Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
2018-JUL-12 FSL version 7.6.36
MCAFEE FOUNDSTONE FSL UPDATE
To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is adetailed summary of the new and updated checks included with this release.
NEW CHECKS
163659 - Oracle Enterprise Linux ELSA-2018-4161 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2017-11600, CVE-2017-18017, CVE-2017-7616, CVE-2017-8824, CVE-2018-10087, CVE-2018-10124, CVE-2018-1130,CVE-2018-5803
DescriptionThe scan detected that the host is missing the following update:ELSA-2018-4161
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2018-July/007869.htmlhttp://oss.oracle.com/pipermail/el-errata/2018-July/007870.html
OEL7x86_64kernel-uek-4.1.12-124.17.1.el7uekkernel-uek-debug-devel-4.1.12-124.17.1.el7uekkernel-uek-debug-4.1.12-124.17.1.el7uekkernel-uek-devel-4.1.12-124.17.1.el7uekkernel-uek-doc-4.1.12-124.17.1.el7uekkernel-uek-firmware-4.1.12-124.17.1.el7uek
OEL6x86_64kernel-uek-debug-4.1.12-124.17.1.el6uekkernel-uek-devel-4.1.12-124.17.1.el6uekkernel-uek-debug-devel-4.1.12-124.17.1.el6uekkernel-uek-4.1.12-124.17.1.el6uekkernel-uek-doc-4.1.12-124.17.1.el6uekkernel-uek-firmware-4.1.12-124.17.1.el6uek
23860 - (HPESBHF03844) HPE Integrated Lights-Out Remote or Local Code Execution Vulnerability
Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: HighCVE: CVE-2018-7078
DescriptionA vulnerability is present in some versions of HPE Integrated Lights-Out.
ObservationHPE Integrated Lights-Out is a Hewlett-Packard proprietary embedded server management technology.
A vulnerability is present in some versions of HPE Integrated Lights-Out. The flaw lies in an unknown component. Successful exploitation could allow an administrative user to execute arbitrary code locally or remotely.
23872 - (MSPT-Jul2018) Microsoft Office Handle Objects in Memory Remote Code Execution (CVE-2018-8281)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-8281
DescriptionA vulnerability in some versions of Microsoft Office software could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Office software could lead to remote code execution.
The flaw is due to improper handling of objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
175417 - Scientific Linux Security ERRATA Critical: firefox on SL6.x i386/x86_64 (1807-3912)
Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126
DescriptionThe scan detected that the host is missing the following update:Security ERRATA Critical: firefox on SL6.x i386/x86_64 (1807-3912)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=3912
SL6x86_64firefox-debuginfo-60.1.0-5.el6firefox-60.1.0-5.el6
i386firefox-debuginfo-60.1.0-5.el6firefox-60.1.0-5.el6
175419 - Scientific Linux Security ERRATA Critical: firefox on SL7.x x86_64 (1807-3415)
Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126
DescriptionThe scan detected that the host is missing the following update:Security ERRATA Critical: firefox on SL7.x x86_64 (1807-3415)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=3415
SL7x86_64firefox-debuginfo-60.1.0-4.el7_5firefox-60.1.0-4.el7_5
23857 - Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability (cisco-sa-20180620-nx-os-fabric-dos)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0310
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco Fabric Services component. Successful exploitation could allow an unauthenticated remote user to cause a denial of service or obtain sensitive information.
23799 - (K53931245) F5 BIG-IP SSL profile Vulnerability
Category: SSH Module -> NonIntrusive -> F5Risk Level: HighCVE: CVE-2018-5524
DescriptionA vulnerability is present in some versions of F5's BIG-IP products.
ObservationF5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System.
A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in Virtual servers using Client SSL or Server SSL profiles. Successful exploitation could allow an attacker to cause a denial-of-service condition.
23814 - (SB10241) McAfee Web Gateway Multiple Vulnerabilities
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2017-12940, CVE-2017-12941, CVE-2017-12942, CVE-2018-1124, CVE-2018-6667
DescriptionMultiple vulnerabilities are present in some versions of McAfee Web Gateway.
ObservationMcAfee Web Gateway is a web based security control system designed to prevent web application attacks.
Multiple vulnerabilities are present in some versions of McAfee Web Gateway. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive information, cause a denial of service condition or execute arbitrary code on the target system.
23835 - (K80440915) F5 BIG-IP Linux Kernel Vulnerability
Category: SSH Module -> NonIntrusive -> F5Risk Level: HighCVE: CVE-2017-7889
DescriptionA vulnerability is present in some versions of F5's BIG-IP products.
ObservationF5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System.
A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in Linux kernel. Successful exploitation could allow an attacker to bypass certain security restrictions and perform unauthorized actions.
23856 - Cisco Nexus 4000 Series Switch SNMP Denial Of Service Vulnerability (sa-20180620-n4k-snmp-dos)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0299
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in SNMP feature. Successful exploitation could allow a remote attacker to cause a denial of service condition.
23858 - Cisco Nexus 3000 And 9000 Series CLI and SNMP Denial Of Service Vulnerability (sa-20180620-n3k-n9k-clisnmp)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0309
DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.
ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw is due to the use of a SNMP MIB related with an specific CLI command. Successful exploitation could allow a remote attacker to cause a denial of service condition.
131146 - Debian Linux 9.0 DSA-4238-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265
DescriptionThe scan detected that the host is missing the following update:DSA-4238-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2018/dsa-4238
Debian 9.0allexiv2_0.25-3.1+deb9u1
131148 - Debian Linux 9.0 DSA-4240-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549, CVE-2018-7584
DescriptionThe scan detected that the host is missing the following update:DSA-4240-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2018/dsa-4240
Debian 9.0allphp7.0_7.0.30-0+deb9u1
146845 - SuSE Linux 15.0 openSUSE-SU-2018:1893-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-1071, CVE-2018-1083, CVE-2018-1100
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1893-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00000.html
SuSE Linux 15.0x86_64zsh-debugsource-5.5-lp150.2.3.1zsh-debuginfo-5.5-lp150.2.3.1zsh-5.5-lp150.2.3.1zsh-htmldoc-5.5-lp150.2.3.1
146848 - SuSE Linux 42.3 openSUSE-SU-2018:1913-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-12882
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1913-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00018.html
SuSE Linux 42.3i586php7-mbstring-debuginfo-7.0.7-40.1php7-snmp-debuginfo-7.0.7-40.1php7-tidy-7.0.7-40.1php7-ctype-7.0.7-40.1php7-json-debuginfo-7.0.7-40.1php7-gd-7.0.7-40.1php7-sockets-7.0.7-40.1php7-ftp-7.0.7-40.1php7-imap-debuginfo-7.0.7-40.1php7-bcmath-debuginfo-7.0.7-40.1php7-opcache-7.0.7-40.1php7-wddx-debuginfo-7.0.7-40.1apache2-mod_php7-debuginfo-7.0.7-40.1php7-xmlreader-debuginfo-7.0.7-40.1php7-ldap-7.0.7-40.1php7-devel-7.0.7-40.1php7-firebird-debuginfo-7.0.7-40.1php7-zip-debuginfo-7.0.7-40.1php7-readline-debuginfo-7.0.7-40.1php7-dom-7.0.7-40.1apache2-mod_php7-7.0.7-40.1php7-sysvsem-debuginfo-7.0.7-40.1php7-gettext-debuginfo-7.0.7-40.1php7-posix-7.0.7-40.1php7-mbstring-7.0.7-40.1php7-exif-7.0.7-40.1php7-xmlreader-7.0.7-40.1php7-odbc-debuginfo-7.0.7-40.1php7-calendar-7.0.7-40.1php7-debugsource-7.0.7-40.1php7-bz2-debuginfo-7.0.7-40.1
php7-7.0.7-40.1php7-gmp-7.0.7-40.1php7-curl-7.0.7-40.1php7-sqlite-debuginfo-7.0.7-40.1php7-wddx-7.0.7-40.1php7-shmop-7.0.7-40.1php7-exif-debuginfo-7.0.7-40.1php7-dom-debuginfo-7.0.7-40.1php7-calendar-debuginfo-7.0.7-40.1php7-fileinfo-7.0.7-40.1php7-sysvshm-7.0.7-40.1php7-phar-7.0.7-40.1php7-iconv-debuginfo-7.0.7-40.1php7-ctype-debuginfo-7.0.7-40.1php7-pspell-debuginfo-7.0.7-40.1php7-pgsql-debuginfo-7.0.7-40.1php7-fpm-7.0.7-40.1php7-sysvmsg-debuginfo-7.0.7-40.1php7-zip-7.0.7-40.1php7-mysql-debuginfo-7.0.7-40.1php7-json-7.0.7-40.1php7-snmp-7.0.7-40.1php7-iconv-7.0.7-40.1php7-fpm-debuginfo-7.0.7-40.1php7-intl-7.0.7-40.1php7-gmp-debuginfo-7.0.7-40.1php7-pcntl-debuginfo-7.0.7-40.1php7-bz2-7.0.7-40.1php7-mysql-7.0.7-40.1php7-firebird-7.0.7-40.1php7-posix-debuginfo-7.0.7-40.1php7-enchant-7.0.7-40.1php7-pdo-debuginfo-7.0.7-40.1php7-xmlrpc-7.0.7-40.1php7-tokenizer-7.0.7-40.1php7-tokenizer-debuginfo-7.0.7-40.1php7-odbc-7.0.7-40.1php7-pgsql-7.0.7-40.1php7-readline-7.0.7-40.1php7-pcntl-7.0.7-40.1php7-openssl-7.0.7-40.1php7-ftp-debuginfo-7.0.7-40.1php7-xsl-7.0.7-40.1php7-opcache-debuginfo-7.0.7-40.1php7-enchant-debuginfo-7.0.7-40.1php7-intl-debuginfo-7.0.7-40.1php7-fastcgi-debuginfo-7.0.7-40.1php7-zlib-7.0.7-40.1php7-debuginfo-7.0.7-40.1php7-sysvmsg-7.0.7-40.1php7-ldap-debuginfo-7.0.7-40.1php7-sysvshm-debuginfo-7.0.7-40.1php7-xmlwriter-7.0.7-40.1php7-openssl-debuginfo-7.0.7-40.1php7-fileinfo-debuginfo-7.0.7-40.1php7-mcrypt-7.0.7-40.1php7-gettext-7.0.7-40.1php7-sysvsem-7.0.7-40.1php7-xmlrpc-debuginfo-7.0.7-40.1php7-mcrypt-debuginfo-7.0.7-40.1
php7-soap-7.0.7-40.1php7-sockets-debuginfo-7.0.7-40.1php7-gd-debuginfo-7.0.7-40.1php7-soap-debuginfo-7.0.7-40.1php7-shmop-debuginfo-7.0.7-40.1php7-xmlwriter-debuginfo-7.0.7-40.1php7-sqlite-7.0.7-40.1php7-pdo-7.0.7-40.1php7-fastcgi-7.0.7-40.1php7-xsl-debuginfo-7.0.7-40.1php7-tidy-debuginfo-7.0.7-40.1php7-bcmath-7.0.7-40.1php7-curl-debuginfo-7.0.7-40.1php7-zlib-debuginfo-7.0.7-40.1php7-dba-7.0.7-40.1php7-dba-debuginfo-7.0.7-40.1php7-phar-debuginfo-7.0.7-40.1php7-imap-7.0.7-40.1php7-pspell-7.0.7-40.1
noarchphp7-pear-Archive_Tar-7.0.7-40.1php7-pear-7.0.7-40.1
x86_64php7-mbstring-debuginfo-7.0.7-40.1php7-snmp-debuginfo-7.0.7-40.1php7-tidy-7.0.7-40.1php7-ctype-7.0.7-40.1php7-json-debuginfo-7.0.7-40.1php7-gd-7.0.7-40.1php7-sockets-7.0.7-40.1php7-ftp-7.0.7-40.1php7-imap-debuginfo-7.0.7-40.1php7-bcmath-debuginfo-7.0.7-40.1php7-opcache-7.0.7-40.1php7-wddx-debuginfo-7.0.7-40.1apache2-mod_php7-debuginfo-7.0.7-40.1php7-xmlreader-debuginfo-7.0.7-40.1php7-ldap-7.0.7-40.1php7-devel-7.0.7-40.1php7-firebird-debuginfo-7.0.7-40.1php7-zip-debuginfo-7.0.7-40.1php7-readline-debuginfo-7.0.7-40.1php7-dom-7.0.7-40.1apache2-mod_php7-7.0.7-40.1php7-sysvsem-debuginfo-7.0.7-40.1php7-gettext-debuginfo-7.0.7-40.1php7-posix-7.0.7-40.1php7-mbstring-7.0.7-40.1php7-exif-7.0.7-40.1php7-xmlreader-7.0.7-40.1php7-odbc-debuginfo-7.0.7-40.1php7-calendar-7.0.7-40.1php7-debugsource-7.0.7-40.1php7-bz2-debuginfo-7.0.7-40.1php7-7.0.7-40.1php7-gmp-7.0.7-40.1php7-curl-7.0.7-40.1php7-sqlite-debuginfo-7.0.7-40.1
php7-wddx-7.0.7-40.1php7-shmop-7.0.7-40.1php7-exif-debuginfo-7.0.7-40.1php7-dom-debuginfo-7.0.7-40.1php7-calendar-debuginfo-7.0.7-40.1php7-fileinfo-7.0.7-40.1php7-sysvshm-7.0.7-40.1php7-phar-7.0.7-40.1php7-iconv-debuginfo-7.0.7-40.1php7-ctype-debuginfo-7.0.7-40.1php7-pspell-debuginfo-7.0.7-40.1php7-pgsql-debuginfo-7.0.7-40.1php7-fpm-7.0.7-40.1php7-sysvmsg-debuginfo-7.0.7-40.1php7-zip-7.0.7-40.1php7-mysql-debuginfo-7.0.7-40.1php7-json-7.0.7-40.1php7-snmp-7.0.7-40.1php7-iconv-7.0.7-40.1php7-fpm-debuginfo-7.0.7-40.1php7-intl-7.0.7-40.1php7-gmp-debuginfo-7.0.7-40.1php7-pcntl-debuginfo-7.0.7-40.1php7-bz2-7.0.7-40.1php7-mysql-7.0.7-40.1php7-firebird-7.0.7-40.1php7-posix-debuginfo-7.0.7-40.1php7-enchant-7.0.7-40.1php7-pdo-debuginfo-7.0.7-40.1php7-xmlrpc-7.0.7-40.1php7-tokenizer-7.0.7-40.1php7-tokenizer-debuginfo-7.0.7-40.1php7-odbc-7.0.7-40.1php7-pgsql-7.0.7-40.1php7-readline-7.0.7-40.1php7-pcntl-7.0.7-40.1php7-openssl-7.0.7-40.1php7-ftp-debuginfo-7.0.7-40.1php7-xsl-7.0.7-40.1php7-opcache-debuginfo-7.0.7-40.1php7-enchant-debuginfo-7.0.7-40.1php7-intl-debuginfo-7.0.7-40.1php7-fastcgi-debuginfo-7.0.7-40.1php7-zlib-7.0.7-40.1php7-debuginfo-7.0.7-40.1php7-sysvmsg-7.0.7-40.1php7-ldap-debuginfo-7.0.7-40.1php7-sysvshm-debuginfo-7.0.7-40.1php7-xmlwriter-7.0.7-40.1php7-openssl-debuginfo-7.0.7-40.1php7-fileinfo-debuginfo-7.0.7-40.1php7-mcrypt-7.0.7-40.1php7-gettext-7.0.7-40.1php7-sysvsem-7.0.7-40.1php7-xmlrpc-debuginfo-7.0.7-40.1php7-mcrypt-debuginfo-7.0.7-40.1php7-soap-7.0.7-40.1php7-sockets-debuginfo-7.0.7-40.1php7-gd-debuginfo-7.0.7-40.1php7-soap-debuginfo-7.0.7-40.1
php7-shmop-debuginfo-7.0.7-40.1php7-xmlwriter-debuginfo-7.0.7-40.1php7-sqlite-7.0.7-40.1php7-pdo-7.0.7-40.1php7-fastcgi-7.0.7-40.1php7-xsl-debuginfo-7.0.7-40.1php7-tidy-debuginfo-7.0.7-40.1php7-bcmath-7.0.7-40.1php7-curl-debuginfo-7.0.7-40.1php7-zlib-debuginfo-7.0.7-40.1php7-dba-7.0.7-40.1php7-dba-debuginfo-7.0.7-40.1php7-phar-debuginfo-7.0.7-40.1php7-imap-7.0.7-40.1php7-pspell-7.0.7-40.1
146851 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1887-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-0732
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1887-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2018-July/004245.html
SuSE SLED 12 SP3x86_64libopenssl-devel-1.0.2j-60.30.1libopenssl1_0_0-debuginfo-1.0.2j-60.30.1openssl-1.0.2j-60.30.1openssl-debugsource-1.0.2j-60.30.1libopenssl1_0_0-32bit-1.0.2j-60.30.1openssl-debuginfo-1.0.2j-60.30.1libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1libopenssl1_0_0-1.0.2j-60.30.1
SuSE SLES 12 SP3noarchopenssl-doc-1.0.2j-60.30.1
x86_64openssl-1.0.2j-60.30.1libopenssl1_0_0-debuginfo-1.0.2j-60.30.1libopenssl-devel-1.0.2j-60.30.1libopenssl1_0_0-hmac-32bit-1.0.2j-60.30.1openssl-debuginfo-1.0.2j-60.30.1libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1openssl-debugsource-1.0.2j-60.30.1libopenssl1_0_0-hmac-1.0.2j-60.30.1libopenssl1_0_0-32bit-1.0.2j-60.30.1libopenssl1_0_0-1.0.2j-60.30.1
146852 - SuSE SLES 11 SP4 SUSE-SU-2018:1916-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-17833
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1916-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2018-July/004251.html
SuSE SLES 11 SP4i586openslp-1.2.0-172.27.3.1openslp-server-1.2.0-172.27.3.1
x86_64openslp-32bit-1.2.0-172.27.3.1openslp-1.2.0-172.27.3.1openslp-server-1.2.0-172.27.3.1
146853 - SuSE Linux 15.0, 42.3 openSUSE-SU-2018:1896-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-10857, CVE-2018-10859
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1896-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00003.html
SuSE Linux 15.0x86_64git-annex-bash-completion-6.20180626-lp150.2.5.1git-annex-6.20180626-lp150.2.5.1
SuSE Linux 42.3x86_64git-annex-bash-completion-6.20180626-8.1git-annex-6.20180626-8.1
146857 - SuSE Linux 15.0, 42.3 openSUSE-SU-2018:1905-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes
Risk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12372, CVE-2018-12373, CVE-2018-12374, CVE-2018-5188
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1905-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00010.html
SuSE Linux 15.0x86_64MozillaThunderbird-debuginfo-52.9.0-lp150.3.8.1MozillaThunderbird-translations-other-52.9.0-lp150.3.8.1MozillaThunderbird-52.9.0-lp150.3.8.1MozillaThunderbird-buildsymbols-52.9.0-lp150.3.8.1MozillaThunderbird-devel-52.9.0-lp150.3.8.1MozillaThunderbird-translations-common-52.9.0-lp150.3.8.1MozillaThunderbird-debugsource-52.9.0-lp150.3.8.1
SuSE Linux 42.3x86_64MozillaThunderbird-52.9.0-68.1MozillaThunderbird-debuginfo-52.9.0-68.1MozillaThunderbird-devel-52.9.0-68.1MozillaThunderbird-translations-common-52.9.0-68.1MozillaThunderbird-debugsource-52.9.0-68.1MozillaThunderbird-buildsymbols-52.9.0-68.1MozillaThunderbird-translations-other-52.9.0-68.1
146859 - SuSE Linux 42.3 openSUSE-SU-2018:1906-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-0732
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1906-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00011.html
SuSE Linux 42.3i586libopenssl1_0_0-1.0.2j-25.1libopenssl-devel-1.0.2j-25.1openssl-1.0.2j-25.1openssl-debuginfo-1.0.2j-25.1
openssl-cavs-1.0.2j-25.1openssl-cavs-debuginfo-1.0.2j-25.1openssl-debugsource-1.0.2j-25.1libopenssl1_0_0-hmac-1.0.2j-25.1libopenssl1_0_0-debuginfo-1.0.2j-25.1
noarchopenssl-doc-1.0.2j-25.1
x86_64libopenssl-devel-32bit-1.0.2j-25.1libopenssl1_0_0-hmac-32bit-1.0.2j-25.1openssl-cavs-1.0.2j-25.1libopenssl1_0_0-debuginfo-1.0.2j-25.1openssl-debuginfo-1.0.2j-25.1openssl-debugsource-1.0.2j-25.1libopenssl1_0_0-hmac-1.0.2j-25.1libopenssl-devel-1.0.2j-25.1libopenssl1_0_0-1.0.2j-25.1libopenssl1_0_0-debuginfo-32bit-1.0.2j-25.1openssl-cavs-debuginfo-1.0.2j-25.1openssl-1.0.2j-25.1libopenssl1_0_0-32bit-1.0.2j-25.1
163658 - Oracle Enterprise Linux ELSA-2018-4164 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2015-8575, CVE-2016-2384, CVE-2016-2543, CVE-2016-2544, CVE-2016-2545, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549, CVE-2017-1000410, CVE-2017-11600, CVE-2017-17741, CVE-2017-18203, CVE-2017-7616, CVE-2017-8824, CVE-2018-1000199, CVE-2018-10087, CVE-2018-10124, CVE-2018-10323, CVE-2018-1130, CVE-2018-3665, CVE-2018-5803, CVE-2018-8781
DescriptionThe scan detected that the host is missing the following update:ELSA-2018-4164
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2018-July/007873.htmlhttp://oss.oracle.com/pipermail/el-errata/2018-July/007872.html
OEL7x86_64kernel-uek-devel-3.8.13-118.22.1.el7uekkernel-uek-doc-3.8.13-118.22.1.el7uekkernel-uek-firmware-3.8.13-118.22.1.el7uekkernel-uek-debug-3.8.13-118.22.1.el7uekdtrace-modules-3.8.13-118.22.1.el7uek-0.4.5-3.el7kernel-uek-3.8.13-118.22.1.el7uekkernel-uek-debug-devel-3.8.13-118.22.1.el7uek
OEL6x86_64dtrace-modules-3.8.13-118.22.1.el6uek-0.4.5-3.el6kernel-uek-3.8.13-118.22.1.el6uek
kernel-uek-debug-3.8.13-118.22.1.el6uekkernel-uek-debug-devel-3.8.13-118.22.1.el6uekkernel-uek-devel-3.8.13-118.22.1.el6uekkernel-uek-firmware-3.8.13-118.22.1.el6uekkernel-uek-doc-3.8.13-118.22.1.el6uek
175418 - Scientific Linux Security ERRATA Important: kernel on SL6.x i386/x86_64 (1807-5892)
Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2018-10675, CVE-2018-10872, CVE-2018-3639, CVE-2018-3665, CVE-2018-8897
DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: kernel on SL6.x i386/x86_64 (1807-5892)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=5892
SL6i386perf-debuginfo-2.6.32-754.2.1.el6kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6
noarchkernel-doc-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-abi-whitelists-2.6.32-754.2.1.el6
x86_64kernel-devel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6perf-debuginfo-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6
186294 - Ubuntu Linux 14.04, 16.04, 17.10, 18.04 USN-3707-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185
DescriptionThe scan detected that the host is missing the following update:USN-3707-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004484.html
Ubuntu 16.04
ntp_4.2.8p4+dfsg-3ubuntu5.9
Ubuntu 14.04
ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.13
Ubuntu 18.04
ntp_4.2.8p10+dfsg-5ubuntu7.1
Ubuntu 17.10
ntp_4.2.8p10+dfsg-5ubuntu3.3
186300 - Ubuntu Linux 14.04, 16.04 USN-3708-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2017-17833, CVE-2018-12938
DescriptionThe scan detected that the host is missing the following update:USN-3708-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004486.html
Ubuntu 14.04
libslp1_1.2.1-9ubuntu0.3
Ubuntu 16.04
libslp1_1.2.1-11ubuntu0.16.04.1
196037 - Red Hat Enterprise Linux RHSA-2018-2164 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-10675, CVE-2018-10872, CVE-2018-3639, CVE-2018-3665, CVE-2018-8897
DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2164
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2018-July/msg00010.html
RHEL6Di386perf-debuginfo-2.6.32-754.2.1.el6kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6
noarchkernel-doc-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-abi-whitelists-2.6.32-754.2.1.el6
x86_64kernel-devel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6perf-debuginfo-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6
RHEL6Si386perf-debuginfo-2.6.32-754.2.1.el6kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6
python-perf-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6
noarchkernel-doc-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-abi-whitelists-2.6.32-754.2.1.el6
x86_64kernel-devel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6perf-debuginfo-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6
RHEL6WSi386perf-debuginfo-2.6.32-754.2.1.el6kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6
noarchkernel-doc-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-abi-whitelists-2.6.32-754.2.1.el6
x86_64perf-debuginfo-2.6.32-754.2.1.el6kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6
23797 - (CTX235748) Citrix XenServer Multiple Vulnerabilities
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: MediumCVE: CVE-2018-12891, CVE-2018-12893
DescriptionMultiple vulnerabilities are present in some versions of Citrix XenServer.
ObservationCitrix XenServer is a popular virtualization platform.
Multiple vulnerabilities are present in some versions of Citrix XenServer. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a denial of service.
23801 - Joomla Language Switcher Module XSS Vulnerability (20180602)
Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: MediumCVE: CVE-2018-12711
DescriptionA vulnerability is present in some versions of Joomla!.
ObservationJoomla! is an open source content management system.
A vulnerability is present in some versions of Joomla!. The flaw is in language switcher module. Successful exploitation could allow an attacker to remotely execute arbitrary code.
23852 - (VMSA-2018-0016) VMware Workstation Player Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-6965, CVE-2018-6966, CVE-2018-6967
DescriptionMultiple vulnerabilities are present in some versions of VMware Workstation Player.
ObservationVMware Workstation Player is a virtualization software.
Multiple vulnerabilities are present in some versions of VMware Workstation Player. The flaws lie in multiple components. Successful exploitation could allow a local attacker to obtain potentially sensitive information or cause a denial of service condition on the target system.
23853 - (VMSA-2018-0016) VMware Workstation Pro Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-6965, CVE-2018-6966, CVE-2018-6967
DescriptionA vulnerability is present in some versions of VMware Workstation Pro.
ObservationVMware Workstation Pro is a virtualization software.
Multiple vulnerabilities are present in some versions of VMware Workstation Pro. The flaws lie in the shader translator. Successful exploitation could allow an attacker to disclose private information or cause a denial of service condition.
146850 - SuSE Linux 15.0 openSUSE-SU-2018:1914-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2014-9636, CVE-2018-1000035
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1914-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00019.html
SuSE Linux 15.0x86_64unzip-debugsource-6.00-lp150.3.3.1unzip-rcc-debugsource-6.00-lp150.3.3.1unzip-rcc-6.00-lp150.3.3.1unzip-rcc-debuginfo-6.00-lp150.3.3.1unzip-6.00-lp150.3.3.1unzip-doc-6.00-lp150.3.3.1unzip-debuginfo-6.00-lp150.3.3.1
i586unzip-doc-6.00-lp150.3.3.1unzip-debugsource-6.00-lp150.3.3.1unzip-6.00-lp150.3.3.1unzip-debuginfo-6.00-lp150.3.3.1
146854 - SuSE Linux 15.0 openSUSE-SU-2018:1909-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10194
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1909-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00014.html
SuSE Linux 15.0x86_64ghostscript-debuginfo-9.23-lp150.2.3.1ghostscript-mini-debuginfo-9.23-lp150.2.3.1ghostscript-mini-9.23-lp150.2.3.1ghostscript-mini-debugsource-9.23-lp150.2.3.1ghostscript-devel-9.23-lp150.2.3.1ghostscript-x11-debuginfo-9.23-lp150.2.3.1ghostscript-9.23-lp150.2.3.1ghostscript-debugsource-9.23-lp150.2.3.1ghostscript-mini-devel-9.23-lp150.2.3.1ghostscript-x11-9.23-lp150.2.3.1
i586ghostscript-debuginfo-9.23-lp150.2.3.1ghostscript-mini-debuginfo-9.23-lp150.2.3.1ghostscript-mini-9.23-lp150.2.3.1ghostscript-mini-debugsource-9.23-lp150.2.3.1ghostscript-devel-9.23-lp150.2.3.1ghostscript-x11-debuginfo-9.23-lp150.2.3.1ghostscript-9.23-lp150.2.3.1ghostscript-debugsource-9.23-lp150.2.3.1ghostscript-mini-devel-9.23-lp150.2.3.1ghostscript-x11-9.23-lp150.2.3.1
146856 - SuSE Linux 42.3 openSUSE-SU-2018:1900-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1115
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1900-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00007.html
SuSE Linux 42.3i586postgresql95-contrib-9.5.13-2.9.1postgresql95-server-debuginfo-9.5.13-2.9.1postgresql95-debuginfo-9.5.13-2.9.1postgresql95-plpython-debuginfo-9.5.13-2.9.1postgresql95-pltcl-9.5.13-2.9.1postgresql95-server-9.5.13-2.9.1postgresql95-9.5.13-2.9.1postgresql95-plperl-debuginfo-9.5.13-2.9.1postgresql95-plpython-9.5.13-2.9.1postgresql95-devel-debuginfo-9.5.13-2.9.1postgresql95-test-9.5.13-2.9.1postgresql95-libs-debugsource-9.5.13-2.9.1postgresql95-debugsource-9.5.13-2.9.1
postgresql95-plperl-9.5.13-2.9.1postgresql95-contrib-debuginfo-9.5.13-2.9.1postgresql95-pltcl-debuginfo-9.5.13-2.9.1postgresql95-devel-9.5.13-2.9.1
noarchpostgresql95-docs-9.5.13-2.9.1
x86_64postgresql95-contrib-9.5.13-2.9.1postgresql95-server-debuginfo-9.5.13-2.9.1postgresql95-debuginfo-9.5.13-2.9.1postgresql95-plpython-debuginfo-9.5.13-2.9.1postgresql95-pltcl-9.5.13-2.9.1postgresql95-server-9.5.13-2.9.1postgresql95-9.5.13-2.9.1postgresql95-plperl-debuginfo-9.5.13-2.9.1postgresql95-plpython-9.5.13-2.9.1postgresql95-devel-debuginfo-9.5.13-2.9.1postgresql95-test-9.5.13-2.9.1postgresql95-libs-debugsource-9.5.13-2.9.1postgresql95-debugsource-9.5.13-2.9.1postgresql95-plperl-9.5.13-2.9.1postgresql95-contrib-debuginfo-9.5.13-2.9.1postgresql95-pltcl-debuginfo-9.5.13-2.9.1postgresql95-devel-9.5.13-2.9.1
186298 - Ubuntu Linux 14.04, 16.04, 17.10, 18.04 USN-3706-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2014-9092, CVE-2016-3616, CVE-2017-15232, CVE-2018-11212, CVE-2018-11213, CVE-2018-11214, CVE-2018-1152
DescriptionThe scan detected that the host is missing the following update:USN-3706-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004485.html
Ubuntu 16.04
libjpeg-turbo8_1.4.2-0ubuntu3.1
Ubuntu 14.04
libjpeg-turbo8_1.3.0-0ubuntu2.1
Ubuntu 18.04
libjpeg-turbo8_1.5.2-0ubuntu5.18.04.1
Ubuntu 17.10
libjpeg-turbo8_1.5.2-0ubuntu5.17.10.1
193900 - Fedora Linux 28 FEDORA-2018-b10e54263a Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-11235
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-b10e54263a
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 28
libgit2-0.26.4-1.fc28
193910 - Fedora Linux 27 FEDORA-2018-94eb743dad Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-11235
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-94eb743dad
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 27
libgit2-0.26.4-1.fc27
196036 - Red Hat Enterprise Linux RHSA-2018-2147 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-11233, CVE-2018-11235
DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2147
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2018-July/msg00002.html
RHEL7Sx86_64rh-git29-git-core-2.9.3-4.el7rh-git29-git-core-doc-2.9.3-4.el7rh-git29-git-daemon-2.9.3-4.el7rh-git29-git-2.9.3-4.el7rh-git29-git-svn-2.9.3-4.el7rh-git29-git-debuginfo-2.9.3-4.el7
noarchrh-git29-git-p4-2.9.3-4.el7rh-git29-git-all-2.9.3-4.el7rh-git29-git-cvs-2.9.3-4.el7rh-git29-git-gui-2.9.3-4.el7rh-git29-git-email-2.9.3-4.el7rh-git29-perl-Git-SVN-2.9.3-4.el7rh-git29-gitk-2.9.3-4.el7rh-git29-perl-Git-2.9.3-4.el7rh-git29-gitweb-2.9.3-4.el7
RHEL6Sx86_64rh-git29-git-core-2.9.3-4.el6rh-git29-git-svn-2.9.3-4.el6rh-git29-git-2.9.3-4.el6rh-git29-git-core-doc-2.9.3-4.el6rh-git29-git-daemon-2.9.3-4.el6rh-git29-git-debuginfo-2.9.3-4.el6
noarchrh-git29-git-cvs-2.9.3-4.el6rh-git29-emacs-git-el-2.9.3-4.el6rh-git29-git-all-2.9.3-4.el6rh-git29-emacs-git-2.9.3-4.el6rh-git29-git-gui-2.9.3-4.el6rh-git29-perl-Git-SVN-2.9.3-4.el6rh-git29-gitk-2.9.3-4.el6rh-git29-git-email-2.9.3-4.el6rh-git29-gitweb-2.9.3-4.el6rh-git29-perl-Git-2.9.3-4.el6rh-git29-git-p4-2.9.3-4.el6
RHEL6WSx86_64rh-git29-git-core-2.9.3-4.el6rh-git29-git-svn-2.9.3-4.el6rh-git29-git-2.9.3-4.el6rh-git29-git-core-doc-2.9.3-4.el6rh-git29-git-daemon-2.9.3-4.el6rh-git29-git-debuginfo-2.9.3-4.el6
noarchrh-git29-git-cvs-2.9.3-4.el6rh-git29-emacs-git-el-2.9.3-4.el6rh-git29-git-all-2.9.3-4.el6rh-git29-emacs-git-2.9.3-4.el6rh-git29-git-gui-2.9.3-4.el6rh-git29-perl-Git-SVN-2.9.3-4.el6
rh-git29-gitk-2.9.3-4.el6rh-git29-git-email-2.9.3-4.el6rh-git29-gitweb-2.9.3-4.el6rh-git29-perl-Git-2.9.3-4.el6rh-git29-git-p4-2.9.3-4.el6
RHEL6_7Sx86_64rh-git29-git-core-2.9.3-4.el6rh-git29-git-svn-2.9.3-4.el6rh-git29-git-2.9.3-4.el6rh-git29-git-core-doc-2.9.3-4.el6rh-git29-git-daemon-2.9.3-4.el6rh-git29-git-debuginfo-2.9.3-4.el6
noarchrh-git29-git-cvs-2.9.3-4.el6rh-git29-emacs-git-el-2.9.3-4.el6rh-git29-git-all-2.9.3-4.el6rh-git29-emacs-git-2.9.3-4.el6rh-git29-git-gui-2.9.3-4.el6rh-git29-perl-Git-SVN-2.9.3-4.el6rh-git29-gitk-2.9.3-4.el6rh-git29-git-email-2.9.3-4.el6rh-git29-gitweb-2.9.3-4.el6rh-git29-perl-Git-2.9.3-4.el6rh-git29-git-p4-2.9.3-4.el6
RHEL7_3Sx86_64rh-git29-git-core-2.9.3-4.el7rh-git29-git-core-doc-2.9.3-4.el7rh-git29-git-daemon-2.9.3-4.el7rh-git29-git-2.9.3-4.el7rh-git29-git-svn-2.9.3-4.el7rh-git29-git-debuginfo-2.9.3-4.el7
noarchrh-git29-git-p4-2.9.3-4.el7rh-git29-git-all-2.9.3-4.el7rh-git29-git-cvs-2.9.3-4.el7rh-git29-git-gui-2.9.3-4.el7rh-git29-git-email-2.9.3-4.el7rh-git29-perl-Git-SVN-2.9.3-4.el7rh-git29-gitk-2.9.3-4.el7rh-git29-perl-Git-2.9.3-4.el7rh-git29-gitweb-2.9.3-4.el7
RHEL7WSx86_64rh-git29-git-core-2.9.3-4.el7rh-git29-git-core-doc-2.9.3-4.el7rh-git29-git-daemon-2.9.3-4.el7rh-git29-git-2.9.3-4.el7rh-git29-git-svn-2.9.3-4.el7rh-git29-git-debuginfo-2.9.3-4.el7
noarchrh-git29-git-p4-2.9.3-4.el7rh-git29-git-all-2.9.3-4.el7
rh-git29-git-cvs-2.9.3-4.el7rh-git29-git-gui-2.9.3-4.el7rh-git29-git-email-2.9.3-4.el7rh-git29-perl-Git-SVN-2.9.3-4.el7rh-git29-gitk-2.9.3-4.el7rh-git29-perl-Git-2.9.3-4.el7rh-git29-gitweb-2.9.3-4.el7
23843 - IBM WebSphere Application Server Information Disclosure Vulnerability (swg22016887)
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-1614
DescriptionAn information disclosure vulnerability is present in some versions of IBM WebSphere Application Server.
ObservationIBM WebSphere Application Server is a server engine for Java EE Web applications.
An information disclosure vulnerability is present in some versions of IBM WebSphere Application Server. The flaw lies in how the software handles SAML responses from the SAML identity provider. Successful exploitation could allow an attacker to obtain sensitive information.
146846 - SuSE Linux 15.0 openSUSE-SU-2018:1895-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-9814
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1895-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00002.html
SuSE Linux 15.0x86_64libcairo-gobject2-32bit-1.15.10-lp150.3.3.1libcairo2-1.15.10-lp150.3.3.1libcairo2-32bit-1.15.10-lp150.3.3.1cairo-devel-32bit-1.15.10-lp150.3.3.1cairo-devel-1.15.10-lp150.3.3.1libcairo-script-interpreter2-32bit-debuginfo-1.15.10-lp150.3.3.1libcairo2-debuginfo-1.15.10-lp150.3.3.1libcairo-gobject2-32bit-debuginfo-1.15.10-lp150.3.3.1libcairo-gobject2-debuginfo-1.15.10-lp150.3.3.1libcairo-gobject2-1.15.10-lp150.3.3.1libcairo-script-interpreter2-32bit-1.15.10-lp150.3.3.1cairo-tools-1.15.10-lp150.3.3.1cairo-debugsource-1.15.10-lp150.3.3.1
libcairo2-32bit-debuginfo-1.15.10-lp150.3.3.1libcairo-script-interpreter2-1.15.10-lp150.3.3.1libcairo-script-interpreter2-debuginfo-1.15.10-lp150.3.3.1cairo-tools-debuginfo-1.15.10-lp150.3.3.1
i586libcairo2-debuginfo-1.15.10-lp150.3.3.1libcairo-gobject2-1.15.10-lp150.3.3.1libcairo2-1.15.10-lp150.3.3.1libcairo-script-interpreter2-debuginfo-1.15.10-lp150.3.3.1cairo-devel-1.15.10-lp150.3.3.1libcairo-script-interpreter2-1.15.10-lp150.3.3.1cairo-tools-1.15.10-lp150.3.3.1cairo-debugsource-1.15.10-lp150.3.3.1cairo-tools-debuginfo-1.15.10-lp150.3.3.1libcairo-gobject2-debuginfo-1.15.10-lp150.3.3.1
146855 - SuSE Linux 42.3 openSUSE-SU-2018:1908-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-17042
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1908-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00013.html
SuSE Linux 42.3x86_64ruby2.4-rubygem-yard-0.8.7.3-8.3.1ruby2.4-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.3-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.1-rubygem-yard-0.8.7.3-8.3.1ruby2.2-rubygem-yard-0.8.7.3-8.3.1ruby2.2-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.1-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.2-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.3-rubygem-yard-0.8.7.3-8.3.1ruby2.3-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.1-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.4-rubygem-yard-testsuite-0.8.7.3-8.3.1
i586ruby2.4-rubygem-yard-0.8.7.3-8.3.1ruby2.4-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.3-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.1-rubygem-yard-0.8.7.3-8.3.1ruby2.2-rubygem-yard-0.8.7.3-8.3.1ruby2.2-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.1-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.2-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.3-rubygem-yard-0.8.7.3-8.3.1
ruby2.3-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.1-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.4-rubygem-yard-testsuite-0.8.7.3-8.3.1
182726 - FreeBSD clamav Multiple Vulnerabilities (d1e9d8c5-839b-11e8-9610-9c5c8e75236a)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2017-16932, CVE-2018-0360, CVE-2018-0361
DescriptionThe scan detected that the host is missing the following update:clamav -- multiple vulnerabilities (d1e9d8c5-839b-11e8-9610-9c5c8e75236a)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/d1e9d8c5-839b-11e8-9610-9c5c8e75236a.html
Affected packages: clamav < 0.100.1
182727 - FreeBSD expat Multiple Vulnerabilities (e375ff3f-7fec-11e8-8088-28d244aee256)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2016-9063, CVE-2017-9233
DescriptionThe scan detected that the host is missing the following update:expat -- multiple vulnerabilities (e375ff3f-7fec-11e8-8088-28d244aee256)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/e375ff3f-7fec-11e8-8088-28d244aee256.html
Affected packages: expat < 2.2.1libwww < 5.4.2linux-c6-expat <= 2.0.1_5linux-c7-expat <= 2.1.0_2
193907 - Fedora Linux 27 FEDORA-2018-9f02e5ed7b Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2017-15038, CVE-2017-15268, CVE-2017-5715, CVE-2018-3639
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-9f02e5ed7b
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 27
qemu-2.10.1-4.fc27
23782 - (K08044291) F5 BIG-IP OpenSSL Vulnerability
Category: SSH Module -> NonIntrusive -> F5Risk Level: MediumCVE: CVE-2018-0739
DescriptionA vulnerability is present in some versions of F5's BIG-IP products.
ObservationF5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System.
A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in OpenSSL command line utility component. Successful exploitation could allow an attacker to cause a denial-of-service condition.
146847 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1902-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2016-10040
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1902-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2018-July/004250.html
SuSE SLED 12 SP3x86_64libqt4-sql-4.8.7-8.6.1libqt4-sql-mysql-debuginfo-4.8.7-8.6.1libqt4-x11-debuginfo-4.8.7-8.6.1libqt4-sql-postgresql-32bit-4.8.7-8.6.1libqt4-sql-sqlite-32bit-4.8.7-8.6.1libqt4-sql-mysql-32bit-4.8.7-8.6.1libqt4-4.8.7-8.6.1qt4-qtscript-0.2.0-11.2.4libqca2-debuginfo-2.0.3-17.2.1libqt4-sql-unixODBC-debuginfo-4.8.7-8.6.1libqt4-sql-mysql-4.8.7-8.6.1libqt4-sql-32bit-4.8.7-8.6.1
libqt4-sql-debuginfo-4.8.7-8.6.1libQtWebKit4-4.8.7+2.3.4-4.5.1libqca2-32bit-2.0.3-17.2.1libqt4-debuginfo-32bit-4.8.7-8.6.1libqca2-debuginfo-32bit-2.0.3-17.2.1libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.6.1libqt4-sql-postgresql-debuginfo-4.8.7-8.6.1libqt4-x11-debuginfo-32bit-4.8.7-8.6.1libQtWebKit4-32bit-4.8.7+2.3.4-4.5.1libqca2-debugsource-2.0.3-17.2.1libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.6.1libQtWebKit4-debugsource-4.8.7+2.3.4-4.5.1libqt4-sql-plugins-debugsource-4.8.7-8.6.1libqt4-x11-4.8.7-8.6.1qt4-qtscript-debuginfo-0.2.0-11.2.4libqt4-sql-unixODBC-32bit-4.8.7-8.6.1libqt4-sql-sqlite-debuginfo-32bit-4.8.7-8.6.1libqt4-qt3support-32bit-4.8.7-8.6.1libqt4-sql-sqlite-debuginfo-4.8.7-8.6.1libQtWebKit4-debuginfo-32bit-4.8.7+2.3.4-4.5.1libqt4-sql-sqlite-4.8.7-8.6.1qt4-qtscript-debugsource-0.2.0-11.2.4libQtWebKit4-debuginfo-4.8.7+2.3.4-4.5.1libqt4-qt3support-debuginfo-4.8.7-8.6.1libqt4-qt3support-4.8.7-8.6.1libqt4-32bit-4.8.7-8.6.1libqt4-sql-mysql-debuginfo-32bit-4.8.7-8.6.1libqt4-sql-unixODBC-4.8.7-8.6.1libqt4-qt3support-debuginfo-32bit-4.8.7-8.6.1libqt4-debuginfo-4.8.7-8.6.1libqt4-sql-postgresql-4.8.7-8.6.1libqt4-sql-debuginfo-32bit-4.8.7-8.6.1libqt4-debugsource-4.8.7-8.6.1libqt4-x11-32bit-4.8.7-8.6.1libqca2-2.0.3-17.2.1
SuSE SLES 12 SP3x86_64libqt4-sql-4.8.7-8.6.1libqt4-x11-debuginfo-4.8.7-8.6.1libqt4-4.8.7-8.6.1qt4-x11-tools-debuginfo-4.8.7-8.6.4qt4-x11-tools-4.8.7-8.6.4libqt4-sql-debuginfo-32bit-4.8.7-8.6.1libqt4-debuginfo-4.8.7-8.6.1libqca2-debuginfo-2.0.3-17.2.1libqt4-qt3support-debuginfo-32bit-4.8.7-8.6.1libqt4-sql-mysql-4.8.7-8.6.1libqt4-sql-32bit-4.8.7-8.6.1libqt4-sql-debuginfo-4.8.7-8.6.1libqt4-devel-doc-debuginfo-4.8.7-8.6.4libqt4-sql-sqlite-debuginfo-4.8.7-8.6.1libqca2-32bit-2.0.3-17.2.1libqca2-debuginfo-32bit-2.0.3-17.2.1libqt4-qt3support-32bit-4.8.7-8.6.1libqt4-x11-debuginfo-32bit-4.8.7-8.6.1libQtWebKit4-32bit-4.8.7+2.3.4-4.5.1libqca2-debugsource-2.0.3-17.2.1libQtWebKit4-debugsource-4.8.7+2.3.4-4.5.1libqt4-sql-plugins-debugsource-4.8.7-8.6.1
libqt4-x11-4.8.7-8.6.1libqt4-sql-mysql-debuginfo-4.8.7-8.6.1libqt4-debugsource-4.8.7-8.6.1libQtWebKit4-debuginfo-32bit-4.8.7+2.3.4-4.5.1libqt4-sql-sqlite-4.8.7-8.6.1libQtWebKit4-debuginfo-4.8.7+2.3.4-4.5.1libqt4-qt3support-debuginfo-4.8.7-8.6.1libQtWebKit4-4.8.7+2.3.4-4.5.1libqt4-32bit-4.8.7-8.6.1libqt4-debuginfo-32bit-4.8.7-8.6.1libqt4-qt3support-4.8.7-8.6.1libqt4-devel-doc-debugsource-4.8.7-8.6.4libqt4-x11-32bit-4.8.7-8.6.1libqca2-2.0.3-17.2.1
146849 - SuSE Linux 15.0 openSUSE-SU-2018:1912-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-9336
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1912-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00017.html
SuSE Linux 15.0x86_64openvpn-auth-pam-plugin-debuginfo-2.4.3-lp150.3.3.1openvpn-down-root-plugin-2.4.3-lp150.3.3.1openvpn-debugsource-2.4.3-lp150.3.3.1openvpn-2.4.3-lp150.3.3.1openvpn-devel-2.4.3-lp150.3.3.1openvpn-down-root-plugin-debuginfo-2.4.3-lp150.3.3.1openvpn-auth-pam-plugin-2.4.3-lp150.3.3.1openvpn-debuginfo-2.4.3-lp150.3.3.1
146858 - SuSE Linux 15.0, 42.3 openSUSE-SU-2018:1904-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-3639, CVE-2018-3640
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1904-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.opensuse.org/opensuse-updates/2018-07/msg00009.html
SuSE Linux 15.0x86_64ucode-intel-20180703-lp150.2.4.1
SuSE Linux 42.3x86_64ucode-intel-20180703-25.1ucode-intel-debuginfo-20180703-25.1ucode-intel-blob-20180703-25.1ucode-intel-debugsource-20180703-25.1
i586ucode-intel-20180703-25.1ucode-intel-debuginfo-20180703-25.1ucode-intel-blob-20180703-25.1ucode-intel-debugsource-20180703-25.1
175420 - Scientific Linux Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64 (1807-6284)
Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: MediumCVE: CVE-2017-13672, CVE-2018-3639, CVE-2018-5683, CVE-2018-7858
DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64 (1807-6284)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=6284
SL6x86_64qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1
i386qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-guest-agent-0.12.1.2-2.506.el6_10.1
182728 - FreeBSD Zziplib - Multiple Vulnerabilities (7764b219-8148-11e8-aa4d-000e0cd7b374)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5977, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981, CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6542, CVE-2018-6869, CVE-2018-7725,CVE-2018-7726, CVE-2018-7727
Description
The scan detected that the host is missing the following update:zziplib - multiple vulnerabilities (7764b219-8148-11e8-aa4d-000e0cd7b374)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/7764b219-8148-11e8-aa4d-000e0cd7b374.html
Affected packages: zziplib < 0.13.68
186302 - Ubuntu Linux 14.04 USN-3690-2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2017-5715
DescriptionThe scan detected that the host is missing the following update:USN-3690-2
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004482.html
Ubuntu 14.04
amd64-microcode_3.20180524.1~ubuntu0.14.04.2+really20130710.1
196038 - Red Hat Enterprise Linux RHSA-2018-2161 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-3639
DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2161
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2018-July/msg00008.html
RHEL7_3Snoarchkernel-doc-3.10.0-514.53.1.el7kernel-abi-whitelists-3.10.0-514.53.1.el7
x86_64kernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7
python-perf-debuginfo-3.10.0-514.53.1.el7python-perf-3.10.0-514.53.1.el7kernel-devel-3.10.0-514.53.1.el7kernel-tools-libs-devel-3.10.0-514.53.1.el7kernel-tools-3.10.0-514.53.1.el7kernel-tools-libs-3.10.0-514.53.1.el7perf-debuginfo-3.10.0-514.53.1.el7kernel-headers-3.10.0-514.53.1.el7kernel-debug-debuginfo-3.10.0-514.53.1.el7kernel-tools-debuginfo-3.10.0-514.53.1.el7kernel-3.10.0-514.53.1.el7kernel-debug-3.10.0-514.53.1.el7kernel-debuginfo-3.10.0-514.53.1.el7perf-3.10.0-514.53.1.el7kernel-debug-devel-3.10.0-514.53.1.el7
196039 - Red Hat Enterprise Linux RHSA-2018-2162 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-13672, CVE-2018-3639, CVE-2018-5683, CVE-2018-7858
DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2162
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2018-July/msg00009.html
RHEL6Dx86_64qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1
i386qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-guest-agent-0.12.1.2-2.506.el6_10.1
RHEL6Si386qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-guest-agent-0.12.1.2-2.506.el6_10.1
x86_64qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1
RHEL6WSx86_64
qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1
i386qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-guest-agent-0.12.1.2-2.506.el6_10.1
88955 - Slackware Linux 14.2 SSA:2018-186-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:SSA:2018-186-01
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.363131
Slackware 14.2x86_64mozilla-thunderbird-52.9.0-x86_64-1
i586mozilla-thunderbird-52.9.0-i586-1
88956 - Slackware Linux 14.2 SSA:2018-191-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:SSA:2018-191-01
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.365702
Slackware 14.2x86_64mozilla-thunderbird-52.9.1-x86_64-1
i586mozilla-thunderbird-52.9.1-i586-1
131145 - Debian Linux 9.0 DSA-4242-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-3760
DescriptionThe scan detected that the host is missing the following update:DSA-4242-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2018/dsa-4242
Debian 9.0allruby-sprockets_3.7.0-1+deb9u1
131147 - Debian Linux 9.0 DSA-4241-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-12910
DescriptionThe scan detected that the host is missing the following update:DSA-4241-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2018/dsa-4241
Debian 9.0allgir1.2-soup-2.4_2.56.0-2+deb9u2libsoup2.4-dev_2.56.0-2+deb9u2libsoup-gnome2.4-dev_2.56.0-2+deb9u2libsoup2.4-1_2.56.0-2+deb9u2libsoup2.4-doc_2.56.0-2+deb9u2libsoup-gnome2.4-1_2.56.0-2+deb9u2
131149 - Debian Linux 9.0 DSA-4239-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-1000528
DescriptionThe scan detected that the host is missing the following update:DSA-4239-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2018/dsa-4239
Debian 9.0allgosa_gosa
182724 - FreeBSD wordpress Multiple Issues (4740174c-82bb-11e8-a29a-00e04c1ea73d)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:wordpress -- multiple issues (4740174c-82bb-11e8-a29a-00e04c1ea73d)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/4740174c-82bb-11e8-a29a-00e04c1ea73d.html
Affected packages: wordpress < 4.9.7,1fr-wordpress < 4.9.7,1de-wordpress < 4.9.7zh_CN-wordpress < 4.9.7zh_TW-wordpress < 4.9.7ja-wordpress < 4.9.7ru-wordpress < 4.9.7
182725 - FreeBSD mybb Vulnerabilities (bfd5d004-81d4-11e8-a29a-00e04c1ea73d)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:mybb -- vulnerabilities (bfd5d004-81d4-11e8-a29a-00e04c1ea73d)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/bfd5d004-81d4-11e8-a29a-00e04c1ea73d.html
Affected packages: mybb < 1.8.16
186292 - Ubuntu Linux 18.04 USN-3702-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-12882
DescriptionThe scan detected that the host is missing the following update:USN-3702-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004475.html
Ubuntu 18.04
libapache2-mod-php7.2_7.2.7-0ubuntu0.18.04.1php7.2-cli_7.2.7-0ubuntu0.18.04.1php7.2-cgi_7.2.7-0ubuntu0.18.04.1php7.2-fpm_7.2.7-0ubuntu0.18.04.1
186295 - Ubuntu Linux 18.04 USN-3702-2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-12882
DescriptionThe scan detected that the host is missing the following update:USN-3702-2
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004479.html
Ubuntu 18.04
php7.2-cgi_7.2.7-0ubuntu0.18.04.2php7.2-cli_7.2.7-0ubuntu0.18.04.2php7.2-fpm_7.2.7-0ubuntu0.18.04.2libapache2-mod-php7.2_7.2.7-0ubuntu0.18.04.2
186299 - Ubuntu Linux 14.04, 16.04, 17.10, 18.04 USN-3705-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188
Description
The scan detected that the host is missing the following update:USN-3705-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004481.html
Ubuntu 16.04
firefox_61.0+build3-0ubuntu0.16.04.2
Ubuntu 14.04
firefox_61.0+build3-0ubuntu0.14.04.2
Ubuntu 18.04
firefox_61.0+build3-0ubuntu0.18.04.1
Ubuntu 17.10
firefox_61.0+build3-0ubuntu0.17.10.1
186301 - Ubuntu Linux 14.04, 16.04, 17.10, 18.04 USN-3705-2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188
DescriptionThe scan detected that the host is missing the following update:USN-3705-2
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004489.html
Ubuntu 16.04
firefox_61.0.1+build1-0ubuntu0.16.04.1
Ubuntu 14.04
firefox_61.0.1+build1-0ubuntu0.14.04.1
Ubuntu 18.04
firefox_61.0.1+build1-0ubuntu0.18.04.1
Ubuntu 17.10
firefox_61.0.1+build1-0ubuntu0.17.10.1
193899 - Fedora Linux 27 FEDORA-2018-4943b0505b Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-10886
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-4943b0505b
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 27
ant-1.10.1-10.fc27
193901 - Fedora Linux 28 FEDORA-2018-8da2d73634 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-8da2d73634
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1
Fedora Core 28
transifex-client-0.13.4-1.fc28
193902 - Fedora Linux 27 FEDORA-2018-c8ddc44bbb Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2017-16652, CVE-2018-11385, CVE-2018-11386, CVE-2018-11406, CVE-2018-11407, CVE-2018-11408
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-c8ddc44bbb
Observation
Updates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1
Fedora Core 27
php-symfony3-3.3.17-1.fc27
193903 - Fedora Linux 27 FEDORA-2018-c3838931e1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-12910
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-c3838931e1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 27
libsoup-2.60.3-2.fc27
193904 - Fedora Linux 27 FEDORA-2018-2bdfc9dc67 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2017-16652, CVE-2018-11385, CVE-2018-11386, CVE-2018-11406, CVE-2018-11407, CVE-2018-11408
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-2bdfc9dc67
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1
Fedora Core 27
php-symfony-2.8.42-1.fc27
193905 - Fedora Linux 27 FEDORA-2018-69780fc4d7 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-12020
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-69780fc4d7
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2
Fedora Core 27
gnupg-1.4.23-1.fc27
193906 - Fedora Linux 28 FEDORA-2018-c785c43a8f Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-13054
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-c785c43a8f
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1
Fedora Core 28
cinnamon-3.8.7-1.fc28
193908 - Fedora Linux 28 FEDORA-2018-d1f6c8957f Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-12559, CVE-2018-12560, CVE-2018-12561, CVE-2018-12562
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-d1f6c8957f
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1
Fedora Core 28
cantata-2.3.1-1.fc28
193909 - Fedora Linux 27 FEDORA-2018-9296823b6c Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-12559, CVE-2018-12560, CVE-2018-12561, CVE-2018-12562
DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-9296823b6c
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=1
Fedora Core 27
cantata-2.3.1-1.fc27
23772 - (CTX235745) Citrix XenServer Speculative Register Leakage Vulnerability
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: LowCVE: CVE-2018-3665
DescriptionA vulnerability is present in some versions of Citrix XenServer.
ObservationCitrix XenServer is a popular virtualization platform.
A vulnerability is present in some versions of Citrix XenServer. The flaw is due to certain feature in Intel Core Microprocessors. Successful exploitation could allow an attacker to obtain sensitive information.
23786 - Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability (cisco-sa-20180620-nx-os-cli-injection)
Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: InformationalCVE: CVE-2018-0307
DescriptionA vulnerability is present in some versions of Cisco NX-OS.
ObservationCisco NX-OS is a network operating system.
A vulnerability is present in some versions of Cisco NX-OS. The flaw is due to insufficient input validation of command arguments for CLI. Successful exploitation could allow an attacker to locally execute arbitrary code on the target system.
23871 - Microsoft Office 2016 Click-To-Run Jul 2018 Updates
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)
Risk Level: InformationalCVE: CVE-2018-8281, CVE-2018-8310, CVE-2018-8312
DescriptionMultiple issues are present in some versions of Microsoft Office 2016 Click-to-Run.
ObservationMicrosoft Office 2016 Click-to-Run is an alternative to the Windows Installer-based (MSI) installation method of the popular office suite.
Multiple issues are present in some versions of Microsoft Office 2016 Click-to-Run. The flaws are present in multiple components. Such defects could lead the product to software vulnerabilities, malfunction or unexpected behavior in some of its affected components.
ENHANCED CHECKS
The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on avulnerability and anything else that improves upon an existing FSL check.
33218 - Oracle Solaris 119214-36 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2009-0689, CVE-2009-2404, CVE-2009-3555, CVE-2010-3170, CVE-2011-3389, CVE-2013-1620, CVE-2013-1739, CVE-2013-1740, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492
Update DetailsName is updated Description is updated Observation is updated Recommendation is updated FASLScript is updated
182014 - FreeBSD tiff Buffer Overflow (0ab66088-4aa5-11e6-a7bd-14dae9d210b8)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2016-5314, CVE-2016-5875
Update DetailsCVE is updated
182718 - FreeBSD mozilla Multiple Vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188
Update DetailsFASLScript is updated
HOW TO UPDATE
FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we stronglyurge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any
critical updates but will wait for your explicit authorization before installing.
FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting"FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerabilityscripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability categoryand checking the "Run New Checks" checkbox.
MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts willbe automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.
MCAFEE TECHNICAL SUPPORT
ServicePortal: https://mysupport.mcafee.comMulti-National Phone Support available here:
http://www.mcafee.com/us/about/contact/index.htmlNon-US customers - Select your country from the list of Worldwide Offices.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution byothers is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.
Copyright 2018 McAfee, Inc.McAfee is a registered trademark of McAfee, Inc. and/or its affiliates