVE-2017-11592, CVE-2017-11683, CVE-2017-12955, CVE-2017-12956, CVE-2017-12957, CVE-2017-14859, CVE-2017-14860, CVE-2017-14862, CVE-2017-14864

    DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1961-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.opensuse.org/opensuse-updates/2018-07/msg00033.html

    SuSE Linux 15.0i586libexiv2-devel-0.26-lp150.5.3.1exiv2-0.26-lp150.5.3.1exiv2-debugsource-0.26-lp150.5.3.1libexiv2-26-0.26-lp150.5.3.1exiv2-debuginfo-0.26-lp150.5.3.1libexiv2-doc-0.26-lp150.5.3.1libexiv2-26-debuginfo-0.26-lp150.5.3.1

    noarchexiv2-lang-0.26-lp150.5.3.1

    x86_64libexiv2-devel-0.26-lp150.5.3.1exiv2-0.26-lp150.5.3.1exiv2-debugsource-0.26-lp150.5.3.1libexiv2-26-32bit-debuginfo-0.26-lp150.5.3.1libexiv2-26-0.26-lp150.5.3.1libexiv2-26-32bit-0.26-lp150.5.3.1exiv2-debuginfo-0.26-lp150.5.3.1libexiv2-doc-0.26-lp150.5.3.1libexiv2-26-debuginfo-0.26-lp150.5.3.1

    146868 - SuSE Linux 15.0 openSUSE-SU-2018:1953-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10392

    DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1953-1

    Observation

  • Updates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.opensuse.org/opensuse-updates/2018-07/msg00025.html

    SuSE Linux 15.0i586libvorbisfile3-debuginfo-1.3.6-lp150.3.3.1libvorbis-devel-1.3.6-lp150.3.3.1libvorbisfile3-1.3.6-lp150.3.3.1libvorbisenc2-debuginfo-1.3.6-lp150.3.3.1libvorbisenc2-1.3.6-lp150.3.3.1libvorbis0-1.3.6-lp150.3.3.1libvorbis0-debuginfo-1.3.6-lp150.3.3.1libvorbis-debugsource-1.3.6-lp150.3.3.1

    noarchlibvorbis-doc-1.3.6-lp150.3.3.1

    x86_64libvorbis-devel-32bit-1.3.6-lp150.3.3.1libvorbis0-1.3.6-lp150.3.3.1libvorbisfile3-32bit-debuginfo-1.3.6-lp150.3.3.1libvorbis-debugsource-1.3.6-lp150.3.3.1libvorbis-devel-1.3.6-lp150.3.3.1libvorbisfile3-debuginfo-1.3.6-lp150.3.3.1libvorbisenc2-debuginfo-1.3.6-lp150.3.3.1libvorbis0-32bit-debuginfo-1.3.6-lp150.3.3.1libvorbisfile3-32bit-1.3.6-lp150.3.3.1libvorbisenc2-1.3.6-lp150.3.3.1libvorbisenc2-32bit-1.3.6-lp150.3.3.1libvorbis0-32bit-1.3.6-lp150.3.3.1libvorbis0-debuginfo-1.3.6-lp150.3.3.1libvorbisfile3-1.3.6-lp150.3.3.1libvorbisenc2-32bit-debuginfo-1.3.6-lp150.3.3.1

    146870 - SuSE Linux 15.0 openSUSE-SU-2018:1956-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-11613, CVE-2017-18013, CVE-2018-10963, CVE-2018-7456, CVE-2018-8905

    DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1956-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.opensuse.org/opensuse-updates/2018-07/msg00028.html

    SuSE Linux 15.0x86_64tiff-debuginfo-4.0.9-lp150.4.3.1libtiff-devel-32bit-4.0.9-lp150.4.3.1libtiff5-4.0.9-lp150.4.3.1tiff-4.0.9-lp150.4.3.1

  • libtiff5-debuginfo-4.0.9-lp150.4.3.1libtiff5-32bit-debuginfo-4.0.9-lp150.4.3.1libtiff5-32bit-4.0.9-lp150.4.3.1libtiff-devel-4.0.9-lp150.4.3.1tiff-debugsource-4.0.9-lp150.4.3.1

    i586tiff-debuginfo-4.0.9-lp150.4.3.1libtiff5-4.0.9-lp150.4.3.1tiff-4.0.9-lp150.4.3.1libtiff5-debuginfo-4.0.9-lp150.4.3.1libtiff-devel-4.0.9-lp150.4.3.1tiff-debugsource-4.0.9-lp150.4.3.1

    132471 - Oracle VM OVMSA-2018-0239 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: MediumCVE: CVE-2012-6085, CVE-2013-4351, CVE-2013-4402, CVE-2018-12020

    DescriptionThe scan detected that the host is missing the following update:OVMSA-2018-0239

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000876.htmlhttp://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000875.html

    OVM3.3x86_64gnupg2-2.0.14-9.el6_10

    OVM3.4x86_64gnupg2-2.0.14-9.el6_10

    146863 - SuSE Linux 15.0 openSUSE-SU-2018:1963-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1000168, CVE-2018-7161, CVE-2018-7167

    DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1963-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.opensuse.org/opensuse-updates/2018-07/msg00035.html

    SuSE Linux 15.0

  • i586nodejs8-debuginfo-8.11.3-lp150.2.3.1nodejs8-devel-8.11.3-lp150.2.3.1nodejs8-debugsource-8.11.3-lp150.2.3.1nodejs8-8.11.3-lp150.2.3.1npm8-8.11.3-lp150.2.3.1

    noarchnodejs8-docs-8.11.3-lp150.2.3.1

    x86_64nodejs8-debuginfo-8.11.3-lp150.2.3.1nodejs8-devel-8.11.3-lp150.2.3.1nodejs8-debugsource-8.11.3-lp150.2.3.1nodejs8-8.11.3-lp150.2.3.1npm8-8.11.3-lp150.2.3.1

    160434 - CentOS 7 CESA-2018-2123 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: MediumCVE: CVE-2016-2183

    DescriptionThe scan detected that the host is missing the following update:CESA-2018-2123

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.centos.org/pipermail/centos-announce/2018-July/022964.html

    CentOS 7x86_64python-test-2.7.5-69.el7_5python-2.7.5-69.el7_5tkinter-2.7.5-69.el7_5python-libs-2.7.5-69.el7_5python-devel-2.7.5-69.el7_5python-tools-2.7.5-69.el7_5python-debug-2.7.5-69.el7_5

    i686python-libs-2.7.5-69.el7_5

    182734 - FreeBSD SQLite Corrupt DB Can Cause A NULL Pointer Dereference (c1630aa3-7970-11e8-8634-dcfe074bd614)

    Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2018-8740

    DescriptionThe scan detected that the host is missing the following update:SQLite -- Corrupt DB can cause a NULL pointer dereference (c1630aa3-7970-11e8-8634-dcfe074bd614)

  • ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://www.vuxml.org/freebsd/c1630aa3-7970-11e8-8634-dcfe074bd614.html

    Affected packages: upp NonIntrusive -> AIX Patches and HotfixesRisk Level: MediumCVE: CVE-2018-0737

    DescriptionA vulnerability is present in some versions of IBM AIX.

    ObservationAIX is a Unix-like operating system developed by IBM.

    A vulnerability is present in some versions of IBM AIX. The flaw lies in OpenSSL. Successful exploitation could allow an attacker to obtain sensitive information.

    23861 - (SB10240) McAfee ePolicy Orchestrator Multiple Vulnerabilities

    Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-6671, CVE-2018-6672

    DescriptionMultiple vulnerabilities are present in some versions of McAfee ePolicy Orchestrator.

    ObservationMcAfee ePolicy Orchestrator (ePO) is widely acknowledged as the most advanced and scalable security management software.

    Multiple vulnerabilities are present in some versions of McAfee ePolicy Orchestrator. The flaws lie in unspecified components. Successful exploitation could allow an attacker to retrieve sensitive data or bypass security access restrictions in the target system.

    131150 - Debian Linux 9.0 DSA-4247-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1000119

    DescriptionThe scan detected that the host is missing the following update:DSA-4247-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

  • http://www.debian.org/security/2018/dsa-4247

    Debian 9.0allruby-rack-protection_1.5.3-2+deb9u1

    132472 - Oracle VM OVMSA-2018-0238 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: MediumCVE: CVE-2016-9603, CVE-2017-13672, CVE-2017-15289, CVE-2017-2633, CVE-2017-5715, CVE-2017-7718, CVE-2017-7980,CVE-2018-3639, CVE-2018-5683, CVE-2018-7858

    DescriptionThe scan detected that the host is missing the following update:OVMSA-2018-0238

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000873.html

    OVM3.4x86_64qemu-img-0.12.1.2-2.506.el6_10.1

    146867 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1935-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-3639, CVE-2018-3640

    DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1935-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.suse.com/pipermail/sle-security-updates/2018-July/004257.html

    SuSE SLED 12 SP3x86_64ucode-intel-debuginfo-20180703-13.25.1ucode-intel-debugsource-20180703-13.25.1ucode-intel-20180703-13.25.1

    SuSE SLES 12 SP3x86_64ucode-intel-debuginfo-20180703-13.25.1ucode-intel-debugsource-20180703-13.25.1ucode-intel-20180703-13.25.1

  • 160435 - CentOS 6 CESA-2018-2162 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: MediumCVE: CVE-2017-13672, CVE-2018-3639, CVE-2018-5683, CVE-2018-7858

    DescriptionThe scan detected that the host is missing the following update:CESA-2018-2162

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://lists.centos.org/pipermail/centos-announce/2018-July/022967.html

    CentOS 6x86_64qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1

    i686qemu-guest-agent-0.12.1.2-2.506.el6_10.1

    163661 - Oracle Enterprise Linux ELSA-2018-2162 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2016-9603, CVE-2017-13672, CVE-2017-15289, CVE-2017-2633, CVE-2017-5715, CVE-2017-7718, CVE-2017-7980,CVE-2018-3639, CVE-2018-5683, CVE-2018-7858

    DescriptionThe scan detected that the host is missing the following update:ELSA-2018-2162

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://oss.oracle.com/pipermail/el-errata/2018-July/007876.html

    OEL6x86_64qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1

    i386qemu-guest-agent-0.12.1.2-2.506.el6_10.1

    186305 - Ubuntu Linux 14.04, 16.04, 17.10, 18.04 USN-3717-1 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes

  • Risk Level: MediumCVE: CVE-2015-3218, CVE-2015-3255, CVE-2015-4625, CVE-2018-1116

    DescriptionThe scan detected that the host is missing the following update:USN-3717-1

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004498.html

    Ubuntu 16.04

    libpolkit-backend-1-0_0.105-14.1ubuntu0.1

    Ubuntu 14.04

    libpolkit-backend-1-0_0.105-4ubuntu3.14.04.2

    Ubuntu 18.04

    libpolkit-backend-1-0_0.105-20ubuntu0.18.04.1

    Ubuntu 17.10

    libpolkit-backend-1-0_0.105-18ubuntu0.1

    193911 - Fedora Linux 27 FEDORA-2018-50d055a5af Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1000002, CVE-2018-1110

    DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-50d055a5af

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2

    Fedora Core 27

    knot-resolver-2.4.0-1.fc27

    193926 - Fedora Linux 27 FEDORA-2018-cdccabb23d Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-13049, CVE-2018-7563

  • DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-cdccabb23d

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2

    Fedora Core 27

    glpi-9.1.7.1-3.fc27

    196041 - Red Hat Enterprise Linux RHSA-2018-2171 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-3639

    DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2171

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://www.redhat.com/archives/rhsa-announce/2018-July/msg00013.html

    RHEL5_9Si386kernel-PAE-devel-2.6.18-348.40.1.el5kernel-debug-devel-2.6.18-348.40.1.el5kernel-debuginfo-2.6.18-348.40.1.el5kernel-PAE-2.6.18-348.40.1.el5kernel-debuginfo-common-2.6.18-348.40.1.el5kernel-2.6.18-348.40.1.el5kernel-debug-2.6.18-348.40.1.el5kernel-devel-2.6.18-348.40.1.el5kernel-xen-debuginfo-2.6.18-348.40.1.el5kernel-xen-2.6.18-348.40.1.el5kernel-headers-2.6.18-348.40.1.el5kernel-xen-devel-2.6.18-348.40.1.el5kernel-debug-debuginfo-2.6.18-348.40.1.el5kernel-PAE-debuginfo-2.6.18-348.40.1.el5

    noarchkernel-doc-2.6.18-348.40.1.el5

    x86_64kernel-debug-devel-2.6.18-348.40.1.el5kernel-debug-debuginfo-2.6.18-348.40.1.el5kernel-2.6.18-348.40.1.el5kernel-headers-2.6.18-348.40.1.el5kernel-xen-devel-2.6.18-348.40.1.el5kernel-debuginfo-common-2.6.18-348.40.1.el5

  • kernel-xen-2.6.18-348.40.1.el5kernel-xen-debuginfo-2.6.18-348.40.1.el5kernel-debug-2.6.18-348.40.1.el5kernel-devel-2.6.18-348.40.1.el5kernel-debuginfo-2.6.18-348.40.1.el5

    196044 - Red Hat Enterprise Linux RHSA-2018-2172 Update Is Not Installed

    Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-14106, CVE-2018-3639

    DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2172

    ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

    http://www.redhat.com/archives/rhsa-announce/2018-July/msg00012.html

    RHEL5i386kernel-PAE-2.6.18-433.el5kernel-debug-2.6.18-433.el5kernel-headers-2.6.18-433.el5kernel-2.6.18-433.el5kernel-debuginfo-2.6.18-433.el5kernel-debuginfo-common-2.6.18-433.el5kernel-debug-debuginfo-2.6.18-433.el5kernel-debug-devel-2.6.18-433.el5kernel-xen-debuginfo-2.6.18-433.el5kernel-PAE-debuginfo-2.6.18-433.el5kernel-devel-2.6.18-433.el5kernel-xen-2.6.18-433.el5kernel-PAE-devel-2.6.18-433.el5kernel-xen-devel-2.6.18-433.el5

    noarchkernel-doc-2.6.18-433.el5

    x86_64kernel-debug-2.6.18-433.el5kernel-debug-devel-2.6.18-433.el5kernel-xen-devel-2.6.18-433.el5kernel-xen-2.6.18-433.el5kernel-xen-debuginfo-2.6.18-433.el5kernel-debug-debuginfo-2.6.18-433.el5kernel-2.6.18-433.el5kernel-devel-2.6.18-433.el5kernel-debuginfo-2.6.18-433.el5kernel-debuginfo-common-2.6.18-433.el5kernel-headers-2.6.18-433.el5

    23800 - Novell iManager Vulnerabilities Prior To 3.1.1

    Category: General Vulnerability Assessment -> NonIntrusive -> Web Server

  • Risk Level: LowCVE: CVE-2018-12462

    DescriptionA vulnerability is present in some versions of Novell (NetIQ) iManager.

    ObservationNovell iManager is a web-based administration console.

    A vulnerability is present in some versions of Novell (NetIQ) iManager. The flaw affects the original release of iManager 3.1. Successful exploitation could allow an attacker to cause unspecified impacts.

    23877 - IBM WebSphere MQ Information Disclosure Vulnerability (swg22013020)

    Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: LowCVE: CVE-2016-0702

    DescriptionA vulnerability is present in some versions of IBM WebSphere MQ.

    ObservationIBM WebSphere MQ is a popular cross platform messaging system.

    A vulnerability is pr

    Local Diskfsl_07_19_2018


Foundstone Scanner

McAfee Guide to Implementing the 10 Steps to Cyber … · • Training, certification, and ... McAfee ® Foundstone ... 6 McAfee Guide to Implementing the 10 Steps to Cyber Security

McAfee Foundstone FSL Update€¦ · WECON LeviStudio is an HMI programming software. Multiple vulnerabilities are present in some versions of WECON LeviStudio. ... exploitation could

Confidential and Proprietary Copyright ©2004 Foundstone, Inc. All Rights Reserved »Foundstone Enterprise 4.0 Detailed Product Presentation

MCAFEE FOUNDSTONE FSL UPDATE 2019-JUN-19 · 2019. 6. 22. · 2019-JUN-19 FSL version 7.6.116 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this

MCAFEE FOUNDSTONE FSL UPDATE 2017-DEC-20 · MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite

McAfee Foundstone FSL Update · mariadb-client-10.1_10.1.37-0+deb9u1 libmariadbclient18_10.1.37-0+deb9u1 mariadb-plugin-cracklib-password-check_10.1.37-0+deb9u1 mariadb-common_10.1.37-0+deb9u1

McAfee Foundstone FSL Update · 88971 - Slackware Linux 14.0, 14.1, 14.2 SSA:2018-229-02 Update Is Not Installed. Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes

McAfee Foundstone FSL Update · CVE: CVE-2013-4786 Description A vulnerability is present in some versions of HPE Integrated Lights-Out. Observation HPE Integrated Lights-Out is a

McAfee Foundstone FSL Update Photoshop CC is a product for media editing and management. A vulnerability is present in some versions of Adobe Photoshop CC. The flaw is due to heap

McAfee Foundstone FSL Update · 144981 - SuSE Linux 13.2 openSUSE-SU-2016:2730-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level:

MCAFEE FOUNDSTONE FSL UPDATE 2017-DEC-13€¦ · MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update ... //lists.fedoraproject.org/archives/list/package-announce

McAfee Foundstone FSL Update...141385 - Red Hat Enterprise Linux RHSA-2016-2947 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and

McAfee Foundstone FSL Update...2018-OCT-31 FSL version 7.6.64 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone

2018-JUL-1 FSL version 7.6 - McAfee · 175417 - Scientific Linux Security ERRATA Critical: firefox on SL6.x i386/x86_64 (1807-3912) Category: SSH Module -> NonIntrusive -> Scientific

McAfee Foundstone FSL Update...2016-DEC-07 FSL version 7.5.870 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone

MCAFEE FOUNDSTONE FSL UPDATE 2017-SEP-28 · MCAFEE FOUNDSTONE FSL UPDATE ... InduSoft Web Studio is a tool to build SCADA (Supervisory Control And Data Acquisition) or HMI (Human-Machine

Foundstone Enterprise 4.0 Detailed Product Presentation

McAfee Foundstone FSL Update · A vulnerability in some versions of Microsoft Windows Subsystem for Linux could lead to privilege escalation. Observation A vulnerability in some versions

McAfee Foundstone FSL Update · AVEVA InTouch EDge HMI is a tool to build SCADA, HMI applications. Multiple vulnerabilities are present in some versions of AVEVA InTouch Edge HMI

McAfee Application Control McAfee Embedded Control McAfee ... · McAfee Embedded Control McAfee Integrity Control. McAfee Embedded Security . Enhanced Security for Today's ... of

For use with the McAfee SecurityCenter · For use with the McAfee SecurityCenter. ... ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore, Foundstone, Policy Lab, ... Frequently

McAfee Foundstone FSL Update · php-symfony-var-dumper_2.8.7+dfsg-1.3+deb9u1 146923 - SuSE SLED 15 SUSE-SU-2018:2223-1 Update Is Not Installed Category: SSH Module -> NonIntrusive

McAfee Foundstone FSL Update · 2019. 6. 22. · 2018-JUN-20 FSL version 7.6.32 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update

 · 2016-JUN-14 FSL version 7.5.827 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The

McAfee Foundstone FSL Update€¦ · 2016-NOV-17 FSL version 7.5.866 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the

MCAFEE FOUNDSTONE FSL UPDATE 2017-NOV-08 · 22658 - Oracle JDeveloper Critical Patch Update October 2017 ... MCAFEE FOUNDSTONE FSL UPDATE. RHEL6D x86_64 chromium-browser-debuginfo-62.0.3202.89-1.el6_9

MCAFEE FOUNDSTONE FSL UPDATE 2017-OCT-11 · MCAFEE FOUNDSTONE FSL UPDATE ... Adobe RoboHelp is a tool used to create help document. Multiple vulnerabilities are present in Adobe RoboHelp

Data Security for Mass Notification in Higher · PDF fileform has been awarded a AAA security certification from Foundstone Professional Services, a division of McAfee, Inc. Foundstone

Administrative Domain Configuration Guide · AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), ... Sending

3.0.0 McAfee Security for Microsoft SharePoint...McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM,

McAfee Guide to Implementing the 10 Steps to Cyber Security · 4 McAfee Guide to Implementing the 10 Steps to Cyber Security McAfee Foundstone Services, as part of a strategic security

MCAFEE FOUNDSTONE FSL UPDATE 2018-DEC-20 · Apple iOS is the operating system used by Apple iPhone, iPad, and iPod touch. Multiple vulnerabilities are present in some versions of

Foundstone scq cypherpath

McAfee Foundstone FSL Update · 23242 - (K38243073) F5 BIG-IP BIG-IP ASM Data Processing Vulnerability Category: SSH Module -> NonIntrusive -> F5 Risk Level: High CVE: CVE-2017-6154