mcafee foundstone fsl update · 2019. 6. 22. · 2018-jul-19 fsl version 7.6.37 mcafee foundstone...
TRANSCRIPT
-
2018-JUL-19FSL version 7.6.37
MCAFEE FOUNDSTONE FSL UPDATE
To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is adetailed summary of the new and updated checks included with this release.
NEW CHECKS
23785 - Schneider Electric U.motion Builder Multiple Vulnerabilities (ICSA-18-163-01)
Category: General Vulnerability Assessment -> NonIntrusive -> SCADARisk Level: HighCVE: CVE-2018-7784, CVE-2018-7785, CVE-2018-7786, CVE-2018-7787
DescriptionMultiple vulnerabilities are present in some versions of Schneider Electric U.motion Builder.
ObservationSchneider Electric U.motion Builder is a tool used for creation of project for U.motion devices.
Multiple vulnerabilities are present in some versions of Schneider Electric U.motion Builder. The flaws lie in multiple components. Successful exploitation could allow an attacker to bypass authentication mechanism, disclose sensitive information, execute arbitrary code or perform unauthorized actions.
23804 - Mozilla Firefox ESR Multiple Vulnerabilities Prior To 60.1
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12371, CVE-2018-5156, CVE-2018-5187, CVE-2018-5188
DescriptionMultiple vulnerabilities are present in some versions of Mozilla Firefox ESR.
ObservationMozilla Firefox ESR is a popular web browser.
Multiple vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive information, escalate privileges, cause a denial of service condition or execute arbitrary code on the target system.
23805 - Mozilla Firefox ESR Multiple Vulnerabilities Prior To 60.1
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12371, CVE-2018-5156, CVE-2018-5187, CVE-2018-5188
-
DescriptionMultiple vulnerabilities are present in some versions of Mozilla Firefox ESR.
ObservationMozilla Firefox ESR is a popular web browser.
Multiple vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive information, escalate privileges, cause a denial of service condition or execute arbitrary code on the target system.
23836 - Mozilla Firefox Multiple Vulnerabilities Prior To 61
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188
DescriptionMultiple vulnerabilities are present in some versions of Mozilla Firefox.
ObservationMozilla Firefox is a popular web browser.
Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a exploitable denial-of-service, obtain sensitive information, engage cross-site request forgery attacks or potentially execute arbitrary remote code.
23837 - Mozilla Firefox Multiple Vulnerabilities Prior To 61
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188
DescriptionMultiple vulnerabilities are present in some versions of Mozilla Firefox.
ObservationMozilla Firefox is a popular web browser.
Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a exploitable denial-of-service, obtain sensitive information, engage cross-site request forgery attacks or potentially execute arbitrary remote code.
23865 - Cisco NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability (cisco-sa-20180620-fx-os-fabric-execution)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0314
-
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco Fabric Services component. Successful exploitation could allow an attacker to execute arbitrary code on the target system.
23875 - Cisco NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability (cisco-sa-20180620-fx-os-cli-execution)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0312
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in Cisco Fabric Services component of Cisco NX-OS software. Successful exploitation could allow a remote attacker to execute arbitrary code in the system or cause a denial of service condition.
132470 - Oracle VM OVMSA-2018-0236 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: HighCVE: CVE-2017-11600, CVE-2017-18017, CVE-2017-7616, CVE-2017-8824, CVE-2018-10087, CVE-2018-10124, CVE-2018-1130, CVE-2018-5803
DescriptionThe scan detected that the host is missing the following update:OVMSA-2018-0236
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000872.html
OVM3.4x86_64kernel-uek-4.1.12-124.17.1.el6uekkernel-uek-firmware-4.1.12-124.17.1.el6uek
182735 - FreeBSD couchdb Multiple Vulnerabilities (1e54d140-8493-11e8-a795-0028f8d09152)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2017-12635, CVE-2017-12636, CVE-2018-8007
-
DescriptionThe scan detected that the host is missing the following update:couchdb -- multiple vulnerabilities (1e54d140-8493-11e8-a795-0028f8d09152)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/1e54d140-8493-11e8-a795-0028f8d09152.html
Affected packages: couchdb < 1.7.2
23779 - Cisco NX-OS Software NX-API Privilege Escalation Vulnerability (sa-20180620-nxos-nxapi)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0330
DescriptionA vulnerability is present in some versions of Cisco NX-OS.
ObservationCisco NX-OS is a network operating system.
A vulnerability is present in some versions of Cisco NX-OS. The flaw lies in the NX-API management API. Successful exploitation could allow an attacker to escalate privileges and probably execute arbitrary code on the target system.
23781 - Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability (cisco-sa-20180620-nxos-bo)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0301
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in NX-API feature. Successful exploitation could allow a remote attacker to execute arbitrary code on the target system.
23855 - Cisco NX-OS Software NX-API Arbitrary Command Execution Vulnerability (cisco-sa-20180620-nx-os-api-execution)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0313
DescriptionA vulnerability is present in some versions of Cisco NX-OS.
-
ObservationCisco NX-OS is a network operating system.
A vulnerability is present in some versions of Cisco NX-OS. The flaw lies in the NX-API subsystem. Successful exploitation could allow an authenticated attacker to execute arbitrary commands.
23873 - Cisco NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability (cisco-sa-20180620-fxnxos-fab-ace)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0308
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco Fabric Services component. Successful exploitation could allow remote attacker to execute arbitrary code or cause a denial of service condition.
23874 - Cisco NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability (cisco-sa-20180620-fxnxos-ace)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0304
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco Fabric Services component. Successful exploitation could allow a remote attacker to execute arbitrary code, obtain sensitive information or cause a denial of service condition.
23883 - (HT208933) Apple iTunes Vulnerabilities Prior To 12.8
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267,CVE-2018-4270, CVE-2018-4271, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-4293
DescriptionMultiple vulnerabilities are present in some versions of Apple iTunes.
ObservationApple iTunes is a media management software.
-
Multiple vulnerabilities are present in some versions of Apple iTunes. The flaws lie in several components. Successful exploitation could allow an attacker to remotely execute arbitrary code or cause a denial of service condition on the target system.
33388 - Oracle Solaris 152922-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2008-2086, CVE-2009-3910
DescriptionThe scan detected that the host is missing the following update:152922-01
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://getupdates.oracle.com/readme/152922-01
JavaSE 6(x86): update 201 patch (equivalent to JDK 6u201), 64bit
SOLARIS_10_x86
SUNWj6rtx:1.6.0,REV=2006.11.29.02.51SUNWj6dvx:1.6.0,REV=2006.11.29.02.51SUNWj6dmx:1.6.0,REV=2006.11.29.02.51
33389 - Oracle Solaris 152921-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2008-2086, CVE-2009-3910
DescriptionThe scan detected that the host is missing the following update:152921-01
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://getupdates.oracle.com/readme/152921-01
JavaSE 6(x86): update 201 patch (equivalent to JDK 6u201)
SOLARIS_10_x86
SUNWj6cfg:1.6.0,REV=2006.11.29.05.03SUNWj6jmp:1.6.0,REV=2006.12.07.19.34SUNWj6dev:1.6.0,REV=2006.11.29.05.03SUNWj6rt:1.6.0,REV=2006.11.29.05.03SUNWj6dmo:1.6.0,REV=2006.11.29.05.03SUNWj6man:1.6.0,REV=2006.12.07.16.42
-
33390 - Oracle Solaris 152919-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2008-2086, CVE-2009-3910
DescriptionThe scan detected that the host is missing the following update:152919-01
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://getupdates.oracle.com/readme/152919-01
JavaSE 6: update 201 patch (equivalent to JDK 6u201)
SOLARIS_10
SUNWj6dev:1.6.0,REV=2006.11.29.05.57SUNWj6dmo:1.6.0,REV=2006.11.29.05.57SUNWj6jmp:1.6.0,REV=2006.12.07.19.24SUNWj6man:1.6.0,REV=2006.12.07.16.37SUNWj6cfg:1.6.0,REV=2006.11.29.05.57SUNWj6rt:1.6.0,REV=2006.11.29.05.57
33391 - Oracle Solaris 152920-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2008-2086, CVE-2009-3910
DescriptionThe scan detected that the host is missing the following update:152920-01
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://getupdates.oracle.com/readme/152920-01
JavaSE 6: update 201 patch (equivalent to JDK 6u201), 64bit
SOLARIS_10
SUNWj6dmx:1.6.0,REV=2006.11.29.04.58SUNWj6rtx:1.6.0,REV=2006.11.29.04.58SUNWj6dvx:1.6.0,REV=2006.11.29.04.58
131154 - Debian Linux 9.0 DSA-4243-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: High
-
CVE: CVE-2017-15400, CVE-2018-4180, CVE-2018-4181, CVE-2018-6553
DescriptionThe scan detected that the host is missing the following update:DSA-4243-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2018/dsa-4243
Debian 9.0allcups_2.2.1-8+deb9u2
160433 - CentOS 7 CESA-2018-2113 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126
DescriptionThe scan detected that the host is missing the following update:CESA-2018-2113
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.centos.org/pipermail/centos-announce/2018-July/022960.html
CentOS 7x86_64firefox-60.1.0-4.el7.centos
i686firefox-60.1.0-4.el7.centos
160436 - CentOS 6 CESA-2018-2112 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126
DescriptionThe scan detected that the host is missing the following update:CESA-2018-2112
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
-
http://lists.centos.org/pipermail/centos-announce/2018-July/022962.html
CentOS 6x86_64firefox-60.1.0-5.el6.centos
i686firefox-60.1.0-5.el6.centos
193921 - Fedora Linux 28 FEDORA-2018-e5a8b72d0d Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2016-6811, CVE-2017-15713, CVE-2017-15718, CVE-2017-3166, CVE-2018-8009
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-e5a8b72d0d
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 28
hadoop-2.7.6-4.fc28
193935 - Fedora Linux 27 FEDORA-2018-1a467757ce Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15591, CVE-2017-15592, CVE-2017-15593, CVE-2017-15594, CVE-2017-15595, CVE-2017-15597, CVE-2017-17044, CVE-2017-17045, CVE-2017-17563, CVE-2017-17564, CVE-2017-17565, CVE-2017-17566, CVE-2018-10981, CVE-2018-10982, CVE-2018-12891, CVE-2018-12892, CVE-2018-12893, CVE-2018-3639, CVE-2018-3665, CVE-2018-7540, CVE-2018-7541, CVE-2018-7542, CVE-2018-8897
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-1a467757ce
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 27
xen-4.9.2-6.fc27
196042 - Red Hat Enterprise Linux RHSA-2018-2175 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes
-
Risk Level: HighCVE: CVE-2018-5007, CVE-2018-5008
DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2175
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2018-July/msg00014.html
RHEL6Dx86_64flash-plugin-30.0.0.134-1.el6
i386flash-plugin-30.0.0.134-1.el6
RHEL6Sx86_64flash-plugin-30.0.0.134-1.el6
i386flash-plugin-30.0.0.134-1.el6
RHEL6WSx86_64flash-plugin-30.0.0.134-1.el6
i386flash-plugin-30.0.0.134-1.el6
23774 - Cisco NX-OS Software Role-Based Access Control Elevated Privileges Vulnerability (cisco-sa-20180620-nxosrbac)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0293
DescriptionA vulnerability is present in some versions of Cisco NX-OS.
ObservationCisco NX-OS is a network operating system.
A vulnerability is present in some versions of Cisco NX-OS. The flaw lies in the role-based access control (RBAC) component. Successful exploitation could allow an attacker to execute CLI commands normally restricted to administrative users.
23788 - Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability(cisco-sa-20180620-nxossnm
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: High
-
CVE: CVE-2018-0291
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in SNMP input packet processor of Cisco NX-OS software. Successful exploitation could allow a remote attacker to cause a denial of service condition.
23744 - Rockwell Automation RSLinx Classic Unquoted Search Path Vulnerability (1073800)
Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-10619
DescriptionA vulnerability is present in some versions of Rockwell Automation RSLinx Classic.
ObservationRockwell Automation RSLinx Classic is a product used to connect Rockwell Automation applications through Logix5000 Programmable Automation controllers.
A vulnerability is present in some versions of Rockwell Automation RSLinx Classic. The flaw exists because this product uses a search path containing unquoted elements. Successful exploitation could allow a local attacker to escalate privileges or execute arbitrary code on the target system.
23783 - Cisco NX-OS Software Border Gateway Protocol Denial of Service Vulnerability (cisco-sa-20180620-nxosbgp)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0295
DescriptionA denial-of-service vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A denial-of-service vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the BGP protocol implementation in Cisco NX-OS systems. Successful exploitation could allow a remote attacker to cause a denial of service.
23846 - (VMSA-2018-0016) VMware Fusion Multiple Vulnerabilities
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-6965, CVE-2018-6966, CVE-2018-6967
DescriptionMultiple vulnerabilities are present in some versions of VMware Fusion.
-
ObservationVMware Fusion is a popular virtualization platform.
Multiple vulnerabilities are present in some versions of VMware Fusion. The flaws lie in multiple components. Successful exploitation could allow an attacker to retrieve sensitive data or cause a denial of service condition in the target system.
23863 - Mozilla Firefox ESR Vulnerabilities Prior To ESR 52.9
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-5156, CVE-2018-5188
DescriptionMultiple Vulnerabilities are present in some versions of Mozilla Firefox ESR.
ObservationMozilla Firefox ESR is a popular web browser.
Multiple Vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in multiple components. Successful exploitation could allow an attacker to bypass security access restrictions, retrieve sensitive data, remotely execute arbitrary code on the target system and cause a denial of service condition.
23864 - Mozilla Firefox ESR Vulnerabilities Prior To ESR 52.9
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-5156, CVE-2018-5188
DescriptionMultiple Vulnerabilities are present in some versions of Mozilla Firefox ESR.
ObservationMozilla Firefox ESR is a popular web browser.
Multiple Vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in multiple components. Successful exploitation could allow an attacker to bypass security access restrictions, retrieve sensitive data, remotely execute arbitrary code on the target system and cause a denial of service condition.
23866 - Mozilla Thunderbird Multiple Vulnerabilities Prior To 52.9
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-12372, CVE-2018-12373, CVE-2018-12374, CVE-2018-5188
DescriptionMultiple vulnerabilities are present in some versions of Mozilla Thunderbird.
Observation
-
Mozilla Thunderbird is an open-source email, newsgroup, news feed, and chat client.
Multiple vulnerabilities are present in some versions of Mozilla Thunderbird. The flaws lie in several components. Successful exploitation could allow an attacker to cause buffer overflow, retrieve sensitive data, remotely execute arbitrary code on the target system or cause a denial of service condition.
23867 - Mozilla Thunderbird Multiple Vulnerabilities Prior To 52.9
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-12372, CVE-2018-12373, CVE-2018-12374, CVE-2018-5188
DescriptionMultiple vulnerabilities are present in some versions of Mozilla Thunderbird.
ObservationMozilla Thunderbird is an open-source email, newsgroup, news feed, and chat client.
Multiple vulnerabilities are present in some versions of Mozilla Thunderbird. The flaws lie in several components. Successful exploitation could allow an attacker to cause buffer overflow, retrieve sensitive data, remotely execute arbitrary code on the target system or cause a denial of service condition.
23870 - Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability (cisco-sa-20180620-fx-os-fabric-dos)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0305
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco Fabric Services component. Successful exploitation could allow an attacker to cause denial of service condition on the target system.
23876 - Cisco NX-OS Software CLI Arbitrary Command Execution Vulnerability (cisco-sa-20180620-nx-os-cli-execution)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0306
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco CLI parser. Successful exploitation could allow a local attacker to escalate privileges.
-
132469 - Oracle VM OVMSA-2018-0237 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: HighCVE: CVE-2015-8575, CVE-2016-2384, CVE-2016-2543, CVE-2016-2544, CVE-2016-2545, CVE-2016-2547, CVE-2016-2548,CVE-2016-2549, CVE-2017-1000410, CVE-2017-11600, CVE-2017-17741, CVE-2017-18203, CVE-2017-7616, CVE-2017-8824,CVE-2018-1000199, CVE-2018-10087, CVE-2018-10124, CVE-2018-10323, CVE-2018-1130, CVE-2018-3665, CVE-2018-5803,CVE-2018-8781
DescriptionThe scan detected that the host is missing the following update:OVMSA-2018-0237
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000874.html
OVM3.3x86_64kernel-uek-3.8.13-118.22.1.el6uekkernel-uek-firmware-3.8.13-118.22.1.el6uek
139094 - Oracle Solaris 11.3.33.5.0 Update Is Not Installed (Third Party Components)
Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2016-10713, CVE-2016-6131, CVE-2016-8625, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-12448, CVE-2017-12449, CVE-2017-12450, CVE-2017-12451, CVE-2017-12452,CVE-2017-12453, CVE-2017-12454, CVE-2017-12455, CVE-2017-12456, CVE-2017-12457, CVE-2017-12458, CVE-2017-12459,CVE-2017-12799, CVE-2017-12967, CVE-2017-13710, CVE-2017-13716, CVE-2017-13757, CVE-2017-14128, CVE-2017-14129,CVE-2017-14130, CVE-2017-14333, CVE-2017-14529, CVE-2017-14729, CVE-2017-14745, CVE-2017-14930, CVE-2017-14932,CVE-2017-14933, CVE-2017-14934, CVE-2017-14938, CVE-2017-14939, CVE-2017-14940, CVE-2017-14974, CVE-2017-15020,CVE-2017-15021, CVE-2017-15022, CVE-2017-15023, CVE-2017-15024, CVE-2017-15025, CVE-2017-15225, CVE-2017-15938,CVE-2017-15939, CVE-2017-15996, CVE-2017-16826, CVE-2017-16827, CVE-2017-16828, CVE-2017-16829, CVE-2017-16830,CVE-2017-16831, CVE-2017-16832, CVE-2017-17080, CVE-2017-17121, CVE-2017-17122, CVE-2017-17123, CVE-2017-17124,CVE-2017-17125, CVE-2017-17126, CVE-2017-17689, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0492,CVE-2018-1000005, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000156,CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549, CVE-2018-11356, CVE-2018-11357,CVE-2018-11358, CVE-2018-11359, CVE-2018-11360, CVE-2018-11362, CVE-2018-2755, CVE-2018-2758, CVE-2018-2761,CVE-2018-2766, CVE-2018-2771, CVE-2018-2773, CVE-2018-2781, CVE-2018-2782, CVE-2018-2784, CVE-2018-2787, CVE-2018-2805, CVE-2018-2813, CVE-2018-2817, CVE-2018-2818, CVE-2018-2819, CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5161, CVE-2018-5162, CVE-2018-5168, CVE-2018-5170,CVE-2018-5174, CVE-2018-5178, CVE-2018-5183, CVE-2018-5184, CVE-2018-5185, CVE-2018-5702, CVE-2018-5712, CVE-2018-6543, CVE-2018-6759, CVE-2018-6872, CVE-2018-6942, CVE-2018-6951, CVE-2018-6952
DescriptionThe scan detected that the host is missing the following update:SRU 11.3.33.5.0
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://support.oracle.com/rs?type=doc&id=2410158.1
-
https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=507462766511768&id=1448883.1&_afrWindowMode=0&_adf.ctrl-state=98kg3qcn0_33#aref_section26
139095 - Oracle Solaris 11.3.32.4.0 Update Is Not Installed (Third Party Components)
Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2017-12837, CVE-2017-12883, CVE-2017-14746, CVE-2017-15275, CVE-2017-15710, CVE-2017-15715, CVE-2017-18210, CVE-2017-18211, CVE-2017-3738, CVE-2018-0733, CVE-2018-0739, CVE-2018-1050, CVE-2018-1057, CVE-2018-11251, CVE-2018-11655, CVE-2018-11656, CVE-2018-1283, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1312, CVE-2018-2908, CVE-2018-6930, CVE-2018-7443, CVE-2018-7470, CVE-2018-7750, CVE-2018-9256, CVE-2018-9257,CVE-2018-9258, CVE-2018-9259, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274
DescriptionThe scan detected that the host is missing the following update:SRU 11.3.32.4.0
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://support.oracle.com/rs?type=doc&id=2396704.1https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=507462766511768&id=1448883.1&_afrWindowMode=0&_adf.ctrl-state=98kg3qcn0_33#aref_section26
146860 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1972-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-12015, CVE-2018-6797, CVE-2018-6798, CVE-2018-6913
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1972-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2018-July/004278.html
SuSE SLED 12 SP3x86_64perl-5.18.2-12.14.1perl-base-debuginfo-5.18.2-12.14.1perl-debuginfo-32bit-5.18.2-12.14.1perl-32bit-5.18.2-12.14.1perl-base-5.18.2-12.14.1perl-debugsource-5.18.2-12.14.1perl-debuginfo-5.18.2-12.14.1
noarchperl-doc-5.18.2-12.14.1
-
SuSE SLES 12 SP3noarchperl-doc-5.18.2-12.14.1
x86_64perl-5.18.2-12.14.1perl-base-debuginfo-5.18.2-12.14.1perl-debuginfo-32bit-5.18.2-12.14.1perl-32bit-5.18.2-12.14.1perl-base-5.18.2-12.14.1perl-debugsource-5.18.2-12.14.1perl-debuginfo-5.18.2-12.14.1
146864 - SuSE Linux 42.3 openSUSE-SU-2018:1962-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-7167
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1962-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00034.html
SuSE Linux 42.3i586nodejs6-6.14.3-12.1npm6-6.14.3-12.1nodejs6-debugsource-6.14.3-12.1nodejs6-devel-6.14.3-12.1nodejs6-debuginfo-6.14.3-12.1
noarchnodejs6-docs-6.14.3-12.1
x86_64nodejs6-6.14.3-12.1npm6-6.14.3-12.1nodejs6-debugsource-6.14.3-12.1nodejs6-devel-6.14.3-12.1nodejs6-debuginfo-6.14.3-12.1
146865 - SuSE Linux 15.0, 42.3 openSUSE-SU-2018:1924-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-3761, CVE-2018-3762
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1924-1
-
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00023.html
SuSE Linux 15.0noarchnextcloud-13.0.4-lp150.2.3.1
SuSE Linux 42.3noarchnextcloud-13.0.4-9.1
146866 - SuSE Linux 15.0 openSUSE-SU-2018:1958-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-17833
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1958-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00030.html
SuSE Linux 15.0x86_64openslp-debuginfo-2.0.0-lp150.5.3.1openslp-32bit-2.0.0-lp150.5.3.1openslp-debugsource-2.0.0-lp150.5.3.1openslp-2.0.0-lp150.5.3.1openslp-server-2.0.0-lp150.5.3.1openslp-32bit-debuginfo-2.0.0-lp150.5.3.1openslp-devel-2.0.0-lp150.5.3.1openslp-server-debuginfo-2.0.0-lp150.5.3.1
i586openslp-debuginfo-2.0.0-lp150.5.3.1openslp-debugsource-2.0.0-lp150.5.3.1openslp-2.0.0-lp150.5.3.1openslp-server-2.0.0-lp150.5.3.1openslp-devel-2.0.0-lp150.5.3.1openslp-server-debuginfo-2.0.0-lp150.5.3.1
146869 - SuSE Linux 15.0 openSUSE-SU-2018:1955-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-10995
-
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1955-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00027.html
SuSE Linux 15.0x86_64perl-slurm-17.11.7-lp150.5.7.1slurm-slurmdbd-17.11.7-lp150.5.7.1slurm-sview-debuginfo-17.11.7-lp150.5.7.1slurm-seff-17.11.7-lp150.5.7.1slurm-node-debuginfo-17.11.7-lp150.5.7.1slurm-doc-17.11.7-lp150.5.7.1libpmi0-17.11.7-lp150.5.7.1slurm-torque-17.11.7-lp150.5.7.1slurm-sjstat-17.11.7-lp150.5.7.1slurm-pam_slurm-debuginfo-17.11.7-lp150.5.7.1slurm-node-17.11.7-lp150.5.7.1libslurm32-debuginfo-17.11.7-lp150.5.7.1slurm-plugins-17.11.7-lp150.5.7.1slurm-debuginfo-17.11.7-lp150.5.7.1slurm-slurmdbd-debuginfo-17.11.7-lp150.5.7.1slurm-sql-17.11.7-lp150.5.7.1slurm-plugins-debuginfo-17.11.7-lp150.5.7.1slurm-pam_slurm-17.11.7-lp150.5.7.1slurm-17.11.7-lp150.5.7.1slurm-torque-debuginfo-17.11.7-lp150.5.7.1slurm-munge-17.11.7-lp150.5.7.1slurm-munge-debuginfo-17.11.7-lp150.5.7.1slurm-auth-none-debuginfo-17.11.7-lp150.5.7.1slurm-lua-debuginfo-17.11.7-lp150.5.7.1libslurm32-17.11.7-lp150.5.7.1slurm-config-17.11.7-lp150.5.7.1libpmi0-debuginfo-17.11.7-lp150.5.7.1perl-slurm-debuginfo-17.11.7-lp150.5.7.1slurm-sql-debuginfo-17.11.7-lp150.5.7.1slurm-auth-none-17.11.7-lp150.5.7.1slurm-sview-17.11.7-lp150.5.7.1slurm-openlava-17.11.7-lp150.5.7.1slurm-debugsource-17.11.7-lp150.5.7.1slurm-lua-17.11.7-lp150.5.7.1slurm-devel-17.11.7-lp150.5.7.1
160432 - CentOS 7 CESA-2018-2181 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020
DescriptionThe scan detected that the host is missing the following update:CESA-2018-2181
-
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.centos.org/pipermail/centos-announce/2018-July/022963.html
CentOS 7x86_64gnupg2-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5
160437 - CentOS 6 CESA-2018-2180 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020
DescriptionThe scan detected that the host is missing the following update:CESA-2018-2180
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.centos.org/pipermail/centos-announce/2018-July/022966.html
CentOS 6x86_64gnupg2-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10
i686gnupg2-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10
160438 - CentOS 6 CESA-2018-2164 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2018-10675, CVE-2018-10872, CVE-2018-3639, CVE-2018-3665
DescriptionThe scan detected that the host is missing the following update:CESA-2018-2164
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.centos.org/pipermail/centos-announce/2018-July/022968.html
CentOS 6i686
-
kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6
noarchkernel-doc-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-abi-whitelists-2.6.32-754.2.1.el6
x86_64kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6
163660 - Oracle Enterprise Linux ELSA-2018-2181 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020
DescriptionThe scan detected that the host is missing the following update:ELSA-2018-2181
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2018-July/007879.html
OEL7x86_64gnupg2-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5
163662 - Oracle Enterprise Linux ELSA-2018-4172 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2015-8575, CVE-2017-11600, CVE-2017-17741, CVE-2017-7616, CVE-2017-8824, CVE-2018-10087, CVE-2018-10124, CVE-2018-1130
DescriptionThe scan detected that the host is missing the following update:ELSA-2018-4172
ObservationUpdates often remediate critical security problems that should be quickly addressed.
-
For more information see:
http://oss.oracle.com/pipermail/el-errata/2018-July/007888.html
OEL6x86_64kernel-uek-debug-2.6.39-400.300.2.el6uekkernel-uek-2.6.39-400.300.2.el6uekkernel-uek-firmware-2.6.39-400.300.2.el6uekkernel-uek-debug-devel-2.6.39-400.300.2.el6uekkernel-uek-devel-2.6.39-400.300.2.el6uekkernel-uek-doc-2.6.39-400.300.2.el6uek
i386kernel-uek-debug-2.6.39-400.300.2.el6uekkernel-uek-2.6.39-400.300.2.el6uekkernel-uek-firmware-2.6.39-400.300.2.el6uekkernel-uek-debug-devel-2.6.39-400.300.2.el6uekkernel-uek-devel-2.6.39-400.300.2.el6uekkernel-uek-doc-2.6.39-400.300.2.el6uek
163663 - Oracle Enterprise Linux ELSA-2018-2164 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-10675, CVE-2018-10872, CVE-2018-3639, CVE-2018-3665
DescriptionThe scan detected that the host is missing the following update:ELSA-2018-2164
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2018-July/007874.html
OEL6x86_64kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-doc-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6kernel-abi-whitelists-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6
i386kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-doc-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6
-
kernel-abi-whitelists-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6
163664 - Oracle Enterprise Linux ELSA-2018-2180 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020
DescriptionThe scan detected that the host is missing the following update:ELSA-2018-2180
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2018-July/007880.html
OEL6x86_64gnupg2-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10
i386gnupg2-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10
175421 - Scientific Linux Security ERRATA Important: gnupg2 on SL6.x i386/x86_64 (1807-6667)
Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2018-12020
DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: gnupg2 on SL6.x i386/x86_64 (1807-6667)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=6667
SL6x86_64gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10
i386gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10
-
175422 - Scientific Linux Security ERRATA Important: gnupg2 on SL7.x x86_64 (1807-6995)
Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2018-12020
DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: gnupg2 on SL7.x x86_64 (1807-6995)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=6995
SL7x86_64gnupg2-2.0.22-5.el7_5gnupg2-debuginfo-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5
193920 - Fedora Linux 27 FEDORA-2018-4197fff086 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-9258, CVE-2017-9259, CVE-2017-9260
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-4197fff086
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1
Fedora Core 27
soundtouch-2.0.0-3.fc27
193924 - Fedora Linux 28 FEDORA-2018-50075276e8 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-10322, CVE-2018-10323, CVE-2018-10840, CVE-2018-10853, CVE-2018-1108, CVE-2018-1120, CVE-2018-11506, CVE-2018-12232, CVE-2018-12633, CVE-2018-12714, CVE-2018-12896, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-13405, CVE-2018-13406, CVE-2018-3639
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-50075276e8
-
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 28
kernel-4.17.5-200.fc28
193928 - Fedora Linux 28 FEDORA-2018-57779d51c1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-0500, CVE-2018-1000300, CVE-2018-1000301
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-57779d51c1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1
Fedora Core 28
curl-7.59.0-5.fc28
193929 - Fedora Linux 28 FEDORA-2018-93a43993aa Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-9258, CVE-2017-9259, CVE-2017-9260
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-93a43993aa
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1
Fedora Core 28
soundtouch-2.0.0-3.fc28
193933 - Fedora Linux 27 FEDORA-2018-8484550fff Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: High
-
CVE: CVE-2017-1000405, CVE-2017-12193, CVE-2017-15115, CVE-2017-16532, CVE-2017-16538, CVE-2017-16644, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17712, CVE-2017-17741, CVE-2017-17852, CVE-2017-17853, CVE-2017-17854, CVE-2017-17855, CVE-2017-17856, CVE-2017-17857, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864, CVE-2017-18232, CVE-2017-8824, CVE-2018-1000004,CVE-2018-1000026, CVE-2018-10021, CVE-2018-10322, CVE-2018-10323, CVE-2018-1065, CVE-2018-10840, CVE-2018-10853, CVE-2018-1108, CVE-2018-1120, CVE-2018-11506, CVE-2018-12232, CVE-2018-12633, CVE-2018-12714, CVE-2018-12896, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-13405, CVE-2018-13406, CVE-2018-3639, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344, CVE-2018-5750, CVE-2018-5803, CVE-2018-7757, CVE-2018-7995,CVE-2018-8043
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-8484550fff
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 27
kernel-4.17.5-100.fc27
193942 - Fedora Linux 28 FEDORA-2018-d82a45d9ab Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-10322, CVE-2018-10323, CVE-2018-10840, CVE-2018-10853, CVE-2018-1108, CVE-2018-1120, CVE-2018-11506, CVE-2018-12232, CVE-2018-12633, CVE-2018-12714, CVE-2018-3639
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-d82a45d9ab
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 28
kernel-tools-4.17.4-200.fc28kernel-4.17.4-200.fc28
196040 - Red Hat Enterprise Linux RHSA-2018-2181 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020
DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2181
-
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2018-July/msg00018.html
RHEL7Dx86_64gnupg2-2.0.22-5.el7_5gnupg2-debuginfo-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5
RHEL7Sx86_64gnupg2-2.0.22-5.el7_5gnupg2-debuginfo-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5
RHEL7WSx86_64gnupg2-2.0.22-5.el7_5gnupg2-debuginfo-2.0.22-5.el7_5gnupg2-smime-2.0.22-5.el7_5
196043 - Red Hat Enterprise Linux RHSA-2018-2180 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-12020
DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2180
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2018-July/msg00017.html
RHEL6Dx86_64gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10
i386gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10
RHEL6Si386gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10
-
x86_64gnupg2-debuginfo-2.0.14-9.el6_10gnupg2-smime-2.0.14-9.el6_10gnupg2-2.0.14-9.el6_10
RHEL6WSx86_64gnupg2-2.0.14-9.el6_10gnupg2-debuginfo-2.0.14-9.el6_10
i386gnupg2-2.0.14-9.el6_10gnupg2-debuginfo-2.0.14-9.el6_10
23778 - Cisco NX-OS Software Role-Based Access Arbitrary Command Execution Vulnerability (sa-20180620-nxos-rbaccess)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: MediumCVE: CVE-2018-0337
DescriptionA vulnerability is present in some versions of Cisco NX-OS.
ObservationCisco NX-OS is a network operating system.
A vulnerability is present in some versions of Cisco NX-OS. The flaw lies in the role-based access control (RBAC) component. Successful exploitation could allow an attacker to locally execute arbitrary code on the target system.
23859 - Joomla! PHP 5.3 Local File Inclusion Vulnerability (20180601)
Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: MediumCVE: CVE-2018-12712
DescriptionA vulnerability is present in some versions of Joomla!.
ObservationJoomla! is an open source content management system.
A vulnerability is present in some versions of Joomla!. The flaw is due to an inadequate validation of classnames. Successful exploitation could allow an attacker to local file inclusion on the target system.
23892 - Oracle Java SE Critical Patch Update July 2018
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-2938, CVE-2018-2940, CVE-2018-2941, CVE-2018-2942, CVE-2018-2952, CVE-2018-2964, CVE-2018-2972,CVE-2018-2973
Description
-
Multiple vulnerabilities are present in some versions of Oracle Java SE.
ObservationOracle Java SE is used to run Java applications.
Multiple vulnerabilities are present in some versions of Oracle Java SE. The flaws lie in multiple components. Successful exploitation could allow an attacker to elevate its privilege, disclose private information or cause a denial of service condition.
131152 - Debian Linux 9.0 DSA-4245-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2018-11251, CVE-2018-12599, CVE-2018-12600, CVE-2018-5248
DescriptionThe scan detected that the host is missing the following update:DSA-4245-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2018/dsa-4245
Debian 9.0allimagemagick_8:6.9.7.4+dfsg-11+deb9u5
135205 - Oracle Solaris 11.3.34.4.0 Update Is Not Installed (CVE-2018-1171)
Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1171
DescriptionThe scan detected that the host is missing the following update:SRU 11.3.34.4.0
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://support.oracle.com/epmos/faces/DocumentDisplay?id=2419155.1&_adf.ctrl-state=19c95xvm8y_4&_afrLoop=331578995839425
139096 - Oracle Solaris 11.3.34.4.0 Update Is Not Installed (Third Party Components)
Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: MediumCVE: CVE-2017-12613, CVE-2017-17969, CVE-2017-7418, CVE-2018-1000021, CVE-2018-10115, CVE-2018-11233, CVE-2018-11235, CVE-2018-1171, CVE-2018-12020, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12368, CVE-2018-2926, CVE-2018-2928, CVE-2018-5156, CVE-2018-5188, CVE-2018-5996, CVE-2018-6126
-
DescriptionThe scan detected that the host is missing the following update:SRU 11.3.34.4.0
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://support.oracle.com/rs?type=doc&id=2421850.1https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=507462766511768&id=1448883.1&_afrWindowMode=0&_adf.ctrl-state=98kg3qcn0_33#aref_section26
146861 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1950-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-1000422
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1950-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2018-July/004273.html
SuSE SLED 12 SP3x86_64libgdk_pixbuf-2_0-0-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.11.1libgdk_pixbuf-2_0-0-2.34.0-19.11.1gdk-pixbuf-query-loaders-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.11.1libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.11.1gdk-pixbuf-debugsource-2.34.0-19.11.1typelib-1_0-GdkPixbuf-2_0-2.34.0-19.11.1libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-2.34.0-19.11.1
noarchgdk-pixbuf-lang-2.34.0-19.11.1
SuSE SLES 12 SP3noarchgdk-pixbuf-lang-2.34.0-19.11.1
x86_64libgdk_pixbuf-2_0-0-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-debuginfo-32bit-2.34.0-19.11.1libgdk_pixbuf-2_0-0-2.34.0-19.11.1gdk-pixbuf-query-loaders-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-debuginfo-2.34.0-19.11.1libgdk_pixbuf-2_0-0-debuginfo-2.34.0-19.11.1gdk-pixbuf-debugsource-2.34.0-19.11.1typelib-1_0-GdkPixbuf-2_0-2.34.0-19.11.1
-
libgdk_pixbuf-2_0-0-debuginfo-32bit-2.34.0-19.11.1gdk-pixbuf-query-loaders-2.34.0-19.11.1
146862 - SuSE Linux 15.0 openSUSE-SU-2018:1961-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-11337, CVE-2017-11338, CVE-2017-11339, CVE-2017-11340, CVE-2017-11553, CVE-2017-11591, CVE-2017-11592, CVE-2017-11683, CVE-2017-12955, CVE-2017-12956, CVE-2017-12957, CVE-2017-14859, CVE-2017-14860, CVE-2017-14862, CVE-2017-14864
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1961-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00033.html
SuSE Linux 15.0i586libexiv2-devel-0.26-lp150.5.3.1exiv2-0.26-lp150.5.3.1exiv2-debugsource-0.26-lp150.5.3.1libexiv2-26-0.26-lp150.5.3.1exiv2-debuginfo-0.26-lp150.5.3.1libexiv2-doc-0.26-lp150.5.3.1libexiv2-26-debuginfo-0.26-lp150.5.3.1
noarchexiv2-lang-0.26-lp150.5.3.1
x86_64libexiv2-devel-0.26-lp150.5.3.1exiv2-0.26-lp150.5.3.1exiv2-debugsource-0.26-lp150.5.3.1libexiv2-26-32bit-debuginfo-0.26-lp150.5.3.1libexiv2-26-0.26-lp150.5.3.1libexiv2-26-32bit-0.26-lp150.5.3.1exiv2-debuginfo-0.26-lp150.5.3.1libexiv2-doc-0.26-lp150.5.3.1libexiv2-26-debuginfo-0.26-lp150.5.3.1
146868 - SuSE Linux 15.0 openSUSE-SU-2018:1953-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10392
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1953-1
Observation
-
Updates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00025.html
SuSE Linux 15.0i586libvorbisfile3-debuginfo-1.3.6-lp150.3.3.1libvorbis-devel-1.3.6-lp150.3.3.1libvorbisfile3-1.3.6-lp150.3.3.1libvorbisenc2-debuginfo-1.3.6-lp150.3.3.1libvorbisenc2-1.3.6-lp150.3.3.1libvorbis0-1.3.6-lp150.3.3.1libvorbis0-debuginfo-1.3.6-lp150.3.3.1libvorbis-debugsource-1.3.6-lp150.3.3.1
noarchlibvorbis-doc-1.3.6-lp150.3.3.1
x86_64libvorbis-devel-32bit-1.3.6-lp150.3.3.1libvorbis0-1.3.6-lp150.3.3.1libvorbisfile3-32bit-debuginfo-1.3.6-lp150.3.3.1libvorbis-debugsource-1.3.6-lp150.3.3.1libvorbis-devel-1.3.6-lp150.3.3.1libvorbisfile3-debuginfo-1.3.6-lp150.3.3.1libvorbisenc2-debuginfo-1.3.6-lp150.3.3.1libvorbis0-32bit-debuginfo-1.3.6-lp150.3.3.1libvorbisfile3-32bit-1.3.6-lp150.3.3.1libvorbisenc2-1.3.6-lp150.3.3.1libvorbisenc2-32bit-1.3.6-lp150.3.3.1libvorbis0-32bit-1.3.6-lp150.3.3.1libvorbis0-debuginfo-1.3.6-lp150.3.3.1libvorbisfile3-1.3.6-lp150.3.3.1libvorbisenc2-32bit-debuginfo-1.3.6-lp150.3.3.1
146870 - SuSE Linux 15.0 openSUSE-SU-2018:1956-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-11613, CVE-2017-18013, CVE-2018-10963, CVE-2018-7456, CVE-2018-8905
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1956-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00028.html
SuSE Linux 15.0x86_64tiff-debuginfo-4.0.9-lp150.4.3.1libtiff-devel-32bit-4.0.9-lp150.4.3.1libtiff5-4.0.9-lp150.4.3.1tiff-4.0.9-lp150.4.3.1
-
libtiff5-debuginfo-4.0.9-lp150.4.3.1libtiff5-32bit-debuginfo-4.0.9-lp150.4.3.1libtiff5-32bit-4.0.9-lp150.4.3.1libtiff-devel-4.0.9-lp150.4.3.1tiff-debugsource-4.0.9-lp150.4.3.1
i586tiff-debuginfo-4.0.9-lp150.4.3.1libtiff5-4.0.9-lp150.4.3.1tiff-4.0.9-lp150.4.3.1libtiff5-debuginfo-4.0.9-lp150.4.3.1libtiff-devel-4.0.9-lp150.4.3.1tiff-debugsource-4.0.9-lp150.4.3.1
132471 - Oracle VM OVMSA-2018-0239 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: MediumCVE: CVE-2012-6085, CVE-2013-4351, CVE-2013-4402, CVE-2018-12020
DescriptionThe scan detected that the host is missing the following update:OVMSA-2018-0239
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000876.htmlhttp://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000875.html
OVM3.3x86_64gnupg2-2.0.14-9.el6_10
OVM3.4x86_64gnupg2-2.0.14-9.el6_10
146863 - SuSE Linux 15.0 openSUSE-SU-2018:1963-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1000168, CVE-2018-7161, CVE-2018-7167
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1963-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00035.html
SuSE Linux 15.0
-
i586nodejs8-debuginfo-8.11.3-lp150.2.3.1nodejs8-devel-8.11.3-lp150.2.3.1nodejs8-debugsource-8.11.3-lp150.2.3.1nodejs8-8.11.3-lp150.2.3.1npm8-8.11.3-lp150.2.3.1
noarchnodejs8-docs-8.11.3-lp150.2.3.1
x86_64nodejs8-debuginfo-8.11.3-lp150.2.3.1nodejs8-devel-8.11.3-lp150.2.3.1nodejs8-debugsource-8.11.3-lp150.2.3.1nodejs8-8.11.3-lp150.2.3.1npm8-8.11.3-lp150.2.3.1
160434 - CentOS 7 CESA-2018-2123 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: MediumCVE: CVE-2016-2183
DescriptionThe scan detected that the host is missing the following update:CESA-2018-2123
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.centos.org/pipermail/centos-announce/2018-July/022964.html
CentOS 7x86_64python-test-2.7.5-69.el7_5python-2.7.5-69.el7_5tkinter-2.7.5-69.el7_5python-libs-2.7.5-69.el7_5python-devel-2.7.5-69.el7_5python-tools-2.7.5-69.el7_5python-debug-2.7.5-69.el7_5
i686python-libs-2.7.5-69.el7_5
182734 - FreeBSD SQLite Corrupt DB Can Cause A NULL Pointer Dereference (c1630aa3-7970-11e8-8634-dcfe074bd614)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2018-8740
DescriptionThe scan detected that the host is missing the following update:SQLite -- Corrupt DB can cause a NULL pointer dereference (c1630aa3-7970-11e8-8634-dcfe074bd614)
-
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/c1630aa3-7970-11e8-8634-dcfe074bd614.html
Affected packages: upp NonIntrusive -> AIX Patches and HotfixesRisk Level: MediumCVE: CVE-2018-0737
DescriptionA vulnerability is present in some versions of IBM AIX.
ObservationAIX is a Unix-like operating system developed by IBM.
A vulnerability is present in some versions of IBM AIX. The flaw lies in OpenSSL. Successful exploitation could allow an attacker to obtain sensitive information.
23861 - (SB10240) McAfee ePolicy Orchestrator Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-6671, CVE-2018-6672
DescriptionMultiple vulnerabilities are present in some versions of McAfee ePolicy Orchestrator.
ObservationMcAfee ePolicy Orchestrator (ePO) is widely acknowledged as the most advanced and scalable security management software.
Multiple vulnerabilities are present in some versions of McAfee ePolicy Orchestrator. The flaws lie in unspecified components. Successful exploitation could allow an attacker to retrieve sensitive data or bypass security access restrictions in the target system.
131150 - Debian Linux 9.0 DSA-4247-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1000119
DescriptionThe scan detected that the host is missing the following update:DSA-4247-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
-
http://www.debian.org/security/2018/dsa-4247
Debian 9.0allruby-rack-protection_1.5.3-2+deb9u1
132472 - Oracle VM OVMSA-2018-0238 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle VM Patches and HotfixesRisk Level: MediumCVE: CVE-2016-9603, CVE-2017-13672, CVE-2017-15289, CVE-2017-2633, CVE-2017-5715, CVE-2017-7718, CVE-2017-7980,CVE-2018-3639, CVE-2018-5683, CVE-2018-7858
DescriptionThe scan detected that the host is missing the following update:OVMSA-2018-0238
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/oraclevm-errata/2018-July/000873.html
OVM3.4x86_64qemu-img-0.12.1.2-2.506.el6_10.1
146867 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1935-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-3639, CVE-2018-3640
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1935-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2018-July/004257.html
SuSE SLED 12 SP3x86_64ucode-intel-debuginfo-20180703-13.25.1ucode-intel-debugsource-20180703-13.25.1ucode-intel-20180703-13.25.1
SuSE SLES 12 SP3x86_64ucode-intel-debuginfo-20180703-13.25.1ucode-intel-debugsource-20180703-13.25.1ucode-intel-20180703-13.25.1
-
160435 - CentOS 6 CESA-2018-2162 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: MediumCVE: CVE-2017-13672, CVE-2018-3639, CVE-2018-5683, CVE-2018-7858
DescriptionThe scan detected that the host is missing the following update:CESA-2018-2162
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.centos.org/pipermail/centos-announce/2018-July/022967.html
CentOS 6x86_64qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1
i686qemu-guest-agent-0.12.1.2-2.506.el6_10.1
163661 - Oracle Enterprise Linux ELSA-2018-2162 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2016-9603, CVE-2017-13672, CVE-2017-15289, CVE-2017-2633, CVE-2017-5715, CVE-2017-7718, CVE-2017-7980,CVE-2018-3639, CVE-2018-5683, CVE-2018-7858
DescriptionThe scan detected that the host is missing the following update:ELSA-2018-2162
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2018-July/007876.html
OEL6x86_64qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1
i386qemu-guest-agent-0.12.1.2-2.506.el6_10.1
186305 - Ubuntu Linux 14.04, 16.04, 17.10, 18.04 USN-3717-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes
-
Risk Level: MediumCVE: CVE-2015-3218, CVE-2015-3255, CVE-2015-4625, CVE-2018-1116
DescriptionThe scan detected that the host is missing the following update:USN-3717-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004498.html
Ubuntu 16.04
libpolkit-backend-1-0_0.105-14.1ubuntu0.1
Ubuntu 14.04
libpolkit-backend-1-0_0.105-4ubuntu3.14.04.2
Ubuntu 18.04
libpolkit-backend-1-0_0.105-20ubuntu0.18.04.1
Ubuntu 17.10
libpolkit-backend-1-0_0.105-18ubuntu0.1
193911 - Fedora Linux 27 FEDORA-2018-50d055a5af Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1000002, CVE-2018-1110
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-50d055a5af
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 27
knot-resolver-2.4.0-1.fc27
193926 - Fedora Linux 27 FEDORA-2018-cdccabb23d Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-13049, CVE-2018-7563
-
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-cdccabb23d
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 27
glpi-9.1.7.1-3.fc27
196041 - Red Hat Enterprise Linux RHSA-2018-2171 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-3639
DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2171
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2018-July/msg00013.html
RHEL5_9Si386kernel-PAE-devel-2.6.18-348.40.1.el5kernel-debug-devel-2.6.18-348.40.1.el5kernel-debuginfo-2.6.18-348.40.1.el5kernel-PAE-2.6.18-348.40.1.el5kernel-debuginfo-common-2.6.18-348.40.1.el5kernel-2.6.18-348.40.1.el5kernel-debug-2.6.18-348.40.1.el5kernel-devel-2.6.18-348.40.1.el5kernel-xen-debuginfo-2.6.18-348.40.1.el5kernel-xen-2.6.18-348.40.1.el5kernel-headers-2.6.18-348.40.1.el5kernel-xen-devel-2.6.18-348.40.1.el5kernel-debug-debuginfo-2.6.18-348.40.1.el5kernel-PAE-debuginfo-2.6.18-348.40.1.el5
noarchkernel-doc-2.6.18-348.40.1.el5
x86_64kernel-debug-devel-2.6.18-348.40.1.el5kernel-debug-debuginfo-2.6.18-348.40.1.el5kernel-2.6.18-348.40.1.el5kernel-headers-2.6.18-348.40.1.el5kernel-xen-devel-2.6.18-348.40.1.el5kernel-debuginfo-common-2.6.18-348.40.1.el5
-
kernel-xen-2.6.18-348.40.1.el5kernel-xen-debuginfo-2.6.18-348.40.1.el5kernel-debug-2.6.18-348.40.1.el5kernel-devel-2.6.18-348.40.1.el5kernel-debuginfo-2.6.18-348.40.1.el5
196044 - Red Hat Enterprise Linux RHSA-2018-2172 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-14106, CVE-2018-3639
DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2172
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2018-July/msg00012.html
RHEL5i386kernel-PAE-2.6.18-433.el5kernel-debug-2.6.18-433.el5kernel-headers-2.6.18-433.el5kernel-2.6.18-433.el5kernel-debuginfo-2.6.18-433.el5kernel-debuginfo-common-2.6.18-433.el5kernel-debug-debuginfo-2.6.18-433.el5kernel-debug-devel-2.6.18-433.el5kernel-xen-debuginfo-2.6.18-433.el5kernel-PAE-debuginfo-2.6.18-433.el5kernel-devel-2.6.18-433.el5kernel-xen-2.6.18-433.el5kernel-PAE-devel-2.6.18-433.el5kernel-xen-devel-2.6.18-433.el5
noarchkernel-doc-2.6.18-433.el5
x86_64kernel-debug-2.6.18-433.el5kernel-debug-devel-2.6.18-433.el5kernel-xen-devel-2.6.18-433.el5kernel-xen-2.6.18-433.el5kernel-xen-debuginfo-2.6.18-433.el5kernel-debug-debuginfo-2.6.18-433.el5kernel-2.6.18-433.el5kernel-devel-2.6.18-433.el5kernel-debuginfo-2.6.18-433.el5kernel-debuginfo-common-2.6.18-433.el5kernel-headers-2.6.18-433.el5
23800 - Novell iManager Vulnerabilities Prior To 3.1.1
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server
-
Risk Level: LowCVE: CVE-2018-12462
DescriptionA vulnerability is present in some versions of Novell (NetIQ) iManager.
ObservationNovell iManager is a web-based administration console.
A vulnerability is present in some versions of Novell (NetIQ) iManager. The flaw affects the original release of iManager 3.1. Successful exploitation could allow an attacker to cause unspecified impacts.
23877 - IBM WebSphere MQ Information Disclosure Vulnerability (swg22013020)
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: LowCVE: CVE-2016-0702
DescriptionA vulnerability is present in some versions of IBM WebSphere MQ.
ObservationIBM WebSphere MQ is a popular cross platform messaging system.
A vulnerability is pr
Local Diskfsl_07_19_2018