2018-JUL-1 FSL version 7.6 - McAfee · 175417 - Scientific Linux Security ERRATA Critical: firefox on SL6.x i386/x86_64 (1807-3912) Category: SSH Module -> NonIntrusive -> Scientific

2018-JUL-12 FSL version 7.6.36

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is adetailed summary of the new and updated checks included with this release.

NEW CHECKS

163659 - Oracle Enterprise Linux ELSA-2018-4161 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2017-11600, CVE-2017-18017, CVE-2017-7616, CVE-2017-8824, CVE-2018-10087, CVE-2018-10124, CVE-2018-1130,CVE-2018-5803

DescriptionThe scan detected that the host is missing the following update:ELSA-2018-4161

ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

http://oss.oracle.com/pipermail/el-errata/2018-July/007869.htmlhttp://oss.oracle.com/pipermail/el-errata/2018-July/007870.html

OEL7x86_64kernel-uek-4.1.12-124.17.1.el7uekkernel-uek-debug-devel-4.1.12-124.17.1.el7uekkernel-uek-debug-4.1.12-124.17.1.el7uekkernel-uek-devel-4.1.12-124.17.1.el7uekkernel-uek-doc-4.1.12-124.17.1.el7uekkernel-uek-firmware-4.1.12-124.17.1.el7uek

OEL6x86_64kernel-uek-debug-4.1.12-124.17.1.el6uekkernel-uek-devel-4.1.12-124.17.1.el6uekkernel-uek-debug-devel-4.1.12-124.17.1.el6uekkernel-uek-4.1.12-124.17.1.el6uekkernel-uek-doc-4.1.12-124.17.1.el6uekkernel-uek-firmware-4.1.12-124.17.1.el6uek

23860 - (HPESBHF03844) HPE Integrated Lights-Out Remote or Local Code Execution Vulnerability

Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: HighCVE: CVE-2018-7078

DescriptionA vulnerability is present in some versions of HPE Integrated Lights-Out.

ObservationHPE Integrated Lights-Out is a Hewlett-Packard proprietary embedded server management technology.

A vulnerability is present in some versions of HPE Integrated Lights-Out. The flaw lies in an unknown component. Successful exploitation could allow an administrative user to execute arbitrary code locally or remotely.

23872 - (MSPT-Jul2018) Microsoft Office Handle Objects in Memory Remote Code Execution (CVE-2018-8281)

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-8281

DescriptionA vulnerability in some versions of Microsoft Office software could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft Office software could lead to remote code execution.

The flaw is due to improper handling of objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

175417 - Scientific Linux Security ERRATA Critical: firefox on SL6.x i386/x86_64 (1807-3912)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Critical: firefox on SL6.x i386/x86_64 (1807-3912)


https://listserv.fnal.gov/scripts/wa.exe?A2=ind1807&L=scientific-linux-errata&F=&S=&P=3912

SL6x86_64firefox-debuginfo-60.1.0-5.el6firefox-60.1.0-5.el6

i386firefox-debuginfo-60.1.0-5.el6firefox-60.1.0-5.el6

175419 - Scientific Linux Security ERRATA Critical: firefox on SL7.x x86_64 (1807-3415)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Critical: firefox on SL7.x x86_64 (1807-3415)



SL7x86_64firefox-debuginfo-60.1.0-4.el7_5firefox-60.1.0-4.el7_5

23857 - Cisco NX-OS Software Cisco Fabric Services Denial of Service Vulnerability (cisco-sa-20180620-nx-os-fabric-dos)


DescriptionA vulnerability is present in some versions of Cisco NX-OS Software.

ObservationCisco NX-OS Software is the operating system used in Cisco Nexus devices.

A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in the Cisco Fabric Services component. Successful exploitation could allow an unauthenticated remote user to cause a denial of service or obtain sensitive information.

23799 - (K53931245) F5 BIG-IP SSL profile Vulnerability

Category: SSH Module -> NonIntrusive -> F5Risk Level: HighCVE: CVE-2018-5524

DescriptionA vulnerability is present in some versions of F5's BIG-IP products.

ObservationF5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System.

A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in Virtual servers using Client SSL or Server SSL profiles. Successful exploitation could allow an attacker to cause a denial-of-service condition.

23814 - (SB10241) McAfee Web Gateway Multiple Vulnerabilities

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2017-12940, CVE-2017-12941, CVE-2017-12942, CVE-2018-1124, CVE-2018-6667

DescriptionMultiple vulnerabilities are present in some versions of McAfee Web Gateway.

ObservationMcAfee Web Gateway is a web based security control system designed to prevent web application attacks.

Multiple vulnerabilities are present in some versions of McAfee Web Gateway. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive information, cause a denial of service condition or execute arbitrary code on the target system.

23835 - (K80440915) F5 BIG-IP Linux Kernel Vulnerability

Category: SSH Module -> NonIntrusive -> F5Risk Level: HighCVE: CVE-2017-7889



A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in Linux kernel. Successful exploitation could allow an attacker to bypass certain security restrictions and perform unauthorized actions.

23856 - Cisco Nexus 4000 Series Switch SNMP Denial Of Service Vulnerability (sa-20180620-n4k-snmp-dos)




A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in SNMP feature. Successful exploitation could allow a remote attacker to cause a denial of service condition.

23858 - Cisco Nexus 3000 And 9000 Series CLI and SNMP Denial Of Service Vulnerability (sa-20180620-n3k-n9k-clisnmp)




A vulnerability is present in some versions of Cisco NX-OS Software. The flaw is due to the use of a SNMP MIB related with an specific CLI command. Successful exploitation could allow a remote attacker to cause a denial of service condition.

131146 - Debian Linux 9.0 DSA-4238-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265

DescriptionThe scan detected that the host is missing the following update:DSA-4238-1


http://www.debian.org/security/2018/dsa-4238

Debian 9.0allexiv2_0.25-3.1+deb9u1


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549, CVE-2018-7584




Debian 9.0allphp7.0_7.0.30-0+deb9u1

146845 - SuSE Linux 15.0 openSUSE-SU-2018:1893-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-1071, CVE-2018-1083, CVE-2018-1100

DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1893-1


http://lists.opensuse.org/opensuse-updates/2018-07/msg00000.html

SuSE Linux 15.0x86_64zsh-debugsource-5.5-lp150.2.3.1zsh-debuginfo-5.5-lp150.2.3.1zsh-5.5-lp150.2.3.1zsh-htmldoc-5.5-lp150.2.3.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-12882




SuSE Linux 42.3i586php7-mbstring-debuginfo-7.0.7-40.1php7-snmp-debuginfo-7.0.7-40.1php7-tidy-7.0.7-40.1php7-ctype-7.0.7-40.1php7-json-debuginfo-7.0.7-40.1php7-gd-7.0.7-40.1php7-sockets-7.0.7-40.1php7-ftp-7.0.7-40.1php7-imap-debuginfo-7.0.7-40.1php7-bcmath-debuginfo-7.0.7-40.1php7-opcache-7.0.7-40.1php7-wddx-debuginfo-7.0.7-40.1apache2-mod_php7-debuginfo-7.0.7-40.1php7-xmlreader-debuginfo-7.0.7-40.1php7-ldap-7.0.7-40.1php7-devel-7.0.7-40.1php7-firebird-debuginfo-7.0.7-40.1php7-zip-debuginfo-7.0.7-40.1php7-readline-debuginfo-7.0.7-40.1php7-dom-7.0.7-40.1apache2-mod_php7-7.0.7-40.1php7-sysvsem-debuginfo-7.0.7-40.1php7-gettext-debuginfo-7.0.7-40.1php7-posix-7.0.7-40.1php7-mbstring-7.0.7-40.1php7-exif-7.0.7-40.1php7-xmlreader-7.0.7-40.1php7-odbc-debuginfo-7.0.7-40.1php7-calendar-7.0.7-40.1php7-debugsource-7.0.7-40.1php7-bz2-debuginfo-7.0.7-40.1

php7-7.0.7-40.1php7-gmp-7.0.7-40.1php7-curl-7.0.7-40.1php7-sqlite-debuginfo-7.0.7-40.1php7-wddx-7.0.7-40.1php7-shmop-7.0.7-40.1php7-exif-debuginfo-7.0.7-40.1php7-dom-debuginfo-7.0.7-40.1php7-calendar-debuginfo-7.0.7-40.1php7-fileinfo-7.0.7-40.1php7-sysvshm-7.0.7-40.1php7-phar-7.0.7-40.1php7-iconv-debuginfo-7.0.7-40.1php7-ctype-debuginfo-7.0.7-40.1php7-pspell-debuginfo-7.0.7-40.1php7-pgsql-debuginfo-7.0.7-40.1php7-fpm-7.0.7-40.1php7-sysvmsg-debuginfo-7.0.7-40.1php7-zip-7.0.7-40.1php7-mysql-debuginfo-7.0.7-40.1php7-json-7.0.7-40.1php7-snmp-7.0.7-40.1php7-iconv-7.0.7-40.1php7-fpm-debuginfo-7.0.7-40.1php7-intl-7.0.7-40.1php7-gmp-debuginfo-7.0.7-40.1php7-pcntl-debuginfo-7.0.7-40.1php7-bz2-7.0.7-40.1php7-mysql-7.0.7-40.1php7-firebird-7.0.7-40.1php7-posix-debuginfo-7.0.7-40.1php7-enchant-7.0.7-40.1php7-pdo-debuginfo-7.0.7-40.1php7-xmlrpc-7.0.7-40.1php7-tokenizer-7.0.7-40.1php7-tokenizer-debuginfo-7.0.7-40.1php7-odbc-7.0.7-40.1php7-pgsql-7.0.7-40.1php7-readline-7.0.7-40.1php7-pcntl-7.0.7-40.1php7-openssl-7.0.7-40.1php7-ftp-debuginfo-7.0.7-40.1php7-xsl-7.0.7-40.1php7-opcache-debuginfo-7.0.7-40.1php7-enchant-debuginfo-7.0.7-40.1php7-intl-debuginfo-7.0.7-40.1php7-fastcgi-debuginfo-7.0.7-40.1php7-zlib-7.0.7-40.1php7-debuginfo-7.0.7-40.1php7-sysvmsg-7.0.7-40.1php7-ldap-debuginfo-7.0.7-40.1php7-sysvshm-debuginfo-7.0.7-40.1php7-xmlwriter-7.0.7-40.1php7-openssl-debuginfo-7.0.7-40.1php7-fileinfo-debuginfo-7.0.7-40.1php7-mcrypt-7.0.7-40.1php7-gettext-7.0.7-40.1php7-sysvsem-7.0.7-40.1php7-xmlrpc-debuginfo-7.0.7-40.1php7-mcrypt-debuginfo-7.0.7-40.1

php7-soap-7.0.7-40.1php7-sockets-debuginfo-7.0.7-40.1php7-gd-debuginfo-7.0.7-40.1php7-soap-debuginfo-7.0.7-40.1php7-shmop-debuginfo-7.0.7-40.1php7-xmlwriter-debuginfo-7.0.7-40.1php7-sqlite-7.0.7-40.1php7-pdo-7.0.7-40.1php7-fastcgi-7.0.7-40.1php7-xsl-debuginfo-7.0.7-40.1php7-tidy-debuginfo-7.0.7-40.1php7-bcmath-7.0.7-40.1php7-curl-debuginfo-7.0.7-40.1php7-zlib-debuginfo-7.0.7-40.1php7-dba-7.0.7-40.1php7-dba-debuginfo-7.0.7-40.1php7-phar-debuginfo-7.0.7-40.1php7-imap-7.0.7-40.1php7-pspell-7.0.7-40.1

noarchphp7-pear-Archive_Tar-7.0.7-40.1php7-pear-7.0.7-40.1

x86_64php7-mbstring-debuginfo-7.0.7-40.1php7-snmp-debuginfo-7.0.7-40.1php7-tidy-7.0.7-40.1php7-ctype-7.0.7-40.1php7-json-debuginfo-7.0.7-40.1php7-gd-7.0.7-40.1php7-sockets-7.0.7-40.1php7-ftp-7.0.7-40.1php7-imap-debuginfo-7.0.7-40.1php7-bcmath-debuginfo-7.0.7-40.1php7-opcache-7.0.7-40.1php7-wddx-debuginfo-7.0.7-40.1apache2-mod_php7-debuginfo-7.0.7-40.1php7-xmlreader-debuginfo-7.0.7-40.1php7-ldap-7.0.7-40.1php7-devel-7.0.7-40.1php7-firebird-debuginfo-7.0.7-40.1php7-zip-debuginfo-7.0.7-40.1php7-readline-debuginfo-7.0.7-40.1php7-dom-7.0.7-40.1apache2-mod_php7-7.0.7-40.1php7-sysvsem-debuginfo-7.0.7-40.1php7-gettext-debuginfo-7.0.7-40.1php7-posix-7.0.7-40.1php7-mbstring-7.0.7-40.1php7-exif-7.0.7-40.1php7-xmlreader-7.0.7-40.1php7-odbc-debuginfo-7.0.7-40.1php7-calendar-7.0.7-40.1php7-debugsource-7.0.7-40.1php7-bz2-debuginfo-7.0.7-40.1php7-7.0.7-40.1php7-gmp-7.0.7-40.1php7-curl-7.0.7-40.1php7-sqlite-debuginfo-7.0.7-40.1

php7-wddx-7.0.7-40.1php7-shmop-7.0.7-40.1php7-exif-debuginfo-7.0.7-40.1php7-dom-debuginfo-7.0.7-40.1php7-calendar-debuginfo-7.0.7-40.1php7-fileinfo-7.0.7-40.1php7-sysvshm-7.0.7-40.1php7-phar-7.0.7-40.1php7-iconv-debuginfo-7.0.7-40.1php7-ctype-debuginfo-7.0.7-40.1php7-pspell-debuginfo-7.0.7-40.1php7-pgsql-debuginfo-7.0.7-40.1php7-fpm-7.0.7-40.1php7-sysvmsg-debuginfo-7.0.7-40.1php7-zip-7.0.7-40.1php7-mysql-debuginfo-7.0.7-40.1php7-json-7.0.7-40.1php7-snmp-7.0.7-40.1php7-iconv-7.0.7-40.1php7-fpm-debuginfo-7.0.7-40.1php7-intl-7.0.7-40.1php7-gmp-debuginfo-7.0.7-40.1php7-pcntl-debuginfo-7.0.7-40.1php7-bz2-7.0.7-40.1php7-mysql-7.0.7-40.1php7-firebird-7.0.7-40.1php7-posix-debuginfo-7.0.7-40.1php7-enchant-7.0.7-40.1php7-pdo-debuginfo-7.0.7-40.1php7-xmlrpc-7.0.7-40.1php7-tokenizer-7.0.7-40.1php7-tokenizer-debuginfo-7.0.7-40.1php7-odbc-7.0.7-40.1php7-pgsql-7.0.7-40.1php7-readline-7.0.7-40.1php7-pcntl-7.0.7-40.1php7-openssl-7.0.7-40.1php7-ftp-debuginfo-7.0.7-40.1php7-xsl-7.0.7-40.1php7-opcache-debuginfo-7.0.7-40.1php7-enchant-debuginfo-7.0.7-40.1php7-intl-debuginfo-7.0.7-40.1php7-fastcgi-debuginfo-7.0.7-40.1php7-zlib-7.0.7-40.1php7-debuginfo-7.0.7-40.1php7-sysvmsg-7.0.7-40.1php7-ldap-debuginfo-7.0.7-40.1php7-sysvshm-debuginfo-7.0.7-40.1php7-xmlwriter-7.0.7-40.1php7-openssl-debuginfo-7.0.7-40.1php7-fileinfo-debuginfo-7.0.7-40.1php7-mcrypt-7.0.7-40.1php7-gettext-7.0.7-40.1php7-sysvsem-7.0.7-40.1php7-xmlrpc-debuginfo-7.0.7-40.1php7-mcrypt-debuginfo-7.0.7-40.1php7-soap-7.0.7-40.1php7-sockets-debuginfo-7.0.7-40.1php7-gd-debuginfo-7.0.7-40.1php7-soap-debuginfo-7.0.7-40.1

php7-shmop-debuginfo-7.0.7-40.1php7-xmlwriter-debuginfo-7.0.7-40.1php7-sqlite-7.0.7-40.1php7-pdo-7.0.7-40.1php7-fastcgi-7.0.7-40.1php7-xsl-debuginfo-7.0.7-40.1php7-tidy-debuginfo-7.0.7-40.1php7-bcmath-7.0.7-40.1php7-curl-debuginfo-7.0.7-40.1php7-zlib-debuginfo-7.0.7-40.1php7-dba-7.0.7-40.1php7-dba-debuginfo-7.0.7-40.1php7-phar-debuginfo-7.0.7-40.1php7-imap-7.0.7-40.1php7-pspell-7.0.7-40.1

146851 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1887-1 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1887-1


http://lists.suse.com/pipermail/sle-security-updates/2018-July/004245.html

SuSE SLED 12 SP3x86_64libopenssl-devel-1.0.2j-60.30.1libopenssl1_0_0-debuginfo-1.0.2j-60.30.1openssl-1.0.2j-60.30.1openssl-debugsource-1.0.2j-60.30.1libopenssl1_0_0-32bit-1.0.2j-60.30.1openssl-debuginfo-1.0.2j-60.30.1libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1libopenssl1_0_0-1.0.2j-60.30.1

SuSE SLES 12 SP3noarchopenssl-doc-1.0.2j-60.30.1

x86_64openssl-1.0.2j-60.30.1libopenssl1_0_0-debuginfo-1.0.2j-60.30.1libopenssl-devel-1.0.2j-60.30.1libopenssl1_0_0-hmac-32bit-1.0.2j-60.30.1openssl-debuginfo-1.0.2j-60.30.1libopenssl1_0_0-debuginfo-32bit-1.0.2j-60.30.1openssl-debugsource-1.0.2j-60.30.1libopenssl1_0_0-hmac-1.0.2j-60.30.1libopenssl1_0_0-32bit-1.0.2j-60.30.1libopenssl1_0_0-1.0.2j-60.30.1

146852 - SuSE SLES 11 SP4 SUSE-SU-2018:1916-1 Update Is Not Installed





SuSE SLES 11 SP4i586openslp-1.2.0-172.27.3.1openslp-server-1.2.0-172.27.3.1

x86_64openslp-32bit-1.2.0-172.27.3.1openslp-1.2.0-172.27.3.1openslp-server-1.2.0-172.27.3.1

146853 - SuSE Linux 15.0, 42.3 openSUSE-SU-2018:1896-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-10857, CVE-2018-10859




SuSE Linux 15.0x86_64git-annex-bash-completion-6.20180626-lp150.2.5.1git-annex-6.20180626-lp150.2.5.1

SuSE Linux 42.3x86_64git-annex-bash-completion-6.20180626-8.1git-annex-6.20180626-8.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes

Risk Level: HighCVE: CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12372, CVE-2018-12373, CVE-2018-12374, CVE-2018-5188




SuSE Linux 15.0x86_64MozillaThunderbird-debuginfo-52.9.0-lp150.3.8.1MozillaThunderbird-translations-other-52.9.0-lp150.3.8.1MozillaThunderbird-52.9.0-lp150.3.8.1MozillaThunderbird-buildsymbols-52.9.0-lp150.3.8.1MozillaThunderbird-devel-52.9.0-lp150.3.8.1MozillaThunderbird-translations-common-52.9.0-lp150.3.8.1MozillaThunderbird-debugsource-52.9.0-lp150.3.8.1

SuSE Linux 42.3x86_64MozillaThunderbird-52.9.0-68.1MozillaThunderbird-debuginfo-52.9.0-68.1MozillaThunderbird-devel-52.9.0-68.1MozillaThunderbird-translations-common-52.9.0-68.1MozillaThunderbird-debugsource-52.9.0-68.1MozillaThunderbird-buildsymbols-52.9.0-68.1MozillaThunderbird-translations-other-52.9.0-68.1






SuSE Linux 42.3i586libopenssl1_0_0-1.0.2j-25.1libopenssl-devel-1.0.2j-25.1openssl-1.0.2j-25.1openssl-debuginfo-1.0.2j-25.1

openssl-cavs-1.0.2j-25.1openssl-cavs-debuginfo-1.0.2j-25.1openssl-debugsource-1.0.2j-25.1libopenssl1_0_0-hmac-1.0.2j-25.1libopenssl1_0_0-debuginfo-1.0.2j-25.1

noarchopenssl-doc-1.0.2j-25.1

x86_64libopenssl-devel-32bit-1.0.2j-25.1libopenssl1_0_0-hmac-32bit-1.0.2j-25.1openssl-cavs-1.0.2j-25.1libopenssl1_0_0-debuginfo-1.0.2j-25.1openssl-debuginfo-1.0.2j-25.1openssl-debugsource-1.0.2j-25.1libopenssl1_0_0-hmac-1.0.2j-25.1libopenssl-devel-1.0.2j-25.1libopenssl1_0_0-1.0.2j-25.1libopenssl1_0_0-debuginfo-32bit-1.0.2j-25.1openssl-cavs-debuginfo-1.0.2j-25.1openssl-1.0.2j-25.1libopenssl1_0_0-32bit-1.0.2j-25.1

163658 - Oracle Enterprise Linux ELSA-2018-4164 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2015-8575, CVE-2016-2384, CVE-2016-2543, CVE-2016-2544, CVE-2016-2545, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549, CVE-2017-1000410, CVE-2017-11600, CVE-2017-17741, CVE-2017-18203, CVE-2017-7616, CVE-2017-8824, CVE-2018-1000199, CVE-2018-10087, CVE-2018-10124, CVE-2018-10323, CVE-2018-1130, CVE-2018-3665, CVE-2018-5803, CVE-2018-8781

DescriptionThe scan detected that the host is missing the following update:ELSA-2018-4164


http://oss.oracle.com/pipermail/el-errata/2018-July/007873.htmlhttp://oss.oracle.com/pipermail/el-errata/2018-July/007872.html

OEL7x86_64kernel-uek-devel-3.8.13-118.22.1.el7uekkernel-uek-doc-3.8.13-118.22.1.el7uekkernel-uek-firmware-3.8.13-118.22.1.el7uekkernel-uek-debug-3.8.13-118.22.1.el7uekdtrace-modules-3.8.13-118.22.1.el7uek-0.4.5-3.el7kernel-uek-3.8.13-118.22.1.el7uekkernel-uek-debug-devel-3.8.13-118.22.1.el7uek

OEL6x86_64dtrace-modules-3.8.13-118.22.1.el6uek-0.4.5-3.el6kernel-uek-3.8.13-118.22.1.el6uek

kernel-uek-debug-3.8.13-118.22.1.el6uekkernel-uek-debug-devel-3.8.13-118.22.1.el6uekkernel-uek-devel-3.8.13-118.22.1.el6uekkernel-uek-firmware-3.8.13-118.22.1.el6uekkernel-uek-doc-3.8.13-118.22.1.el6uek

175418 - Scientific Linux Security ERRATA Important: kernel on SL6.x i386/x86_64 (1807-5892)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2018-10675, CVE-2018-10872, CVE-2018-3639, CVE-2018-3665, CVE-2018-8897

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: kernel on SL6.x i386/x86_64 (1807-5892)



SL6i386perf-debuginfo-2.6.32-754.2.1.el6kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6

noarchkernel-doc-2.6.32-754.2.1.el6kernel-firmware-2.6.32-754.2.1.el6kernel-abi-whitelists-2.6.32-754.2.1.el6

x86_64kernel-devel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6perf-debuginfo-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6

186294 - Ubuntu Linux 14.04, 16.04, 17.10, 18.04 USN-3707-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185

DescriptionThe scan detected that the host is missing the following update:USN-3707-1


https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-July/004484.html

Ubuntu 16.04

ntp_4.2.8p4+dfsg-3ubuntu5.9

Ubuntu 14.04

ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.13

Ubuntu 18.04


Ubuntu 17.10


186300 - Ubuntu Linux 14.04, 16.04 USN-3708-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2017-17833, CVE-2018-12938




Ubuntu 14.04

libslp1_1.2.1-9ubuntu0.3

Ubuntu 16.04

libslp1_1.2.1-11ubuntu0.16.04.1

196037 - Red Hat Enterprise Linux RHSA-2018-2164 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-10675, CVE-2018-10872, CVE-2018-3639, CVE-2018-3665, CVE-2018-8897

DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2164


http://www.redhat.com/archives/rhsa-announce/2018-July/msg00010.html

RHEL6Di386perf-debuginfo-2.6.32-754.2.1.el6kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6python-perf-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6



RHEL6Si386perf-debuginfo-2.6.32-754.2.1.el6kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6

python-perf-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6



RHEL6WSi386perf-debuginfo-2.6.32-754.2.1.el6kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6


x86_64perf-debuginfo-2.6.32-754.2.1.el6kernel-devel-2.6.32-754.2.1.el6kernel-debug-2.6.32-754.2.1.el6kernel-2.6.32-754.2.1.el6kernel-debuginfo-common-i686-2.6.32-754.2.1.el6kernel-debug-debuginfo-2.6.32-754.2.1.el6python-perf-debuginfo-2.6.32-754.2.1.el6kernel-debuginfo-2.6.32-754.2.1.el6kernel-debug-devel-2.6.32-754.2.1.el6perf-2.6.32-754.2.1.el6kernel-headers-2.6.32-754.2.1.el6kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6

23797 - (CTX235748) Citrix XenServer Multiple Vulnerabilities

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: MediumCVE: CVE-2018-12891, CVE-2018-12893

DescriptionMultiple vulnerabilities are present in some versions of Citrix XenServer.

ObservationCitrix XenServer is a popular virtualization platform.

Multiple vulnerabilities are present in some versions of Citrix XenServer. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a denial of service.

23801 - Joomla Language Switcher Module XSS Vulnerability (20180602)

Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: MediumCVE: CVE-2018-12711

DescriptionA vulnerability is present in some versions of Joomla!.

ObservationJoomla! is an open source content management system.

A vulnerability is present in some versions of Joomla!. The flaw is in language switcher module. Successful exploitation could allow an attacker to remotely execute arbitrary code.

23852 - (VMSA-2018-0016) VMware Workstation Player Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-6965, CVE-2018-6966, CVE-2018-6967

DescriptionMultiple vulnerabilities are present in some versions of VMware Workstation Player.

ObservationVMware Workstation Player is a virtualization software.

Multiple vulnerabilities are present in some versions of VMware Workstation Player. The flaws lie in multiple components. Successful exploitation could allow a local attacker to obtain potentially sensitive information or cause a denial of service condition on the target system.

23853 - (VMSA-2018-0016) VMware Workstation Pro Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-6965, CVE-2018-6966, CVE-2018-6967

DescriptionA vulnerability is present in some versions of VMware Workstation Pro.

ObservationVMware Workstation Pro is a virtualization software.

Multiple vulnerabilities are present in some versions of VMware Workstation Pro. The flaws lie in the shader translator. Successful exploitation could allow an attacker to disclose private information or cause a denial of service condition.


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2014-9636, CVE-2018-1000035




SuSE Linux 15.0x86_64unzip-debugsource-6.00-lp150.3.3.1unzip-rcc-debugsource-6.00-lp150.3.3.1unzip-rcc-6.00-lp150.3.3.1unzip-rcc-debuginfo-6.00-lp150.3.3.1unzip-6.00-lp150.3.3.1unzip-doc-6.00-lp150.3.3.1unzip-debuginfo-6.00-lp150.3.3.1

i586unzip-doc-6.00-lp150.3.3.1unzip-debugsource-6.00-lp150.3.3.1unzip-6.00-lp150.3.3.1unzip-debuginfo-6.00-lp150.3.3.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10194




SuSE Linux 15.0x86_64ghostscript-debuginfo-9.23-lp150.2.3.1ghostscript-mini-debuginfo-9.23-lp150.2.3.1ghostscript-mini-9.23-lp150.2.3.1ghostscript-mini-debugsource-9.23-lp150.2.3.1ghostscript-devel-9.23-lp150.2.3.1ghostscript-x11-debuginfo-9.23-lp150.2.3.1ghostscript-9.23-lp150.2.3.1ghostscript-debugsource-9.23-lp150.2.3.1ghostscript-mini-devel-9.23-lp150.2.3.1ghostscript-x11-9.23-lp150.2.3.1

i586ghostscript-debuginfo-9.23-lp150.2.3.1ghostscript-mini-debuginfo-9.23-lp150.2.3.1ghostscript-mini-9.23-lp150.2.3.1ghostscript-mini-debugsource-9.23-lp150.2.3.1ghostscript-devel-9.23-lp150.2.3.1ghostscript-x11-debuginfo-9.23-lp150.2.3.1ghostscript-9.23-lp150.2.3.1ghostscript-debugsource-9.23-lp150.2.3.1ghostscript-mini-devel-9.23-lp150.2.3.1ghostscript-x11-9.23-lp150.2.3.1






SuSE Linux 42.3i586postgresql95-contrib-9.5.13-2.9.1postgresql95-server-debuginfo-9.5.13-2.9.1postgresql95-debuginfo-9.5.13-2.9.1postgresql95-plpython-debuginfo-9.5.13-2.9.1postgresql95-pltcl-9.5.13-2.9.1postgresql95-server-9.5.13-2.9.1postgresql95-9.5.13-2.9.1postgresql95-plperl-debuginfo-9.5.13-2.9.1postgresql95-plpython-9.5.13-2.9.1postgresql95-devel-debuginfo-9.5.13-2.9.1postgresql95-test-9.5.13-2.9.1postgresql95-libs-debugsource-9.5.13-2.9.1postgresql95-debugsource-9.5.13-2.9.1

postgresql95-plperl-9.5.13-2.9.1postgresql95-contrib-debuginfo-9.5.13-2.9.1postgresql95-pltcl-debuginfo-9.5.13-2.9.1postgresql95-devel-9.5.13-2.9.1

noarchpostgresql95-docs-9.5.13-2.9.1

x86_64postgresql95-contrib-9.5.13-2.9.1postgresql95-server-debuginfo-9.5.13-2.9.1postgresql95-debuginfo-9.5.13-2.9.1postgresql95-plpython-debuginfo-9.5.13-2.9.1postgresql95-pltcl-9.5.13-2.9.1postgresql95-server-9.5.13-2.9.1postgresql95-9.5.13-2.9.1postgresql95-plperl-debuginfo-9.5.13-2.9.1postgresql95-plpython-9.5.13-2.9.1postgresql95-devel-debuginfo-9.5.13-2.9.1postgresql95-test-9.5.13-2.9.1postgresql95-libs-debugsource-9.5.13-2.9.1postgresql95-debugsource-9.5.13-2.9.1postgresql95-plperl-9.5.13-2.9.1postgresql95-contrib-debuginfo-9.5.13-2.9.1postgresql95-pltcl-debuginfo-9.5.13-2.9.1postgresql95-devel-9.5.13-2.9.1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2014-9092, CVE-2016-3616, CVE-2017-15232, CVE-2018-11212, CVE-2018-11213, CVE-2018-11214, CVE-2018-1152




Ubuntu 16.04

libjpeg-turbo8_1.4.2-0ubuntu3.1

Ubuntu 14.04

libjpeg-turbo8_1.3.0-0ubuntu2.1

Ubuntu 18.04

libjpeg-turbo8_1.5.2-0ubuntu5.18.04.1

Ubuntu 17.10

libjpeg-turbo8_1.5.2-0ubuntu5.17.10.1

193900 - Fedora Linux 28 FEDORA-2018-b10e54263a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-11235

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-b10e54263a


https://lists.fedoraproject.org/archives/list/[email protected]/2018/7/?count=200&page=2

Fedora Core 28

libgit2-0.26.4-1.fc28

193910 - Fedora Linux 27 FEDORA-2018-94eb743dad Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-11235

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-94eb743dad



Fedora Core 27

libgit2-0.26.4-1.fc27


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-11233, CVE-2018-11235




RHEL7Sx86_64rh-git29-git-core-2.9.3-4.el7rh-git29-git-core-doc-2.9.3-4.el7rh-git29-git-daemon-2.9.3-4.el7rh-git29-git-2.9.3-4.el7rh-git29-git-svn-2.9.3-4.el7rh-git29-git-debuginfo-2.9.3-4.el7

noarchrh-git29-git-p4-2.9.3-4.el7rh-git29-git-all-2.9.3-4.el7rh-git29-git-cvs-2.9.3-4.el7rh-git29-git-gui-2.9.3-4.el7rh-git29-git-email-2.9.3-4.el7rh-git29-perl-Git-SVN-2.9.3-4.el7rh-git29-gitk-2.9.3-4.el7rh-git29-perl-Git-2.9.3-4.el7rh-git29-gitweb-2.9.3-4.el7

RHEL6Sx86_64rh-git29-git-core-2.9.3-4.el6rh-git29-git-svn-2.9.3-4.el6rh-git29-git-2.9.3-4.el6rh-git29-git-core-doc-2.9.3-4.el6rh-git29-git-daemon-2.9.3-4.el6rh-git29-git-debuginfo-2.9.3-4.el6

noarchrh-git29-git-cvs-2.9.3-4.el6rh-git29-emacs-git-el-2.9.3-4.el6rh-git29-git-all-2.9.3-4.el6rh-git29-emacs-git-2.9.3-4.el6rh-git29-git-gui-2.9.3-4.el6rh-git29-perl-Git-SVN-2.9.3-4.el6rh-git29-gitk-2.9.3-4.el6rh-git29-git-email-2.9.3-4.el6rh-git29-gitweb-2.9.3-4.el6rh-git29-perl-Git-2.9.3-4.el6rh-git29-git-p4-2.9.3-4.el6

RHEL6WSx86_64rh-git29-git-core-2.9.3-4.el6rh-git29-git-svn-2.9.3-4.el6rh-git29-git-2.9.3-4.el6rh-git29-git-core-doc-2.9.3-4.el6rh-git29-git-daemon-2.9.3-4.el6rh-git29-git-debuginfo-2.9.3-4.el6

noarchrh-git29-git-cvs-2.9.3-4.el6rh-git29-emacs-git-el-2.9.3-4.el6rh-git29-git-all-2.9.3-4.el6rh-git29-emacs-git-2.9.3-4.el6rh-git29-git-gui-2.9.3-4.el6rh-git29-perl-Git-SVN-2.9.3-4.el6

rh-git29-gitk-2.9.3-4.el6rh-git29-git-email-2.9.3-4.el6rh-git29-gitweb-2.9.3-4.el6rh-git29-perl-Git-2.9.3-4.el6rh-git29-git-p4-2.9.3-4.el6

RHEL6_7Sx86_64rh-git29-git-core-2.9.3-4.el6rh-git29-git-svn-2.9.3-4.el6rh-git29-git-2.9.3-4.el6rh-git29-git-core-doc-2.9.3-4.el6rh-git29-git-daemon-2.9.3-4.el6rh-git29-git-debuginfo-2.9.3-4.el6

noarchrh-git29-git-cvs-2.9.3-4.el6rh-git29-emacs-git-el-2.9.3-4.el6rh-git29-git-all-2.9.3-4.el6rh-git29-emacs-git-2.9.3-4.el6rh-git29-git-gui-2.9.3-4.el6rh-git29-perl-Git-SVN-2.9.3-4.el6rh-git29-gitk-2.9.3-4.el6rh-git29-git-email-2.9.3-4.el6rh-git29-gitweb-2.9.3-4.el6rh-git29-perl-Git-2.9.3-4.el6rh-git29-git-p4-2.9.3-4.el6

RHEL7_3Sx86_64rh-git29-git-core-2.9.3-4.el7rh-git29-git-core-doc-2.9.3-4.el7rh-git29-git-daemon-2.9.3-4.el7rh-git29-git-2.9.3-4.el7rh-git29-git-svn-2.9.3-4.el7rh-git29-git-debuginfo-2.9.3-4.el7

noarchrh-git29-git-p4-2.9.3-4.el7rh-git29-git-all-2.9.3-4.el7rh-git29-git-cvs-2.9.3-4.el7rh-git29-git-gui-2.9.3-4.el7rh-git29-git-email-2.9.3-4.el7rh-git29-perl-Git-SVN-2.9.3-4.el7rh-git29-gitk-2.9.3-4.el7rh-git29-perl-Git-2.9.3-4.el7rh-git29-gitweb-2.9.3-4.el7

RHEL7WSx86_64rh-git29-git-core-2.9.3-4.el7rh-git29-git-core-doc-2.9.3-4.el7rh-git29-git-daemon-2.9.3-4.el7rh-git29-git-2.9.3-4.el7rh-git29-git-svn-2.9.3-4.el7rh-git29-git-debuginfo-2.9.3-4.el7

noarchrh-git29-git-p4-2.9.3-4.el7rh-git29-git-all-2.9.3-4.el7

rh-git29-git-cvs-2.9.3-4.el7rh-git29-git-gui-2.9.3-4.el7rh-git29-git-email-2.9.3-4.el7rh-git29-perl-Git-SVN-2.9.3-4.el7rh-git29-gitk-2.9.3-4.el7rh-git29-perl-Git-2.9.3-4.el7rh-git29-gitweb-2.9.3-4.el7

23843 - IBM WebSphere Application Server Information Disclosure Vulnerability (swg22016887)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-1614

DescriptionAn information disclosure vulnerability is present in some versions of IBM WebSphere Application Server.

ObservationIBM WebSphere Application Server is a server engine for Java EE Web applications.

An information disclosure vulnerability is present in some versions of IBM WebSphere Application Server. The flaw lies in how the software handles SAML responses from the SAML identity provider. Successful exploitation could allow an attacker to obtain sensitive information.






SuSE Linux 15.0x86_64libcairo-gobject2-32bit-1.15.10-lp150.3.3.1libcairo2-1.15.10-lp150.3.3.1libcairo2-32bit-1.15.10-lp150.3.3.1cairo-devel-32bit-1.15.10-lp150.3.3.1cairo-devel-1.15.10-lp150.3.3.1libcairo-script-interpreter2-32bit-debuginfo-1.15.10-lp150.3.3.1libcairo2-debuginfo-1.15.10-lp150.3.3.1libcairo-gobject2-32bit-debuginfo-1.15.10-lp150.3.3.1libcairo-gobject2-debuginfo-1.15.10-lp150.3.3.1libcairo-gobject2-1.15.10-lp150.3.3.1libcairo-script-interpreter2-32bit-1.15.10-lp150.3.3.1cairo-tools-1.15.10-lp150.3.3.1cairo-debugsource-1.15.10-lp150.3.3.1

libcairo2-32bit-debuginfo-1.15.10-lp150.3.3.1libcairo-script-interpreter2-1.15.10-lp150.3.3.1libcairo-script-interpreter2-debuginfo-1.15.10-lp150.3.3.1cairo-tools-debuginfo-1.15.10-lp150.3.3.1

i586libcairo2-debuginfo-1.15.10-lp150.3.3.1libcairo-gobject2-1.15.10-lp150.3.3.1libcairo2-1.15.10-lp150.3.3.1libcairo-script-interpreter2-debuginfo-1.15.10-lp150.3.3.1cairo-devel-1.15.10-lp150.3.3.1libcairo-script-interpreter2-1.15.10-lp150.3.3.1cairo-tools-1.15.10-lp150.3.3.1cairo-debugsource-1.15.10-lp150.3.3.1cairo-tools-debuginfo-1.15.10-lp150.3.3.1libcairo-gobject2-debuginfo-1.15.10-lp150.3.3.1






SuSE Linux 42.3x86_64ruby2.4-rubygem-yard-0.8.7.3-8.3.1ruby2.4-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.3-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.1-rubygem-yard-0.8.7.3-8.3.1ruby2.2-rubygem-yard-0.8.7.3-8.3.1ruby2.2-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.1-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.2-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.3-rubygem-yard-0.8.7.3-8.3.1ruby2.3-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.1-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.4-rubygem-yard-testsuite-0.8.7.3-8.3.1

i586ruby2.4-rubygem-yard-0.8.7.3-8.3.1ruby2.4-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.3-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.1-rubygem-yard-0.8.7.3-8.3.1ruby2.2-rubygem-yard-0.8.7.3-8.3.1ruby2.2-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.1-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.2-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.3-rubygem-yard-0.8.7.3-8.3.1

ruby2.3-rubygem-yard-testsuite-0.8.7.3-8.3.1ruby2.1-rubygem-yard-doc-0.8.7.3-8.3.1ruby2.4-rubygem-yard-testsuite-0.8.7.3-8.3.1

182726 - FreeBSD clamav Multiple Vulnerabilities (d1e9d8c5-839b-11e8-9610-9c5c8e75236a)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2017-16932, CVE-2018-0360, CVE-2018-0361

DescriptionThe scan detected that the host is missing the following update:clamav -- multiple vulnerabilities (d1e9d8c5-839b-11e8-9610-9c5c8e75236a)


http://www.vuxml.org/freebsd/d1e9d8c5-839b-11e8-9610-9c5c8e75236a.html

Affected packages: clamav < 0.100.1

182727 - FreeBSD expat Multiple Vulnerabilities (e375ff3f-7fec-11e8-8088-28d244aee256)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2016-9063, CVE-2017-9233

DescriptionThe scan detected that the host is missing the following update:expat -- multiple vulnerabilities (e375ff3f-7fec-11e8-8088-28d244aee256)


http://www.vuxml.org/freebsd/e375ff3f-7fec-11e8-8088-28d244aee256.html

Affected packages: expat < 2.2.1libwww < 5.4.2linux-c6-expat <= 2.0.1_5linux-c7-expat <= 2.1.0_2

193907 - Fedora Linux 27 FEDORA-2018-9f02e5ed7b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2017-15038, CVE-2017-15268, CVE-2017-5715, CVE-2018-3639

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-9f02e5ed7b



Fedora Core 27

qemu-2.10.1-4.fc27

23782 - (K08044291) F5 BIG-IP OpenSSL Vulnerability

Category: SSH Module -> NonIntrusive -> F5Risk Level: MediumCVE: CVE-2018-0739



A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in OpenSSL command line utility component. Successful exploitation could allow an attacker to cause a denial-of-service condition.

146847 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1902-1 Update Is Not Installed





SuSE SLED 12 SP3x86_64libqt4-sql-4.8.7-8.6.1libqt4-sql-mysql-debuginfo-4.8.7-8.6.1libqt4-x11-debuginfo-4.8.7-8.6.1libqt4-sql-postgresql-32bit-4.8.7-8.6.1libqt4-sql-sqlite-32bit-4.8.7-8.6.1libqt4-sql-mysql-32bit-4.8.7-8.6.1libqt4-4.8.7-8.6.1qt4-qtscript-0.2.0-11.2.4libqca2-debuginfo-2.0.3-17.2.1libqt4-sql-unixODBC-debuginfo-4.8.7-8.6.1libqt4-sql-mysql-4.8.7-8.6.1libqt4-sql-32bit-4.8.7-8.6.1

libqt4-sql-debuginfo-4.8.7-8.6.1libQtWebKit4-4.8.7+2.3.4-4.5.1libqca2-32bit-2.0.3-17.2.1libqt4-debuginfo-32bit-4.8.7-8.6.1libqca2-debuginfo-32bit-2.0.3-17.2.1libqt4-sql-postgresql-debuginfo-32bit-4.8.7-8.6.1libqt4-sql-postgresql-debuginfo-4.8.7-8.6.1libqt4-x11-debuginfo-32bit-4.8.7-8.6.1libQtWebKit4-32bit-4.8.7+2.3.4-4.5.1libqca2-debugsource-2.0.3-17.2.1libqt4-sql-unixODBC-debuginfo-32bit-4.8.7-8.6.1libQtWebKit4-debugsource-4.8.7+2.3.4-4.5.1libqt4-sql-plugins-debugsource-4.8.7-8.6.1libqt4-x11-4.8.7-8.6.1qt4-qtscript-debuginfo-0.2.0-11.2.4libqt4-sql-unixODBC-32bit-4.8.7-8.6.1libqt4-sql-sqlite-debuginfo-32bit-4.8.7-8.6.1libqt4-qt3support-32bit-4.8.7-8.6.1libqt4-sql-sqlite-debuginfo-4.8.7-8.6.1libQtWebKit4-debuginfo-32bit-4.8.7+2.3.4-4.5.1libqt4-sql-sqlite-4.8.7-8.6.1qt4-qtscript-debugsource-0.2.0-11.2.4libQtWebKit4-debuginfo-4.8.7+2.3.4-4.5.1libqt4-qt3support-debuginfo-4.8.7-8.6.1libqt4-qt3support-4.8.7-8.6.1libqt4-32bit-4.8.7-8.6.1libqt4-sql-mysql-debuginfo-32bit-4.8.7-8.6.1libqt4-sql-unixODBC-4.8.7-8.6.1libqt4-qt3support-debuginfo-32bit-4.8.7-8.6.1libqt4-debuginfo-4.8.7-8.6.1libqt4-sql-postgresql-4.8.7-8.6.1libqt4-sql-debuginfo-32bit-4.8.7-8.6.1libqt4-debugsource-4.8.7-8.6.1libqt4-x11-32bit-4.8.7-8.6.1libqca2-2.0.3-17.2.1

SuSE SLES 12 SP3x86_64libqt4-sql-4.8.7-8.6.1libqt4-x11-debuginfo-4.8.7-8.6.1libqt4-4.8.7-8.6.1qt4-x11-tools-debuginfo-4.8.7-8.6.4qt4-x11-tools-4.8.7-8.6.4libqt4-sql-debuginfo-32bit-4.8.7-8.6.1libqt4-debuginfo-4.8.7-8.6.1libqca2-debuginfo-2.0.3-17.2.1libqt4-qt3support-debuginfo-32bit-4.8.7-8.6.1libqt4-sql-mysql-4.8.7-8.6.1libqt4-sql-32bit-4.8.7-8.6.1libqt4-sql-debuginfo-4.8.7-8.6.1libqt4-devel-doc-debuginfo-4.8.7-8.6.4libqt4-sql-sqlite-debuginfo-4.8.7-8.6.1libqca2-32bit-2.0.3-17.2.1libqca2-debuginfo-32bit-2.0.3-17.2.1libqt4-qt3support-32bit-4.8.7-8.6.1libqt4-x11-debuginfo-32bit-4.8.7-8.6.1libQtWebKit4-32bit-4.8.7+2.3.4-4.5.1libqca2-debugsource-2.0.3-17.2.1libQtWebKit4-debugsource-4.8.7+2.3.4-4.5.1libqt4-sql-plugins-debugsource-4.8.7-8.6.1

libqt4-x11-4.8.7-8.6.1libqt4-sql-mysql-debuginfo-4.8.7-8.6.1libqt4-debugsource-4.8.7-8.6.1libQtWebKit4-debuginfo-32bit-4.8.7+2.3.4-4.5.1libqt4-sql-sqlite-4.8.7-8.6.1libQtWebKit4-debuginfo-4.8.7+2.3.4-4.5.1libqt4-qt3support-debuginfo-4.8.7-8.6.1libQtWebKit4-4.8.7+2.3.4-4.5.1libqt4-32bit-4.8.7-8.6.1libqt4-debuginfo-32bit-4.8.7-8.6.1libqt4-qt3support-4.8.7-8.6.1libqt4-devel-doc-debugsource-4.8.7-8.6.4libqt4-x11-32bit-4.8.7-8.6.1libqca2-2.0.3-17.2.1






SuSE Linux 15.0x86_64openvpn-auth-pam-plugin-debuginfo-2.4.3-lp150.3.3.1openvpn-down-root-plugin-2.4.3-lp150.3.3.1openvpn-debugsource-2.4.3-lp150.3.3.1openvpn-2.4.3-lp150.3.3.1openvpn-devel-2.4.3-lp150.3.3.1openvpn-down-root-plugin-debuginfo-2.4.3-lp150.3.3.1openvpn-auth-pam-plugin-2.4.3-lp150.3.3.1openvpn-debuginfo-2.4.3-lp150.3.3.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-3639, CVE-2018-3640




SuSE Linux 15.0x86_64ucode-intel-20180703-lp150.2.4.1

SuSE Linux 42.3x86_64ucode-intel-20180703-25.1ucode-intel-debuginfo-20180703-25.1ucode-intel-blob-20180703-25.1ucode-intel-debugsource-20180703-25.1

i586ucode-intel-20180703-25.1ucode-intel-debuginfo-20180703-25.1ucode-intel-blob-20180703-25.1ucode-intel-debugsource-20180703-25.1

175420 - Scientific Linux Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64 (1807-6284)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: MediumCVE: CVE-2017-13672, CVE-2018-3639, CVE-2018-5683, CVE-2018-7858

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: qemu-kvm on SL6.x i386/x86_64 (1807-6284)



SL6x86_64qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1

i386qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-guest-agent-0.12.1.2-2.506.el6_10.1

182728 - FreeBSD Zziplib - Multiple Vulnerabilities (7764b219-8148-11e8-aa4d-000e0cd7b374)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5977, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981, CVE-2018-6381, CVE-2018-6484, CVE-2018-6540, CVE-2018-6541, CVE-2018-6542, CVE-2018-6869, CVE-2018-7725,CVE-2018-7726, CVE-2018-7727

Description

The scan detected that the host is missing the following update:zziplib - multiple vulnerabilities (7764b219-8148-11e8-aa4d-000e0cd7b374)


http://www.vuxml.org/freebsd/7764b219-8148-11e8-aa4d-000e0cd7b374.html

Affected packages: zziplib < 0.13.68

186302 - Ubuntu Linux 14.04 USN-3690-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2017-5715




Ubuntu 14.04

amd64-microcode_3.20180524.1~ubuntu0.14.04.2+really20130710.1


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-3639




RHEL7_3Snoarchkernel-doc-3.10.0-514.53.1.el7kernel-abi-whitelists-3.10.0-514.53.1.el7

x86_64kernel-debuginfo-common-x86_64-3.10.0-514.53.1.el7

python-perf-debuginfo-3.10.0-514.53.1.el7python-perf-3.10.0-514.53.1.el7kernel-devel-3.10.0-514.53.1.el7kernel-tools-libs-devel-3.10.0-514.53.1.el7kernel-tools-3.10.0-514.53.1.el7kernel-tools-libs-3.10.0-514.53.1.el7perf-debuginfo-3.10.0-514.53.1.el7kernel-headers-3.10.0-514.53.1.el7kernel-debug-debuginfo-3.10.0-514.53.1.el7kernel-tools-debuginfo-3.10.0-514.53.1.el7kernel-3.10.0-514.53.1.el7kernel-debug-3.10.0-514.53.1.el7kernel-debuginfo-3.10.0-514.53.1.el7perf-3.10.0-514.53.1.el7kernel-debug-devel-3.10.0-514.53.1.el7


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-13672, CVE-2018-3639, CVE-2018-5683, CVE-2018-7858




RHEL6Dx86_64qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1


RHEL6Si386qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-guest-agent-0.12.1.2-2.506.el6_10.1

x86_64qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1

RHEL6WSx86_64

qemu-guest-agent-0.12.1.2-2.506.el6_10.1qemu-kvm-tools-0.12.1.2-2.506.el6_10.1qemu-kvm-0.12.1.2-2.506.el6_10.1qemu-kvm-debuginfo-0.12.1.2-2.506.el6_10.1qemu-img-0.12.1.2-2.506.el6_10.1


88955 - Slackware Linux 14.2 SSA:2018-186-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:SSA:2018-186-01


http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.363131

Slackware 14.2x86_64mozilla-thunderbird-52.9.0-x86_64-1

i586mozilla-thunderbird-52.9.0-i586-1

88956 - Slackware Linux 14.2 SSA:2018-191-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:SSA:2018-191-01


http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.365702

Slackware 14.2x86_64mozilla-thunderbird-52.9.1-x86_64-1

i586mozilla-thunderbird-52.9.1-i586-1


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-3760




Debian 9.0allruby-sprockets_3.7.0-1+deb9u1






Debian 9.0allgir1.2-soup-2.4_2.56.0-2+deb9u2libsoup2.4-dev_2.56.0-2+deb9u2libsoup-gnome2.4-dev_2.56.0-2+deb9u2libsoup2.4-1_2.56.0-2+deb9u2libsoup2.4-doc_2.56.0-2+deb9u2libsoup-gnome2.4-1_2.56.0-2+deb9u2






Debian 9.0allgosa_gosa

182724 - FreeBSD wordpress Multiple Issues (4740174c-82bb-11e8-a29a-00e04c1ea73d)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:wordpress -- multiple issues (4740174c-82bb-11e8-a29a-00e04c1ea73d)


http://www.vuxml.org/freebsd/4740174c-82bb-11e8-a29a-00e04c1ea73d.html

Affected packages: wordpress < 4.9.7,1fr-wordpress < 4.9.7,1de-wordpress < 4.9.7zh_CN-wordpress < 4.9.7zh_TW-wordpress < 4.9.7ja-wordpress < 4.9.7ru-wordpress < 4.9.7

182725 - FreeBSD mybb Vulnerabilities (bfd5d004-81d4-11e8-a29a-00e04c1ea73d)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:mybb -- vulnerabilities (bfd5d004-81d4-11e8-a29a-00e04c1ea73d)


http://www.vuxml.org/freebsd/bfd5d004-81d4-11e8-a29a-00e04c1ea73d.html

Affected packages: mybb < 1.8.16


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-12882




Ubuntu 18.04

libapache2-mod-php7.2_7.2.7-0ubuntu0.18.04.1php7.2-cli_7.2.7-0ubuntu0.18.04.1php7.2-cgi_7.2.7-0ubuntu0.18.04.1php7.2-fpm_7.2.7-0ubuntu0.18.04.1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-12882




Ubuntu 18.04

php7.2-cgi_7.2.7-0ubuntu0.18.04.2php7.2-cli_7.2.7-0ubuntu0.18.04.2php7.2-fpm_7.2.7-0ubuntu0.18.04.2libapache2-mod-php7.2_7.2.7-0ubuntu0.18.04.2


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188

Description

The scan detected that the host is missing the following update:USN-3705-1



Ubuntu 16.04

firefox_61.0+build3-0ubuntu0.16.04.2

Ubuntu 14.04


Ubuntu 18.04


Ubuntu 17.10



Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188




Ubuntu 16.04

firefox_61.0.1+build1-0ubuntu0.16.04.1

Ubuntu 14.04


Ubuntu 18.04


Ubuntu 17.10


193899 - Fedora Linux 27 FEDORA-2018-4943b0505b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-10886

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-4943b0505b



Fedora Core 27

ant-1.10.1-10.fc27

193901 - Fedora Linux 28 FEDORA-2018-8da2d73634 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-8da2d73634



Fedora Core 28

transifex-client-0.13.4-1.fc28

193902 - Fedora Linux 27 FEDORA-2018-c8ddc44bbb Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2017-16652, CVE-2018-11385, CVE-2018-11386, CVE-2018-11406, CVE-2018-11407, CVE-2018-11408

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-c8ddc44bbb

Observation

Updates often remediate critical security problems that should be quickly addressed.For more information see:


Fedora Core 27

php-symfony3-3.3.17-1.fc27

193903 - Fedora Linux 27 FEDORA-2018-c3838931e1 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-c3838931e1



Fedora Core 27

libsoup-2.60.3-2.fc27

193904 - Fedora Linux 27 FEDORA-2018-2bdfc9dc67 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2017-16652, CVE-2018-11385, CVE-2018-11386, CVE-2018-11406, CVE-2018-11407, CVE-2018-11408

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-2bdfc9dc67



Fedora Core 27

php-symfony-2.8.42-1.fc27

193905 - Fedora Linux 27 FEDORA-2018-69780fc4d7 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-69780fc4d7



Fedora Core 27

gnupg-1.4.23-1.fc27

193906 - Fedora Linux 28 FEDORA-2018-c785c43a8f Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-c785c43a8f



Fedora Core 28

cinnamon-3.8.7-1.fc28

193908 - Fedora Linux 28 FEDORA-2018-d1f6c8957f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-12559, CVE-2018-12560, CVE-2018-12561, CVE-2018-12562

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-d1f6c8957f



Fedora Core 28

cantata-2.3.1-1.fc28

193909 - Fedora Linux 27 FEDORA-2018-9296823b6c Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-12559, CVE-2018-12560, CVE-2018-12561, CVE-2018-12562

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-9296823b6c



Fedora Core 27

cantata-2.3.1-1.fc27

23772 - (CTX235745) Citrix XenServer Speculative Register Leakage Vulnerability

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: LowCVE: CVE-2018-3665

DescriptionA vulnerability is present in some versions of Citrix XenServer.

ObservationCitrix XenServer is a popular virtualization platform.

A vulnerability is present in some versions of Citrix XenServer. The flaw is due to certain feature in Intel Core Microprocessors. Successful exploitation could allow an attacker to obtain sensitive information.

23786 - Cisco NX-OS Software CLI Arbitrary Command Injection Vulnerability (cisco-sa-20180620-nx-os-cli-injection)

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: InformationalCVE: CVE-2018-0307

DescriptionA vulnerability is present in some versions of Cisco NX-OS.

ObservationCisco NX-OS is a network operating system.

A vulnerability is present in some versions of Cisco NX-OS. The flaw is due to insufficient input validation of command arguments for CLI. Successful exploitation could allow an attacker to locally execute arbitrary code on the target system.

23871 - Microsoft Office 2016 Click-To-Run Jul 2018 Updates

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)

Risk Level: InformationalCVE: CVE-2018-8281, CVE-2018-8310, CVE-2018-8312

DescriptionMultiple issues are present in some versions of Microsoft Office 2016 Click-to-Run.

ObservationMicrosoft Office 2016 Click-to-Run is an alternative to the Windows Installer-based (MSI) installation method of the popular office suite.

Multiple issues are present in some versions of Microsoft Office 2016 Click-to-Run. The flaws are present in multiple components. Such defects could lead the product to software vulnerabilities, malfunction or unexpected behavior in some of its affected components.

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on avulnerability and anything else that improves upon an existing FSL check.

33218 - Oracle Solaris 119214-36 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: HighCVE: CVE-2009-0689, CVE-2009-2404, CVE-2009-3555, CVE-2010-3170, CVE-2011-3389, CVE-2013-1620, CVE-2013-1739, CVE-2013-1740, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492

Update DetailsName is updated Description is updated Observation is updated Recommendation is updated FASLScript is updated

182014 - FreeBSD tiff Buffer Overflow (0ab66088-4aa5-11e6-a7bd-14dae9d210b8)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2016-5314, CVE-2016-5875

Update DetailsCVE is updated

182718 - FreeBSD mozilla Multiple Vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188

Update DetailsFASLScript is updated

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we stronglyurge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any

critical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting"FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerabilityscripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability categoryand checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts willbe automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.comMulti-National Phone Support available here:

http://www.mcafee.com/us/about/contact/index.htmlNon-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution byothers is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2018 McAfee, Inc.McAfee is a registered trademark of McAfee, Inc. and/or its affiliates

https://mysupport.mcafee.com/

http://www.mcafee.com/us/about/contact/index.html

Documents

2018-JUL-1 FSL version 7.6 - McAfee · 175417 - Scientific Linux Security ERRATA Critical: firefox on SL6.x i386/x86_64 (1807-3912) Category: SSH Module -> NonIntrusive -> Scientific