Mcafee Foundstone Fsl Update

2020-SEP-16 FSL version 7.6.173

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.

NEW CHECKS

149363 - SuSE Linux 15.2 openSUSE-SU-2020:1369-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1369-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00060.html

SuSE Linux 15.2 x86_64 squid-debugsource-4.13-lp152.2.6.1 squid-debuginfo-4.13-lp152.2.6.1 squid-4.13-lp152.2.6.1

149365 - SuSE Linux 15.1 openSUSE-SU-2020:1346-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1346-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00033.html

SuSE Linux 15.1 x86_64 squid-debugsource-4.13-lp151.2.24.1 squid-4.13-lp151.2.24.1 squid-debuginfo-4.13-lp151.2.24.1 149393 - SuSE SLES 12 SP5 SUSE-SU-2020:2443-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2443-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007332.html

SuSE SLES 12 SP5 x86_64 squid-debugsource-4.13-4.15.1 squid-4.13-4.15.1 squid-debuginfo-4.13-4.15.1

27036 - (MSPT-Sep2020) Microsoft Windows GDI Remote Code Execution (CVE-2020-1285)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1285

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the GDI component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27045 - (MSPT-Sep2020) Microsoft Windows WDAC Remote Code Execution (CVE-2020-0951)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0951

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the WDAC component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27046 - (MSPT-Sep2020) Microsoft Hyper-V Improperly Validate Malicious Data Denial of Service (CVE-2020-0890)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0890

Description A vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.

Observation A vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.

The flaw lies in improperly validate malicious data. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.

27047 - (MSPT-Sep2020) Microsoft Hyper-V Improperly Validate Malicious Data Denial of Service (CVE-2020-0904)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0904

Description A vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.

Observation A vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.

27053 - (MSPT-Sep2020) Microsoft Windows Improperly Handles Objects in Memory Remote Code Execution (CVE-2020- 1252)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1252

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27055 - (MSPT-Sep2020) Microsoft Windows Codecs Library Remote Code Execution (CVE-2020-1129)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1129

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Codecs Library component. Successful exploitation by a remote attacker could result in the execution of arbitrary code.

27057 - (MSPT-Sep2020) Microsoft Windows Camera Codec Pack Remote Code Execution (CVE-2020-0997)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0997

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Camera Codec Pack component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27060 - (MSPT-Sep2020) Microsoft Windows Projected Filesystem Remote Code Execution (CVE-2020-0805)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0805

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Projected Filesystem component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27061 - (MSPT-Sep2020) Microsoft Windows DNS Denial of Service (CVE-2020-0836)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0836

Description A vulnerability in some versions of Microsoft Windows could lead to a denial of service. Observation A vulnerability in some versions of Microsoft Windows could lead to a denial of service.

The flaw lies in the DNS component. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.

27067 - (MSPT-Sep2020) Microsoft Windows Text Service Module Remote Code Execution (CVE-2020-0908)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0908

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Text Service Module component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27070 - (MSPT-Sep2020) Microsoft Windows Routing Utilities Denial of Service (CVE-2020-1038)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1038

Description A vulnerability in some versions of Microsoft Windows could lead to a denial of service.

Observation A vulnerability in some versions of Microsoft Windows could lead to a denial of service.

The flaw lies in the Routing Utilities component. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.

27073 - (MSPT-Sep2020) Microsoft Windows DNS Denial of Service (CVE-2020-1228)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1228

Description A vulnerability in some versions of Microsoft Windows could lead to a denial of service.

Observation A vulnerability in some versions of Microsoft Windows could lead to a denial of service.

27075 - (MSPT-Sep2020) Microsoft Media Audio Decoder Improperly Handles Objects in Memory Remote Code Execution (CVE-2020-1508)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1508

Description A vulnerability in some versions of Microsoft Media Audio Decoder could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Media Audio Decoder could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27077 - (MSPT-Sep2020) Microsoft Windows Media Audio Decoder Remote Code Execution (CVE-2020-1593)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1593

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Media Audio Decoder component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27085 - (MSPT-Sep2020) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2020-1039)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1039

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Jet Database Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27086 - (MSPT-Sep2020) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2020-1074) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1074

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

27088 - (MSPT-Sep2020) Microsoft Active Directory ADIDNS Remote Code Execution (CVE-2020-0718)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0718

Description A vulnerability in some versions of Microsoft Active Directory could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Active Directory could lead to remote code execution.

The flaw lies in the ADIDNS component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27089 - (MSPT-Sep2020) Microsoft Active Directory ADIDNS Remote Code Execution (CVE-2020-0761)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0761

Description A vulnerability in some versions of Microsoft Active Directory could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Active Directory could lead to remote code execution.

27092 - (MSPT-Sep2020) Microsoft Browsers Improperly Access Objects in Memory Remote Code Execution (CVE-2020- 0878)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0878 Description A vulnerability in some versions of Microsoft Browsers could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Browsers could lead to remote code execution.

The flaw lies in the Improperly Access Objects in Memory component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27093 - (MSPT-Sep2020) Microsoft ChakraCore Scripting Engine Remote Code Execution (CVE-2020-1057)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1057

Description A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.

The flaw lies in the Scripting Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27094 - (MSPT-Sep2020) Microsoft ChakraCore Improperly Handles Objects in Memory Remote Code Execution (CVE- 2020-1172)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1172

Description A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27095 - (MSPT-Sep2020) Microsoft ChakraCore Improperly Handles Objects in Memory Remote Code Execution (CVE- 2020-1180)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1180

Description A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution. Observation A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27106 - (MSPT-Sep2020) Microsoft Windows COM Remote Code Execution (CVE-2020-0922)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0922

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the COM component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27119 - (MSPT-Sep2020) Microsoft Dynamics 365 Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-2020-16858)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16858

Description A vulnerability in some versions of Microsoft Dynamics 365 could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Dynamics 365 could lead to remote code execution.

27120 - (MSPT-Sep2020) Microsoft Dynamics 365 Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-2020-16859)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16859

Description A vulnerability in some versions of Microsoft Dynamics 365 could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Dynamics 365 could lead to remote code execution. The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27121 - (MSPT-Sep2020) Microsoft Microsoft Dynamics 365 Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-202

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16861

Description A vulnerability in some versions of Microsoft Microsoft Dynamics 365 could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 365 could lead to remote code execution.

27122 - (MSPT-Sep2020) (CVE-2020-16862) Microsoft Microsoft Dynamics 366 Properly Sanitize a Specially Crafted Web Request Remote Code E

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16862

Description A vulnerability in some versions of Microsoft Microsoft Dynamics 366 could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 366 could lead to remote code execution.

27123 - (MSPT-Sep2020) Microsoft Microsoft Dynamics 366 Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-202

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16871

Description A vulnerability in some versions of Microsoft Microsoft Dynamics 366 could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 366 could lead to remote code execution.

The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document. 27124 - (MSPT-Sep2020) Microsoft Microsoft Dynamics 367 Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-202

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16872

Description A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to remote code execution.

27127 - (MSPT-Sep2020) Microsoft Dynamics 365 (on-premises) Improperly Sanitize a Specially Crafted Web Request Remote Code Execution (C

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16878

Description A vulnerability in some versions of Microsoft Dynamics 365 (on-premises) could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Dynamics 365 (on-premises) could lead to remote code execution.

The flaw lies in the Improperly Sanitize a Specially Crafted Web Request component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27128 - (MSPT-Sep2020) Microsoft Exchange Improperly Handles Objects in Memory Remote Code Execution (CVE-2020- 16875)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16875

Description A vulnerability in some versions of Microsoft Exchange could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Exchange could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27133 - (MSPT-Sep2020) Microsoft Visual Studio Improperly Handles Objects in Memory Remote Code Execution (CVE- 2020-16856)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16856

Description A vulnerability in some versions of Microsoft Visual Studio could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Visual Studio could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27134 - (MSPT-Sep2020) Microsoft Visual Studio Improperly Handles Objects in Memory Remote Code Execution (CVE- 2020-16874)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16874

Description A vulnerability in some versions of Microsoft Visual Studio could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Visual Studio could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27141 - (MSPT-Sep2020) Microsoft Word Remote Code Execution (CVE-2020-1338)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1338

Description A vulnerability in some versions of Microsoft Word could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Word could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27143 - (MSPT-Sep2020) Microsoft SharePoint Server Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-2020-119

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1198

Description A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.

Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.

The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by an attacker could result in the disclosure of sensitive information.

27144 - (MSPT-Sep2020) Microsoft SharePoint Remote Code Execution (CVE-2020-1200)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1200

Description A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

The flaw lies in improperly check the source markup of a package. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27147 - (MSPT-Sep2020) Microsoft SharePoint Server XSS Vulnerability (CVE-2020-1345)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1345

Description A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.

Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.

The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the Cross Site Scripting Attack.

27148 - (MSPT-Sep2020) Microsoft SharePoint Server XSS Vulnerability (CVE-2020-1482)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1482

Description A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.

Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.

The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the Cross Site Scripting Attack.

27151 - (MSPT-Sep2020) Microsoft SharePoint APIs Remote Code Execution (CVE-2020-1595)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1595

Description A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

The flaw lies in the APIs component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27152 - (MSPT-Sep2020) Microsoft Sharepoint Remote Code Execution (CVE-2020-1210)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1210

Description A vulnerability in some versions of Microsoft Sharepoint could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Sharepoint could lead to remote code execution.

The flaw lies in improperly check the source markup of a package. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27154 - (MSPT-Sep2020) Microsoft SharePoint Remote Code Execution (CVE-2020-1452)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1452

Description A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution. The flaw lies in improperly check the source markup of a package. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27155 - (MSPT-Sep2020) Microsoft SharePoint Remote Code Execution (CVE-2020-1453)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1453

Description A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

The flaw lies in improperly check the source markup of a package. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27156 - (MSPT-Sep2020) Microsoft SharePoint Server ASP.Net Remote Code Execution (CVE-2020-1460)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1460

Description A vulnerability in some versions of Microsoft SharePoint Server could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to remote code execution.

The flaw lies in the ASP.Net component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27157 - (MSPT-Sep2020) Microsoft SharePoint XSS Vulnerability (CVE-2020-1514)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1514

Description A vulnerability in some versions of Microsoft SharePoint Server could lead to cross site scripting attack.

Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to cross site scripting attack

The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

27159 - (MSPT-Sep2020) Microsoft Windows Visual Studio Code Remote Code Execution (CVE-2020-16881) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16881

Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Visual Studio Code component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27160 - (MSPT-Sep2020) Microsoft ASP.NET Core Improperly Parses Encoded Cookie Names Remote Code Execution (CVE-2020-1045)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1045

Description A vulnerability in some versions of Microsoft ASP.NET Core could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft ASP.NET Core could lead to remote code execution.

The flaw lies in improperly parses encoded cookie names. Successful exploitation by a remote attacker could result in the execution of arbitrary code.

132540 - Oracle VM OVMSA-2020-0041 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle VM Patches and Hotfixes Risk Level: High CVE: CVE-2017-16644, CVE-2019-10638, CVE-2019-10639, CVE-2019-19049, CVE-2019-19062, CVE-2019-19535, CVE-2019- 20811, CVE-2020-10732

Description The scan detected that the host is missing the following update: OVMSA-2020-0041

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/oraclevm-errata/2020-September/000999.html

OVM3.4 x86_64 kernel-uek-4.1.12-124.42.3.el6uek kernel-uek-firmware-4.1.12-124.42.3.el6uek 149347 - SuSE SLES 12 SP5 SUSE-SU-2020:2475-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14363

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2475-1

SuSE SLES 12 SP5 noarch libX11-data-1.6.2-12.15.1 x86_64 libX11-6-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1

149348 - SuSE Linux 15.1 openSUSE-SU-2020:1405-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14039, CVE-2020-15586, CVE-2020-16845

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1405-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00092.html

SuSE Linux 15.1 x86_64 go1.14-doc-1.14.7-lp151.13.1 go1.14-race-1.14.7-lp151.13.1 go1.14-1.14.7-lp151.13.1

149349 - SuSE Linux 15.1 openSUSE-SU-2020:1416-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15719

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1416-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00104.html

SuSE Linux 15.1 i586 openldap2-back-sock-2.4.46-lp151.10.15.1 openldap2-back-sql-debuginfo-2.4.46-lp151.10.15.1 libldap-2_4-2-debuginfo-2.4.46-lp151.10.15.1 openldap2-devel-2.4.46-lp151.10.15.1 openldap2-back-meta-debuginfo-2.4.46-lp151.10.15.1 openldap2-2.4.46-lp151.10.15.1 openldap2-devel-static-2.4.46-lp151.10.15.1 openldap2-client-2.4.46-lp151.10.15.1 openldap2-back-sock-debuginfo-2.4.46-lp151.10.15.1 openldap2-debugsource-2.4.46-lp151.10.15.1 libldap-2_4-2-2.4.46-lp151.10.15.1 openldap2-back-sql-2.4.46-lp151.10.15.1 openldap2-back-meta-2.4.46-lp151.10.15.1 openldap2-ppolicy-check-password-debuginfo-1.2-lp151.10.15.1 openldap2-ppolicy-check-password-1.2-lp151.10.15.1 openldap2-back-perl-debuginfo-2.4.46-lp151.10.15.1 openldap2-debuginfo-2.4.46-lp151.10.15.1 openldap2-client-debuginfo-2.4.46-lp151.10.15.1 openldap2-back-perl-2.4.46-lp151.10.15.1 openldap2-contrib-debuginfo-2.4.46-lp151.10.15.1 openldap2-contrib-2.4.46-lp151.10.15.1 noarch openldap2-doc-2.4.46-lp151.10.15.1 libldap-data-2.4.46-lp151.10.15.1 x86_64 libldap-2_4-2-32bit-debuginfo-2.4.46-lp151.10.15.1 openldap2-back-sock-2.4.46-lp151.10.15.1 openldap2-back-sql-debuginfo-2.4.46-lp151.10.15.1 libldap-2_4-2-debuginfo-2.4.46-lp151.10.15.1 openldap2-devel-2.4.46-lp151.10.15.1 openldap2-back-meta-debuginfo-2.4.46-lp151.10.15.1 openldap2-2.4.46-lp151.10.15.1 openldap2-devel-static-2.4.46-lp151.10.15.1 openldap2-client-2.4.46-lp151.10.15.1 openldap2-back-sock-debuginfo-2.4.46-lp151.10.15.1 openldap2-debugsource-2.4.46-lp151.10.15.1 libldap-2_4-2-2.4.46-lp151.10.15.1 openldap2-back-sql-2.4.46-lp151.10.15.1 openldap2-devel-32bit-2.4.46-lp151.10.15.1 openldap2-back-meta-2.4.46-lp151.10.15.1 openldap2-ppolicy-check-password-debuginfo-1.2-lp151.10.15.1 openldap2-ppolicy-check-password-1.2-lp151.10.15.1 openldap2-back-perl-debuginfo-2.4.46-lp151.10.15.1 libldap-2_4-2-32bit-2.4.46-lp151.10.15.1 openldap2-debuginfo-2.4.46-lp151.10.15.1 openldap2-client-debuginfo-2.4.46-lp151.10.15.1 openldap2-back-perl-2.4.46-lp151.10.15.1 openldap2-contrib-debuginfo-2.4.46-lp151.10.15.1 openldap2-contrib-2.4.46-lp151.10.15.1

149351 - SuSE SLED 15 SP2 SUSE-SU-2020:2486-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-16166

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2486-1

SuSE SLED 15 SP2 x86_64 kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-extra-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 kernel-default-extra-5.3.18-24.12.1

149352 - SuSE Linux 15.1 openSUSE-SU-2020:1413-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13790

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1413-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00099.html

SuSE Linux 15.1 x86_64 libturbojpeg0-32bit-8.1.2-lp151.6.6.1 libjpeg-turbo-1.5.3-lp151.6.6.1 libturbojpeg0-debuginfo-8.1.2-lp151.6.6.1 libjpeg62-turbo-debugsource-1.5.3-lp151.6.6.1 libjpeg62-32bit-62.2.0-lp151.6.6.1 libjpeg62-debuginfo-62.2.0-lp151.6.6.1 libturbojpeg0-8.1.2-lp151.6.6.1 libjpeg8-32bit-8.1.2-lp151.6.6.1 libjpeg-turbo-debugsource-1.5.3-lp151.6.6.1 libjpeg62-62.2.0-lp151.6.6.1 libjpeg62-32bit-debuginfo-62.2.0-lp151.6.6.1 libjpeg8-32bit-debuginfo-8.1.2-lp151.6.6.1 libjpeg62-devel-32bit-62.2.0-lp151.6.6.1 libjpeg62-devel-62.2.0-lp151.6.6.1 libjpeg8-8.1.2-lp151.6.6.1 libjpeg8-devel-32bit-8.1.2-lp151.6.6.1 libjpeg8-debuginfo-8.1.2-lp151.6.6.1 libjpeg-turbo-debuginfo-1.5.3-lp151.6.6.1 libturbojpeg0-32bit-debuginfo-8.1.2-lp151.6.6.1 libjpeg8-devel-8.1.2-lp151.6.6.1 libjpeg62-turbo-1.5.3-lp151.6.6.1 i586 libjpeg-turbo-1.5.3-lp151.6.6.1 libturbojpeg0-debuginfo-8.1.2-lp151.6.6.1 libjpeg62-turbo-debugsource-1.5.3-lp151.6.6.1 libjpeg62-debuginfo-62.2.0-lp151.6.6.1 libturbojpeg0-8.1.2-lp151.6.6.1 libjpeg-turbo-debugsource-1.5.3-lp151.6.6.1 libjpeg62-62.2.0-lp151.6.6.1 libjpeg62-devel-62.2.0-lp151.6.6.1 libjpeg8-8.1.2-lp151.6.6.1 libjpeg8-debuginfo-8.1.2-lp151.6.6.1 libjpeg-turbo-debuginfo-1.5.3-lp151.6.6.1 libjpeg8-devel-8.1.2-lp151.6.6.1 libjpeg62-turbo-1.5.3-lp151.6.6.1

149353 - SuSE SLES 12 SP5 SUSE-SU-2020:2482-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-17639, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020- 14621

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2482-1

SuSE SLES 12 SP5 x86_64 java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1

149354 - SuSE SLED 15 SP1 SUSE-SU-2020:2481-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14361, CVE-2020-14362

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2481-1

SuSE SLED 15 SP1 x86_64 xorg-x11-server-debugsource-1.20.3-14.5.5.2 xorg-x11-server-debuginfo-1.20.3-14.5.5.2 xorg-x11-server-wayland-1.20.3-14.5.5.2 xorg-x11-server-wayland-debuginfo-1.20.3-14.5.5.2

149355 - SuSE SLES 12 SP5 SUSE-SU-2020:2461-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-17639, CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020- 14583, CVE-2020-14593, CVE-2020-14621

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2461-1

SuSE SLES 12 SP5 x86_64 java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1

149356 - SuSE Linux 15.1 openSUSE-SU-2020:1421-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-12693

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1421-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00109.html

SuSE Linux 15.1 x86_64 libpmi0-18.08.9-lp151.2.10.1 slurm-pam_slurm-18.08.9-lp151.2.10.1 slurm-lua-18.08.9-lp151.2.10.1 slurm-sjstat-18.08.9-lp151.2.10.1 slurm-sql-debuginfo-18.08.9-lp151.2.10.1 slurm-18.08.9-lp151.2.10.1 slurm-debugsource-18.08.9-lp151.2.10.1 slurm-auth-none-18.08.9-lp151.2.10.1 slurm-node-18.08.9-lp151.2.10.1 slurm-sview-18.08.9-lp151.2.10.1 slurm-webdoc-18.08.9-lp151.2.10.1 slurm-lua-debuginfo-18.08.9-lp151.2.10.1 perl-slurm-18.08.9-lp151.2.10.1 slurm-torque-18.08.9-lp151.2.10.1 libpmi0-debuginfo-18.08.9-lp151.2.10.1 slurm-cray-debuginfo-18.08.9-lp151.2.10.1 slurm-seff-18.08.9-lp151.2.10.1 slurm-hdf5-debuginfo-18.08.9-lp151.2.10.1 slurm-openlava-18.08.9-lp151.2.10.1 slurm-auth-none-debuginfo-18.08.9-lp151.2.10.1 slurm-munge-18.08.9-lp151.2.10.1 slurm-slurmdbd-debuginfo-18.08.9-lp151.2.10.1 slurm-plugins-debuginfo-18.08.9-lp151.2.10.1 libslurm33-18.08.9-lp151.2.10.1 slurm-config-18.08.9-lp151.2.10.1 slurm-doc-18.08.9-lp151.2.10.1 slurm-sql-18.08.9-lp151.2.10.1 perl-slurm-debuginfo-18.08.9-lp151.2.10.1 slurm-node-debuginfo-18.08.9-lp151.2.10.1 slurm-devel-18.08.9-lp151.2.10.1 slurm-slurmdbd-18.08.9-lp151.2.10.1 slurm-config-man-18.08.9-lp151.2.10.1 slurm-pam_slurm-debuginfo-18.08.9-lp151.2.10.1 slurm-cray-18.08.9-lp151.2.10.1 slurm-plugins-18.08.9-lp151.2.10.1 libslurm33-debuginfo-18.08.9-lp151.2.10.1 slurm-hdf5-18.08.9-lp151.2.10.1 slurm-debuginfo-18.08.9-lp151.2.10.1 slurm-munge-debuginfo-18.08.9-lp151.2.10.1 slurm-torque-debuginfo-18.08.9-lp151.2.10.1 slurm-sview-debuginfo-18.08.9-lp151.2.10.1

149357 - SuSE SLES 12 SP5 SUSE-SU-2020:2627-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-10713

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2627-1

SuSE SLES 12 SP5 x86_64 shim-15+git47-25.11.1

149359 - SuSE SLED 15 SP1, 15 SP2 SUSE-SU-2020:2552-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15669

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2552-1

SuSE SLED 15 SP1 x86_64 MozillaThunderbird-translations-common-68.12.0-3.94.1 MozillaThunderbird-translations-other-68.12.0-3.94.1 MozillaThunderbird-debuginfo-68.12.0-3.94.1 MozillaThunderbird-68.12.0-3.94.1 MozillaThunderbird-debugsource-68.12.0-3.94.1

SuSE SLED 15 SP2 x86_64 MozillaThunderbird-translations-common-68.12.0-3.94.1 MozillaThunderbird-translations-other-68.12.0-3.94.1 MozillaThunderbird-debuginfo-68.12.0-3.94.1 MozillaThunderbird-68.12.0-3.94.1 MozillaThunderbird-debugsource-68.12.0-3.94.1

149361 - SuSE Linux 15.1 openSUSE-SU-2020:1345-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-8231

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1345-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00029.html

SuSE Linux 15.1 x86_64 libcurl-mini-devel-7.60.0-lp151.5.15.1 libcurl-devel-7.60.0-lp151.5.15.1 libcurl4-32bit-debuginfo-7.60.0-lp151.5.15.1 libcurl4-32bit-7.60.0-lp151.5.15.1 libcurl4-debuginfo-7.60.0-lp151.5.15.1 libcurl4-mini-debuginfo-7.60.0-lp151.5.15.1 curl-7.60.0-lp151.5.15.1 curl-debugsource-7.60.0-lp151.5.15.1 libcurl-devel-32bit-7.60.0-lp151.5.15.1 libcurl4-7.60.0-lp151.5.15.1 curl-mini-debuginfo-7.60.0-lp151.5.15.1 curl-mini-7.60.0-lp151.5.15.1 libcurl4-mini-7.60.0-lp151.5.15.1 curl-mini-debugsource-7.60.0-lp151.5.15.1 curl-debuginfo-7.60.0-lp151.5.15.1 i586 curl-7.60.0-lp151.5.15.1 curl-mini-7.60.0-lp151.5.15.1 libcurl4-debuginfo-7.60.0-lp151.5.15.1 curl-mini-debugsource-7.60.0-lp151.5.15.1 libcurl4-7.60.0-lp151.5.15.1 curl-debuginfo-7.60.0-lp151.5.15.1 curl-mini-debuginfo-7.60.0-lp151.5.15.1 libcurl-devel-7.60.0-lp151.5.15.1 libcurl4-mini-7.60.0-lp151.5.15.1 libcurl-mini-devel-7.60.0-lp151.5.15.1 libcurl4-mini-debuginfo-7.60.0-lp151.5.15.1 curl-debugsource-7.60.0-lp151.5.15.1

149362 - SuSE SLES 12 SP5 SUSE-SU-2020:2544-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15670

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2544-1

SuSE SLES 12 SP5 x86_64 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2

149364 - SuSE Linux 15.2 openSUSE-SU-2020:1326-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14349, CVE-2020-14350

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1326-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00016.html

SuSE Linux 15.2 i586 postgresql10-pltcl-debuginfo-10.14-lp152.2.6.2 postgresql10-plperl-debuginfo-10.14-lp152.2.6.2 postgresql10-contrib-10.14-lp152.2.6.2 postgresql10-contrib-debuginfo-10.14-lp152.2.6.2 postgresql10-server-10.14-lp152.2.6.2 postgresql10-plperl-10.14-lp152.2.6.2 postgresql10-devel-10.14-lp152.2.6.2 postgresql10-pltcl-10.14-lp152.2.6.2 postgresql10-test-10.14-lp152.2.6.2 postgresql10-debugsource-10.14-lp152.2.6.2 postgresql10-plpython-10.14-lp152.2.6.2 postgresql10-server-debuginfo-10.14-lp152.2.6.2 postgresql10-devel-debuginfo-10.14-lp152.2.6.2 postgresql10-plpython-debuginfo-10.14-lp152.2.6.2 postgresql10-debuginfo-10.14-lp152.2.6.2 postgresql10-10.14-lp152.2.6.2 noarch postgresql10-docs-10.14-lp152.2.6.2 x86_64 postgresql10-pltcl-debuginfo-10.14-lp152.2.6.2 postgresql10-plperl-debuginfo-10.14-lp152.2.6.2 postgresql10-contrib-10.14-lp152.2.6.2 postgresql10-contrib-debuginfo-10.14-lp152.2.6.2 postgresql10-server-10.14-lp152.2.6.2 postgresql10-plperl-10.14-lp152.2.6.2 postgresql10-devel-10.14-lp152.2.6.2 postgresql10-pltcl-10.14-lp152.2.6.2 postgresql10-test-10.14-lp152.2.6.2 postgresql10-debugsource-10.14-lp152.2.6.2 postgresql10-plpython-10.14-lp152.2.6.2 postgresql10-server-debuginfo-10.14-lp152.2.6.2 postgresql10-devel-debuginfo-10.14-lp152.2.6.2 postgresql10-plpython-debuginfo-10.14-lp152.2.6.2 postgresql10-debuginfo-10.14-lp152.2.6.2 postgresql10-10.14-lp152.2.6.2 149366 - SuSE Linux 15.1 openSUSE-SU-2020:1368-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14363

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1368-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00063.html

SuSE Linux 15.1 i586 libX11-xcb1-1.6.5-lp151.4.9.1 libX11-xcb1-debuginfo-1.6.5-lp151.4.9.1 libX11-6-1.6.5-lp151.4.9.1 libX11-6-debuginfo-1.6.5-lp151.4.9.1 libX11-debugsource-1.6.5-lp151.4.9.1 libX11-devel-1.6.5-lp151.4.9.1 noarch libX11-data-1.6.5-lp151.4.9.1 x86_64 libX11-xcb1-32bit-1.6.5-lp151.4.9.1 libX11-xcb1-1.6.5-lp151.4.9.1 libX11-6-32bit-debuginfo-1.6.5-lp151.4.9.1 libX11-xcb1-debuginfo-1.6.5-lp151.4.9.1 libX11-6-32bit-1.6.5-lp151.4.9.1 libX11-6-1.6.5-lp151.4.9.1 libX11-6-debuginfo-1.6.5-lp151.4.9.1 libX11-xcb1-32bit-debuginfo-1.6.5-lp151.4.9.1 libX11-debugsource-1.6.5-lp151.4.9.1 libX11-devel-1.6.5-lp151.4.9.1 libX11-devel-32bit-1.6.5-lp151.4.9.1

149367 - SuSE SLES 12 SP5 SUSE-SU-2020:2578-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14386

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2578-1

SuSE SLES 12 SP5 x86_64 kernel-azure-debuginfo-4.12.14-16.28.1 kernel-syms-azure-4.12.14-16.28.1 kernel-azure-base-debuginfo-4.12.14-16.28.1 kernel-azure-devel-4.12.14-16.28.1 kernel-azure-base-4.12.14-16.28.1 kernel-azure-4.12.14-16.28.1 kernel-azure-debugsource-4.12.14-16.28.1 noarch kernel-source-azure-4.12.14-16.28.1 kernel-devel-azure-4.12.14-16.28.1

149368 - SuSE Linux 15.1 openSUSE-SU-2020:1430-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-24977

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1430-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00111.html

SuSE Linux 15.1 i586 python3-libxml2-python-2.9.7-lp151.5.15.1 python3-libxml2-python-debuginfo-2.9.7-lp151.5.15.1 libxml2-2-debuginfo-2.9.7-lp151.5.15.1 libxml2-2-2.9.7-lp151.5.15.1 libxml2-debugsource-2.9.7-lp151.5.15.1 libxml2-devel-2.9.7-lp151.5.15.1 libxml2-tools-2.9.7-lp151.5.15.1 python2-libxml2-python-debuginfo-2.9.7-lp151.5.15.1 python-libxml2-python-debugsource-2.9.7-lp151.5.15.1 python2-libxml2-python-2.9.7-lp151.5.15.1 libxml2-tools-debuginfo-2.9.7-lp151.5.15.1 noarch libxml2-doc-2.9.7-lp151.5.15.1 x86_64 python3-libxml2-python-debuginfo-2.9.7-lp151.5.15.1 libxml2-2-32bit-2.9.7-lp151.5.15.1 python2-libxml2-python-2.9.7-lp151.5.15.1 libxml2-2-debuginfo-2.9.7-lp151.5.15.1 libxml2-debugsource-2.9.7-lp151.5.15.1 python2-libxml2-python-debuginfo-2.9.7-lp151.5.15.1 libxml2-2-2.9.7-lp151.5.15.1 libxml2-devel-32bit-2.9.7-lp151.5.15.1 libxml2-devel-2.9.7-lp151.5.15.1 libxml2-tools-2.9.7-lp151.5.15.1 python3-libxml2-python-2.9.7-lp151.5.15.1 libxml2-tools-debuginfo-2.9.7-lp151.5.15.1 libxml2-2-32bit-debuginfo-2.9.7-lp151.5.15.1 python-libxml2-python-debugsource-2.9.7-lp151.5.15.1

149369 - SuSE SLES 12 SP5, SLED 12 SP5 SUSE-SU-2020:2574-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-14386, CVE-2020-16166, CVE-2020-1749, CVE-2020- 24394

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2574-1

SuSE SLED 12 SP5 x86_64 kernel-default-extra-4.12.14-122.37.1 kernel-default-extra-debuginfo-4.12.14-122.37.1 kernel-default-debugsource-4.12.14-122.37.1 kernel-default-debuginfo-4.12.14-122.37.1

SuSE SLES 12 SP5 noarch kernel-devel-4.12.14-122.37.1 kernel-macros-4.12.14-122.37.1 kernel-source-4.12.14-122.37.1 x86_64 kernel-syms-4.12.14-122.37.1 kernel-default-base-debuginfo-4.12.14-122.37.1 kernel-default-4.12.14-122.37.1 kernel-default-base-4.12.14-122.37.1 kernel-default-devel-debuginfo-4.12.14-122.37.1 kernel-default-devel-4.12.14-122.37.1 kernel-default-debugsource-4.12.14-122.37.1 kernel-default-debuginfo-4.12.14-122.37.1

149370 - SuSE SLED 15 SP1 SUSE-SU-2020:2575-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-10135, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-14386, CVE-2020-16166, CVE-2020- 1749, CVE-2020-24394

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2575-1

SuSE SLED 15 SP1 x86_64 kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 kernel-default-extra-4.12.14-197.56.1 kernel-default-extra-debuginfo-4.12.14-197.56.1

149371 - SuSE SLES 12 SP5 SUSE-SU-2020:2450-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-11985, CVE-2020-11993, CVE-2020-9490

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2450-1

SuSE SLES 12 SP5 noarch apache2-doc-2.4.23-29.63.1 x86_64 apache2-utils-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1

149372 - SuSE Linux 15.2 openSUSE-SU-2020:1382-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14314, CVE-2020-14386

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1382-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00072.html

SuSE Linux 15.2 x86_64 kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2 kernel-obs-build-debugsource-5.3.18-lp152.41.1 kernel-preempt-5.3.18-lp152.41.1 kernel-preempt-debugsource-5.3.18-lp152.41.1 kernel-default-5.3.18-lp152.41.1 kernel-kvmsmall-debugsource-5.3.18-lp152.41.1 kernel-kvmsmall-5.3.18-lp152.41.1 kernel-debug-debuginfo-5.3.18-lp152.41.1 kernel-kvmsmall-devel-5.3.18-lp152.41.1 kernel-debug-devel-debuginfo-5.3.18-lp152.41.1 kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.41.1 kernel-obs-qa-5.3.18-lp152.41.1 kernel-default-devel-5.3.18-lp152.41.1 kernel-preempt-debuginfo-5.3.18-lp152.41.1 kernel-kvmsmall-debuginfo-5.3.18-lp152.41.1 kernel-debug-debugsource-5.3.18-lp152.41.1 kernel-debug-devel-5.3.18-lp152.41.1 kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2 kernel-debug-5.3.18-lp152.41.1 kernel-preempt-devel-debuginfo-5.3.18-lp152.41.1 kernel-default-devel-debuginfo-5.3.18-lp152.41.1 kernel-preempt-devel-5.3.18-lp152.41.1 kernel-default-debuginfo-5.3.18-lp152.41.1 kernel-obs-build-5.3.18-lp152.41.1 kernel-default-debugsource-5.3.18-lp152.41.1 kernel-syms-5.3.18-lp152.41.1 noarch kernel-docs-html-5.3.18-lp152.41.1 kernel-source-vanilla-5.3.18-lp152.41.1 kernel-source-5.3.18-lp152.41.1 kernel-docs-5.3.18-lp152.41.1 kernel-macros-5.3.18-lp152.41.1 kernel-devel-5.3.18-lp152.41.1

149373 - SuSE SLED 15 SP2 SUSE-SU-2020:2577-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14386

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2577-1

SuSE SLED 15 SP2 x86_64 kernel-default-extra-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-extra-debuginfo-5.3.18-24.15.1

149374 - SuSE Linux 15.2 openSUSE-SU-2020:1370-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14363

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1370-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00062.html

SuSE Linux 15.2 i586 libX11-xcb1-debuginfo-1.6.5-lp152.5.9.1 libX11-6-1.6.5-lp152.5.9.1 libX11-6-debuginfo-1.6.5-lp152.5.9.1 libX11-xcb1-1.6.5-lp152.5.9.1 libX11-devel-1.6.5-lp152.5.9.1 libX11-debugsource-1.6.5-lp152.5.9.1 noarch libX11-data-1.6.5-lp152.5.9.1 x86_64 libX11-6-32bit-1.6.5-lp152.5.9.1 libX11-xcb1-debuginfo-1.6.5-lp152.5.9.1 libX11-xcb1-32bit-debuginfo-1.6.5-lp152.5.9.1 libX11-6-1.6.5-lp152.5.9.1 libX11-xcb1-32bit-1.6.5-lp152.5.9.1 libX11-6-debuginfo-1.6.5-lp152.5.9.1 libX11-xcb1-1.6.5-lp152.5.9.1 libX11-devel-32bit-1.6.5-lp152.5.9.1 libX11-devel-1.6.5-lp152.5.9.1 libX11-debugsource-1.6.5-lp152.5.9.1 libX11-6-32bit-debuginfo-1.6.5-lp152.5.9.1

149375 - SuSE SLES 12 SP5 SUSE-SU-2020:2570-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13790

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2570-1

SuSE SLES 12 SP5 x86_64 libjpeg62-debuginfo-62.2.0-31.22.2 libjpeg8-debuginfo-8.1.2-31.22.2 libjpeg62-turbo-1.5.3-31.22.2 libjpeg-turbo-debuginfo-1.5.3-31.22.2 libjpeg8-32bit-8.1.2-31.22.2 libjpeg8-debuginfo-32bit-8.1.2-31.22.2 libturbojpeg0-debuginfo-8.1.2-31.22.2 libjpeg62-62.2.0-31.22.2 libjpeg62-turbo-debugsource-1.5.3-31.22.2 libturbojpeg0-8.1.2-31.22.2 libjpeg8-8.1.2-31.22.2 libjpeg62-32bit-62.2.0-31.22.2 libjpeg-turbo-debugsource-1.5.3-31.22.2 libjpeg-turbo-1.5.3-31.22.2 libjpeg62-debuginfo-32bit-62.2.0-31.22.2

149376 - SuSE SLED 15 SP2 SUSE-SU-2020:2452-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14361, CVE-2020-14362

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2452-1

SuSE SLED 15 SP2 x86_64 xorg-x11-server-debuginfo-1.20.3-22.5.5.1 xorg-x11-server-wayland-1.20.3-22.5.5.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.5.1 xorg-x11-server-debugsource-1.20.3-22.5.5.1

149377 - SuSE Linux 15.1 openSUSE-SU-2020:1384-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15670

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1384-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00070.html

SuSE Linux 15.1 x86_64 MozillaFirefox-translations-other-78.2.0-lp151.2.65.1 MozillaFirefox-debugsource-78.2.0-lp151.2.65.1 MozillaFirefox-devel-78.2.0-lp151.2.65.1 MozillaFirefox-translations-common-78.2.0-lp151.2.65.1 MozillaFirefox-buildsymbols-78.2.0-lp151.2.65.1 MozillaFirefox-branding-upstream-78.2.0-lp151.2.65.1 MozillaFirefox-78.2.0-lp151.2.65.1 MozillaFirefox-debuginfo-78.2.0-lp151.2.65.1

149378 - SuSE Linux 15.1 openSUSE-SU-2020:1332-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15103

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1332-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00021.html

SuSE Linux 15.1 x86_64 freerdp-debuginfo-2.1.2-lp151.5.9.1 freerdp-2.1.2-lp151.5.9.1 freerdp-devel-2.1.2-lp151.5.9.1 libfreerdp2-2.1.2-lp151.5.9.1 freerdp-proxy-2.1.2-lp151.5.9.1 uwac0-0-devel-2.1.2-lp151.5.9.1 libwinpr2-debuginfo-2.1.2-lp151.5.9.1 freerdp-proxy-debuginfo-2.1.2-lp151.5.9.1 libuwac0-0-2.1.2-lp151.5.9.1 libfreerdp2-debuginfo-2.1.2-lp151.5.9.1 freerdp-server-debuginfo-2.1.2-lp151.5.9.1 libwinpr2-2.1.2-lp151.5.9.1 freerdp-debugsource-2.1.2-lp151.5.9.1 freerdp-wayland-debuginfo-2.1.2-lp151.5.9.1 freerdp-server-2.1.2-lp151.5.9.1 libuwac0-0-debuginfo-2.1.2-lp151.5.9.1 freerdp-wayland-2.1.2-lp151.5.9.1 winpr2-devel-2.1.2-lp151.5.9.1

149379 - SuSE Linux 15.1 openSUSE-SU-2020:1374-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14361, CVE-2020-14362

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1374-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00049.html

SuSE Linux 15.1 x86_64 xorg-x11-server-wayland-1.20.3-lp151.4.6.1 xorg-x11-server-extra-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-debugsource-1.20.3-lp151.4.6.1 xorg-x11-server-extra-1.20.3-lp151.4.6.1 xorg-x11-server-wayland-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-sdk-1.20.3-lp151.4.6.1 xorg-x11-server-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-1.20.3-lp151.4.6.1 xorg-x11-server-source-1.20.3-lp151.4.6.1 i586 xorg-x11-server-wayland-1.20.3-lp151.4.6.1 xorg-x11-server-extra-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-debugsource-1.20.3-lp151.4.6.1 xorg-x11-server-extra-1.20.3-lp151.4.6.1 xorg-x11-server-wayland-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-sdk-1.20.3-lp151.4.6.1 xorg-x11-server-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-1.20.3-lp151.4.6.1 xorg-x11-server-source-1.20.3-lp151.4.6.1

149380 - SuSE Linux 15.1 openSUSE-SU-2020:1383-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15669

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1383-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00071.html

SuSE Linux 15.1 x86_64 MozillaThunderbird-debuginfo-68.12.0-lp151.2.50.1 MozillaThunderbird-translations-common-68.12.0-lp151.2.50.1 MozillaThunderbird-translations-other-68.12.0-lp151.2.50.1 MozillaThunderbird-68.12.0-lp151.2.50.1 MozillaThunderbird-debugsource-68.12.0-lp151.2.50.1

149381 - SuSE Linux 15.1 openSUSE-SU-2020:1379-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14386

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1379-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00065.html

SuSE Linux 15.1 x86_64 kernel-default-4.12.14-lp151.28.67.2 kernel-default-debuginfo-4.12.14-lp151.28.67.2 kernel-debug-4.12.14-lp151.28.67.2 kernel-vanilla-debugsource-4.12.14-lp151.28.67.2 kernel-debug-devel-4.12.14-lp151.28.67.2 kernel-debug-base-debuginfo-4.12.14-lp151.28.67.2 kernel-vanilla-devel-4.12.14-lp151.28.67.2 kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.67.2 kernel-syms-4.12.14-lp151.28.67.1 kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.67.2 kernel-vanilla-base-debuginfo-4.12.14-lp151.28.67.2 kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.67.2 kernel-debug-base-4.12.14-lp151.28.67.2 kernel-kvmsmall-devel-4.12.14-lp151.28.67.2 kernel-obs-qa-4.12.14-lp151.28.67.2 kernel-kvmsmall-4.12.14-lp151.28.67.2 kernel-kvmsmall-debugsource-4.12.14-lp151.28.67.2 kernel-debug-devel-debuginfo-4.12.14-lp151.28.67.2 kernel-vanilla-4.12.14-lp151.28.67.2 kernel-kvmsmall-base-4.12.14-lp151.28.67.2 kernel-default-base-debuginfo-4.12.14-lp151.28.67.2 kernel-obs-build-4.12.14-lp151.28.67.2 kernel-default-base-4.12.14-lp151.28.67.2 kernel-debug-debugsource-4.12.14-lp151.28.67.2 kernel-vanilla-debuginfo-4.12.14-lp151.28.67.2 kernel-debug-debuginfo-4.12.14-lp151.28.67.2 kernel-default-devel-4.12.14-lp151.28.67.2 kernel-default-devel-debuginfo-4.12.14-lp151.28.67.2 kernel-vanilla-base-4.12.14-lp151.28.67.2 kernel-kvmsmall-debuginfo-4.12.14-lp151.28.67.2 kernel-obs-build-debugsource-4.12.14-lp151.28.67.2 kernel-default-debugsource-4.12.14-lp151.28.67.2 noarch kernel-source-vanilla-4.12.14-lp151.28.67.1 kernel-docs-4.12.14-lp151.28.67.3 kernel-docs-html-4.12.14-lp151.28.67.3 kernel-macros-4.12.14-lp151.28.67.1 kernel-source-4.12.14-lp151.28.67.1 kernel-devel-4.12.14-lp151.28.67.1

149382 - SuSE Linux 15.1 openSUSE-SU-2020:1354-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-7068

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1354-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00064.html

SuSE Linux 15.1 x86_64 php7-gettext-debuginfo-7.2.5-lp151.6.32.1 php7-xmlwriter-debuginfo-7.2.5-lp151.6.32.1 php7-xsl-7.2.5-lp151.6.32.1 php7-openssl-debuginfo-7.2.5-lp151.6.32.1 php7-readline-debuginfo-7.2.5-lp151.6.32.1 php7-firebird-debuginfo-7.2.5-lp151.6.32.1 php7-ctype-7.2.5-lp151.6.32.1 php7-json-debuginfo-7.2.5-lp151.6.32.1 php7-shmop-7.2.5-lp151.6.32.1 php7-pgsql-7.2.5-lp151.6.32.1 php7-sockets-debuginfo-7.2.5-lp151.6.32.1 php7-7.2.5-lp151.6.32.1 php7-sqlite-7.2.5-lp151.6.32.1 php7-intl-debuginfo-7.2.5-lp151.6.32.1 php7-bz2-7.2.5-lp151.6.32.1 php7-ctype-debuginfo-7.2.5-lp151.6.32.1 php7-sysvsem-7.2.5-lp151.6.32.1 php7-gd-7.2.5-lp151.6.32.1 php7-ldap-7.2.5-lp151.6.32.1 php7-wddx-7.2.5-lp151.6.32.1 php7-bcmath-7.2.5-lp151.6.32.1 php7-fastcgi-7.2.5-lp151.6.32.1 php7-dba-7.2.5-lp151.6.32.1 php7-ftp-debuginfo-7.2.5-lp151.6.32.1 php7-tokenizer-7.2.5-lp151.6.32.1 php7-phar-7.2.5-lp151.6.32.1 php7-snmp-debuginfo-7.2.5-lp151.6.32.1 php7-zip-7.2.5-lp151.6.32.1 php7-sysvshm-debuginfo-7.2.5-lp151.6.32.1 php7-iconv-debuginfo-7.2.5-lp151.6.32.1 php7-bcmath-debuginfo-7.2.5-lp151.6.32.1 php7-mbstring-debuginfo-7.2.5-lp151.6.32.1 php7-tidy-debuginfo-7.2.5-lp151.6.32.1 php7-dba-debuginfo-7.2.5-lp151.6.32.1 php7-gettext-7.2.5-lp151.6.32.1 php7-sysvshm-7.2.5-lp151.6.32.1 php7-zlib-debuginfo-7.2.5-lp151.6.32.1 php7-pdo-debuginfo-7.2.5-lp151.6.32.1 php7-soap-debuginfo-7.2.5-lp151.6.32.1 php7-xmlrpc-7.2.5-lp151.6.32.1 php7-embed-debuginfo-7.2.5-lp151.6.32.1 php7-mysql-debuginfo-7.2.5-lp151.6.32.1 php7-opcache-debuginfo-7.2.5-lp151.6.32.1 php7-tokenizer-debuginfo-7.2.5-lp151.6.32.1 apache2-mod_php7-7.2.5-lp151.6.32.1 php7-debuginfo-7.2.5-lp151.6.32.1 php7-snmp-7.2.5-lp151.6.32.1 php7-pgsql-debuginfo-7.2.5-lp151.6.32.1 php7-shmop-debuginfo-7.2.5-lp151.6.32.1 php7-mbstring-7.2.5-lp151.6.32.1 php7-xmlwriter-7.2.5-lp151.6.32.1 php7-fastcgi-debuginfo-7.2.5-lp151.6.32.1 php7-embed-7.2.5-lp151.6.32.1 php7-curl-debuginfo-7.2.5-lp151.6.32.1 php7-pcntl-debuginfo-7.2.5-lp151.6.32.1 php7-calendar-7.2.5-lp151.6.32.1 apache2-mod_php7-debuginfo-7.2.5-lp151.6.32.1 php7-sockets-7.2.5-lp151.6.32.1 php7-sysvmsg-7.2.5-lp151.6.32.1 php7-odbc-7.2.5-lp151.6.32.1 php7-curl-7.2.5-lp151.6.32.1 php7-fileinfo-7.2.5-lp151.6.32.1 php7-posix-debuginfo-7.2.5-lp151.6.32.1 php7-pdo-7.2.5-lp151.6.32.1 php7-phar-debuginfo-7.2.5-lp151.6.32.1 php7-openssl-7.2.5-lp151.6.32.1 php7-fpm-debuginfo-7.2.5-lp151.6.32.1 php7-dom-7.2.5-lp151.6.32.1 php7-firebird-7.2.5-lp151.6.32.1 php7-posix-7.2.5-lp151.6.32.1 php7-odbc-debuginfo-7.2.5-lp151.6.32.1 php7-gmp-7.2.5-lp151.6.32.1 php7-xmlreader-debuginfo-7.2.5-lp151.6.32.1 php7-mysql-7.2.5-lp151.6.32.1 php7-calendar-debuginfo-7.2.5-lp151.6.32.1 php7-zlib-7.2.5-lp151.6.32.1 php7-iconv-7.2.5-lp151.6.32.1 php7-sqlite-debuginfo-7.2.5-lp151.6.32.1 php7-fpm-7.2.5-lp151.6.32.1 php7-tidy-7.2.5-lp151.6.32.1 php7-dom-debuginfo-7.2.5-lp151.6.32.1 php7-pcntl-7.2.5-lp151.6.32.1 php7-opcache-7.2.5-lp151.6.32.1 php7-debugsource-7.2.5-lp151.6.32.1 php7-bz2-debuginfo-7.2.5-lp151.6.32.1 php7-exif-debuginfo-7.2.5-lp151.6.32.1 php7-sysvsem-debuginfo-7.2.5-lp151.6.32.1 php7-json-7.2.5-lp151.6.32.1 php7-ftp-7.2.5-lp151.6.32.1 php7-xmlrpc-debuginfo-7.2.5-lp151.6.32.1 php7-zip-debuginfo-7.2.5-lp151.6.32.1 php7-readline-7.2.5-lp151.6.32.1 php7-enchant-7.2.5-lp151.6.32.1 php7-exif-7.2.5-lp151.6.32.1 php7-gd-debuginfo-7.2.5-lp151.6.32.1 php7-enchant-debuginfo-7.2.5-lp151.6.32.1 php7-gmp-debuginfo-7.2.5-lp151.6.32.1 php7-xmlreader-7.2.5-lp151.6.32.1 php7-intl-7.2.5-lp151.6.32.1 php7-sodium-debuginfo-7.2.5-lp151.6.32.1 php7-sodium-7.2.5-lp151.6.32.1 php7-xsl-debuginfo-7.2.5-lp151.6.32.1 php7-sysvmsg-debuginfo-7.2.5-lp151.6.32.1 php7-soap-7.2.5-lp151.6.32.1 php7-fileinfo-debuginfo-7.2.5-lp151.6.32.1 php7-ldap-debuginfo-7.2.5-lp151.6.32.1 php7-wddx-debuginfo-7.2.5-lp151.6.32.1 php7-test-7.2.5-lp151.6.32.1 php7-devel-7.2.5-lp151.6.32.1 noarch php7-pear-Archive_Tar-7.2.5-lp151.6.32.1 php7-pear-7.2.5-lp151.6.32.1

149383 - SuSE SLES 12 SP5 SUSE-SU-2020:2444-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-8231

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2444-1

SuSE SLES 12 SP5 x86_64 libcurl4-debuginfo-7.60.0-11.6.1 libcurl4-32bit-7.60.0-11.6.1 curl-7.60.0-11.6.1 curl-debuginfo-7.60.0-11.6.1 libcurl4-7.60.0-11.6.1 curl-debugsource-7.60.0-11.6.1 libcurl4-debuginfo-32bit-7.60.0-11.6.1

149384 - SuSE Linux 15.2 openSUSE-SU-2020:1376-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14361, CVE-2020-14362 Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1376-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00050.html

SuSE Linux 15.2 x86_64 xorg-x11-server-extra-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-1.20.3-lp152.8.6.1 xorg-x11-server-debugsource-1.20.3-lp152.8.6.1 xorg-x11-server-wayland-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-sdk-1.20.3-lp152.8.6.1 xorg-x11-server-extra-1.20.3-lp152.8.6.1 xorg-x11-server-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-source-1.20.3-lp152.8.6.1 xorg-x11-server-wayland-1.20.3-lp152.8.6.1 i586 xorg-x11-server-extra-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-1.20.3-lp152.8.6.1 xorg-x11-server-debugsource-1.20.3-lp152.8.6.1 xorg-x11-server-wayland-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-sdk-1.20.3-lp152.8.6.1 xorg-x11-server-extra-1.20.3-lp152.8.6.1 xorg-x11-server-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-source-1.20.3-lp152.8.6.1 xorg-x11-server-wayland-1.20.3-lp152.8.6.1

149385 - SuSE Linux 15.2 openSUSE-SU-2020:1359-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-8231

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1359-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00052.html

SuSE Linux 15.2 x86_64 curl-7.66.0-lp152.3.6.1 libcurl4-32bit-debuginfo-7.66.0-lp152.3.6.1 curl-debugsource-7.66.0-lp152.3.6.1 curl-debuginfo-7.66.0-lp152.3.6.1 libcurl-devel-7.66.0-lp152.3.6.1 libcurl4-debuginfo-7.66.0-lp152.3.6.1 libcurl4-32bit-7.66.0-lp152.3.6.1 libcurl-devel-32bit-7.66.0-lp152.3.6.1 libcurl4-7.66.0-lp152.3.6.1 i586 curl-7.66.0-lp152.3.6.1 curl-debugsource-7.66.0-lp152.3.6.1 curl-debuginfo-7.66.0-lp152.3.6.1 libcurl-devel-7.66.0-lp152.3.6.1 libcurl4-debuginfo-7.66.0-lp152.3.6.1 libcurl4-7.66.0-lp152.3.6.1

149386 - SuSE Linux 15.2 openSUSE-SU-2020:1407-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14039, CVE-2020-15586, CVE-2020-16845

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1407-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00093.html

SuSE Linux 15.2 x86_64 go1.14-race-1.14.7-lp152.2.3.1 go1.14-doc-1.14.7-lp152.2.3.1 go1.14-1.14.7-lp152.2.3.1

149387 - SuSE Linux 15.2 openSUSE-SU-2020:1356-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-7068

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1356-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00053.html

SuSE Linux 15.2 x86_64 php7-xmlrpc-debuginfo-7.4.6-lp152.2.6.1 php7-calendar-debuginfo-7.4.6-lp152.2.6.1 php7-ctype-7.4.6-lp152.2.6.1 php7-sysvsem-debuginfo-7.4.6-lp152.2.6.1 php7-gd-7.4.6-lp152.2.6.1 php7-sockets-debuginfo-7.4.6-lp152.2.6.1 php7-fileinfo-7.4.6-lp152.2.6.1 php7-sodium-debuginfo-7.4.6-lp152.2.6.1 php7-calendar-7.4.6-lp152.2.6.1 php7-sysvsem-7.4.6-lp152.2.6.1 php7-mbstring-debuginfo-7.4.6-lp152.2.6.1 php7-json-debuginfo-7.4.6-lp152.2.6.1 php7-mbstring-7.4.6-lp152.2.6.1 php7-fastcgi-debuginfo-7.4.6-lp152.2.6.1 php7-mysql-7.4.6-lp152.2.6.1 php7-exif-7.4.6-lp152.2.6.1 php7-iconv-7.4.6-lp152.2.6.1 php7-curl-7.4.6-lp152.2.6.1 php7-opcache-debuginfo-7.4.6-lp152.2.6.1 php7-shmop-7.4.6-lp152.2.6.1 php7-snmp-7.4.6-lp152.2.6.1 php7-bz2-debuginfo-7.4.6-lp152.2.6.1 php7-sysvmsg-debuginfo-7.4.6-lp152.2.6.1 php7-embed-debuginfo-7.4.6-lp152.2.6.1 php7-zlib-debuginfo-7.4.6-lp152.2.6.1 php7-phar-7.4.6-lp152.2.6.1 php7-gmp-7.4.6-lp152.2.6.1 php7-devel-7.4.6-lp152.2.6.1 php7-ctype-debuginfo-7.4.6-lp152.2.6.1 php7-zip-debuginfo-7.4.6-lp152.2.6.1 php7-soap-debuginfo-7.4.6-lp152.2.6.1 php7-fpm-7.4.6-lp152.2.6.1 php7-pdo-7.4.6-lp152.2.6.1 php7-firebird-7.4.6-lp152.2.6.1 php7-mysql-debuginfo-7.4.6-lp152.2.6.1 php7-bcmath-7.4.6-lp152.2.6.1 php7-sodium-7.4.6-lp152.2.6.1 php7-posix-7.4.6-lp152.2.6.1 php7-snmp-debuginfo-7.4.6-lp152.2.6.1 php7-gd-debuginfo-7.4.6-lp152.2.6.1 php7-curl-debuginfo-7.4.6-lp152.2.6.1 apache2-mod_php7-debuginfo-7.4.6-lp152.2.6.1 php7-sqlite-debuginfo-7.4.6-lp152.2.6.1 php7-sockets-7.4.6-lp152.2.6.1 php7-odbc-7.4.6-lp152.2.6.1 php7-pcntl-7.4.6-lp152.2.6.1 php7-pgsql-debuginfo-7.4.6-lp152.2.6.1 php7-xmlreader-debuginfo-7.4.6-lp152.2.6.1 php7-sysvshm-7.4.6-lp152.2.6.1 php7-tokenizer-7.4.6-lp152.2.6.1 php7-pgsql-7.4.6-lp152.2.6.1 php7-iconv-debuginfo-7.4.6-lp152.2.6.1 php7-ftp-7.4.6-lp152.2.6.1 php7-fileinfo-debuginfo-7.4.6-lp152.2.6.1 php7-readline-debuginfo-7.4.6-lp152.2.6.1 php7-bcmath-debuginfo-7.4.6-lp152.2.6.1 php7-dba-debuginfo-7.4.6-lp152.2.6.1 php7-xmlreader-7.4.6-lp152.2.6.1 php7-pcntl-debuginfo-7.4.6-lp152.2.6.1 php7-readline-7.4.6-lp152.2.6.1 php7-ldap-debuginfo-7.4.6-lp152.2.6.1 php7-dba-7.4.6-lp152.2.6.1 php7-shmop-debuginfo-7.4.6-lp152.2.6.1 php7-tidy-7.4.6-lp152.2.6.1 apache2-mod_php7-7.4.6-lp152.2.6.1 php7-soap-7.4.6-lp152.2.6.1 php7-gettext-debuginfo-7.4.6-lp152.2.6.1 php7-xsl-7.4.6-lp152.2.6.1 php7-sysvshm-debuginfo-7.4.6-lp152.2.6.1 php7-openssl-7.4.6-lp152.2.6.1 php7-firebird-debuginfo-7.4.6-lp152.2.6.1 php7-xmlwriter-7.4.6-lp152.2.6.1 php7-odbc-debuginfo-7.4.6-lp152.2.6.1 php7-intl-7.4.6-lp152.2.6.1 php7-test-7.4.6-lp152.2.6.1 php7-fpm-debuginfo-7.4.6-lp152.2.6.1 php7-fastcgi-7.4.6-lp152.2.6.1 php7-json-7.4.6-lp152.2.6.1 php7-intl-debuginfo-7.4.6-lp152.2.6.1 php7-ldap-7.4.6-lp152.2.6.1 php7-xsl-debuginfo-7.4.6-lp152.2.6.1 php7-debuginfo-7.4.6-lp152.2.6.1 php7-opcache-7.4.6-lp152.2.6.1 php7-zlib-7.4.6-lp152.2.6.1 php7-dom-7.4.6-lp152.2.6.1 php7-exif-debuginfo-7.4.6-lp152.2.6.1 php7-gettext-7.4.6-lp152.2.6.1 php7-ftp-debuginfo-7.4.6-lp152.2.6.1 php7-xmlrpc-7.4.6-lp152.2.6.1 php7-tidy-debuginfo-7.4.6-lp152.2.6.1 php7-posix-debuginfo-7.4.6-lp152.2.6.1 php7-xmlwriter-debuginfo-7.4.6-lp152.2.6.1 php7-pdo-debuginfo-7.4.6-lp152.2.6.1 php7-sysvmsg-7.4.6-lp152.2.6.1 php7-tokenizer-debuginfo-7.4.6-lp152.2.6.1 php7-openssl-debuginfo-7.4.6-lp152.2.6.1 php7-bz2-7.4.6-lp152.2.6.1 php7-embed-7.4.6-lp152.2.6.1 php7-zip-7.4.6-lp152.2.6.1 php7-enchant-7.4.6-lp152.2.6.1 php7-sqlite-7.4.6-lp152.2.6.1 php7-phar-debuginfo-7.4.6-lp152.2.6.1 php7-enchant-debuginfo-7.4.6-lp152.2.6.1 php7-7.4.6-lp152.2.6.1 php7-gmp-debuginfo-7.4.6-lp152.2.6.1 php7-dom-debuginfo-7.4.6-lp152.2.6.1 php7-debugsource-7.4.6-lp152.2.6.1 i586 php7-xmlrpc-debuginfo-7.4.6-lp152.2.6.1 php7-calendar-debuginfo-7.4.6-lp152.2.6.1 php7-ctype-7.4.6-lp152.2.6.1 php7-sysvsem-debuginfo-7.4.6-lp152.2.6.1 php7-gd-7.4.6-lp152.2.6.1 php7-sockets-debuginfo-7.4.6-lp152.2.6.1 php7-fileinfo-7.4.6-lp152.2.6.1 php7-sodium-debuginfo-7.4.6-lp152.2.6.1 php7-calendar-7.4.6-lp152.2.6.1 php7-sysvsem-7.4.6-lp152.2.6.1 php7-mbstring-debuginfo-7.4.6-lp152.2.6.1 php7-json-debuginfo-7.4.6-lp152.2.6.1 php7-mbstring-7.4.6-lp152.2.6.1 php7-fastcgi-debuginfo-7.4.6-lp152.2.6.1 php7-mysql-7.4.6-lp152.2.6.1 php7-exif-7.4.6-lp152.2.6.1 php7-iconv-7.4.6-lp152.2.6.1 php7-curl-7.4.6-lp152.2.6.1 php7-opcache-debuginfo-7.4.6-lp152.2.6.1 php7-shmop-7.4.6-lp152.2.6.1 php7-snmp-7.4.6-lp152.2.6.1 php7-bz2-debuginfo-7.4.6-lp152.2.6.1 php7-sysvmsg-debuginfo-7.4.6-lp152.2.6.1 php7-embed-debuginfo-7.4.6-lp152.2.6.1 php7-zlib-debuginfo-7.4.6-lp152.2.6.1 php7-phar-7.4.6-lp152.2.6.1 php7-gmp-7.4.6-lp152.2.6.1 php7-devel-7.4.6-lp152.2.6.1 php7-ctype-debuginfo-7.4.6-lp152.2.6.1 php7-zip-debuginfo-7.4.6-lp152.2.6.1 php7-soap-debuginfo-7.4.6-lp152.2.6.1 php7-fpm-7.4.6-lp152.2.6.1 php7-pdo-7.4.6-lp152.2.6.1 php7-firebird-7.4.6-lp152.2.6.1 php7-mysql-debuginfo-7.4.6-lp152.2.6.1 php7-bcmath-7.4.6-lp152.2.6.1 php7-sodium-7.4.6-lp152.2.6.1 php7-posix-7.4.6-lp152.2.6.1 php7-snmp-debuginfo-7.4.6-lp152.2.6.1 php7-gd-debuginfo-7.4.6-lp152.2.6.1 php7-curl-debuginfo-7.4.6-lp152.2.6.1 apache2-mod_php7-debuginfo-7.4.6-lp152.2.6.1 php7-sqlite-debuginfo-7.4.6-lp152.2.6.1 php7-sockets-7.4.6-lp152.2.6.1 php7-odbc-7.4.6-lp152.2.6.1 php7-pcntl-7.4.6-lp152.2.6.1 php7-pgsql-debuginfo-7.4.6-lp152.2.6.1 php7-xmlreader-debuginfo-7.4.6-lp152.2.6.1 php7-sysvshm-7.4.6-lp152.2.6.1 php7-tokenizer-7.4.6-lp152.2.6.1 php7-pgsql-7.4.6-lp152.2.6.1 php7-iconv-debuginfo-7.4.6-lp152.2.6.1 php7-ftp-7.4.6-lp152.2.6.1 php7-fileinfo-debuginfo-7.4.6-lp152.2.6.1 php7-readline-debuginfo-7.4.6-lp152.2.6.1 php7-bcmath-debuginfo-7.4.6-lp152.2.6.1 php7-dba-debuginfo-7.4.6-lp152.2.6.1 php7-xmlreader-7.4.6-lp152.2.6.1 php7-pcntl-debuginfo-7.4.6-lp152.2.6.1 php7-readline-7.4.6-lp152.2.6.1 php7-ldap-debuginfo-7.4.6-lp152.2.6.1 php7-dba-7.4.6-lp152.2.6.1 php7-shmop-debuginfo-7.4.6-lp152.2.6.1 php7-tidy-7.4.6-lp152.2.6.1 apache2-mod_php7-7.4.6-lp152.2.6.1 php7-soap-7.4.6-lp152.2.6.1 php7-gettext-debuginfo-7.4.6-lp152.2.6.1 php7-xsl-7.4.6-lp152.2.6.1 php7-sysvshm-debuginfo-7.4.6-lp152.2.6.1 php7-openssl-7.4.6-lp152.2.6.1 php7-firebird-debuginfo-7.4.6-lp152.2.6.1 php7-xmlwriter-7.4.6-lp152.2.6.1 php7-odbc-debuginfo-7.4.6-lp152.2.6.1 php7-intl-7.4.6-lp152.2.6.1 php7-test-7.4.6-lp152.2.6.1 php7-fpm-debuginfo-7.4.6-lp152.2.6.1 php7-fastcgi-7.4.6-lp152.2.6.1 php7-json-7.4.6-lp152.2.6.1 php7-intl-debuginfo-7.4.6-lp152.2.6.1 php7-ldap-7.4.6-lp152.2.6.1 php7-xsl-debuginfo-7.4.6-lp152.2.6.1 php7-debuginfo-7.4.6-lp152.2.6.1 php7-opcache-7.4.6-lp152.2.6.1 php7-zlib-7.4.6-lp152.2.6.1 php7-dom-7.4.6-lp152.2.6.1 php7-exif-debuginfo-7.4.6-lp152.2.6.1 php7-gettext-7.4.6-lp152.2.6.1 php7-ftp-debuginfo-7.4.6-lp152.2.6.1 php7-xmlrpc-7.4.6-lp152.2.6.1 php7-tidy-debuginfo-7.4.6-lp152.2.6.1 php7-posix-debuginfo-7.4.6-lp152.2.6.1

149388 - SuSE SLES 12 SP5 SUSE-SU-2020:2609-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-19956, CVE-2019-20388, CVE-2020-24977, CVE-2020-7595

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2609-1

SuSE SLES 12 SP5 noarch libxml2-doc-2.9.4-46.34.1 x86_64 libxml2-2-debuginfo-2.9.4-46.34.1 python-libxml2-debugsource-2.9.4-46.34.1 libxml2-tools-debuginfo-2.9.4-46.34.1 libxml2-2-debuginfo-32bit-2.9.4-46.34.1 libxml2-2-32bit-2.9.4-46.34.1 libxml2-debugsource-2.9.4-46.34.1 python-libxml2-2.9.4-46.34.1 libxml2-tools-2.9.4-46.34.1 python-libxml2-debuginfo-2.9.4-46.34.1 libxml2-2-2.9.4-46.34.1

149390 - SuSE Linux 15.2 openSUSE-SU-2020:1391-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15670

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1391-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00079.html

SuSE Linux 15.2 x86_64 MozillaFirefox-branding-upstream-78.2.0-lp152.2.18.1 MozillaFirefox-debugsource-78.2.0-lp152.2.18.1 MozillaFirefox-translations-common-78.2.0-lp152.2.18.1 MozillaFirefox-buildsymbols-78.2.0-lp152.2.18.1 MozillaFirefox-debuginfo-78.2.0-lp152.2.18.1 MozillaFirefox-78.2.0-lp152.2.18.1 MozillaFirefox-devel-78.2.0-lp152.2.18.1 MozillaFirefox-translations-other-78.2.0-lp152.2.18.1

149392 - SuSE Linux 15.1, 15.2 openSUSE-SU-2020:1393-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-25032

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1393-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00080.html

SuSE Linux 15.2 noarch python2-Flask-Cors-3.0.8-lp152.2.3.1 python3-Flask-Cors-3.0.8-lp152.2.3.1

SuSE Linux 15.1 noarch python2-Flask-Cors-3.0.7-lp151.2.3.1 python3-Flask-Cors-3.0.7-lp151.2.3.1

149395 - SuSE Linux 15.2 openSUSE-SU-2020:1392-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15669

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1392-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00078.html

SuSE Linux 15.2 x86_64 MozillaThunderbird-debuginfo-68.12.0-lp152.2.10.1 MozillaThunderbird-debugsource-68.12.0-lp152.2.10.1 MozillaThunderbird-translations-common-68.12.0-lp152.2.10.1 MozillaThunderbird-68.12.0-lp152.2.10.1 MozillaThunderbird-translations-other-68.12.0-lp152.2.10.1

160775 - CentOS 7 CESA-2020-3631 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2020-15664, CVE-2020-15669

Description The scan detected that the host is missing the following update: CESA-2020-3631

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-September/035808.html

CentOS 7 x86_64 thunderbird-68.12.0-1.el7.centos

160776 - CentOS 7 CESA-2020-3617 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2020-12100, CVE-2020-12673, CVE-2020-12674

Description The scan detected that the host is missing the following update: CESA-2020-3617

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-September/035809.html

CentOS 7 x86_64 dovecot-pigeonhole-2.2.36-6.el7_8.1 dovecot-devel-2.2.36-6.el7_8.1 dovecot-2.2.36-6.el7_8.1 dovecot-mysql-2.2.36-6.el7_8.1 dovecot-pgsql-2.2.36-6.el7_8.1 i686 dovecot-2.2.36-6.el7_8.1

160777 - CentOS 6 CESA-2020-3643 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2020-15664, CVE-2020-15669

Description The scan detected that the host is missing the following update: CESA-2020-3643

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-September/035807.html

CentOS 6 x86_64 thunderbird-68.12.0-1.el6.centos i686 thunderbird-68.12.0-1.el6.centos

164327 - Oracle Enterprise Linux ELSA-2020-3714 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-9490

Description The scan detected that the host is missing the following update: ELSA-2020-3714

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010292.html

OEL8 x86_64 httpd-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb mod_session-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb mod_proxy_html-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb mod_http2-1.11.3-3.module+el8.2.0+7789+dac765eb.1 mod_ssl-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb httpd-manual-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb httpd-devel-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb httpd-filesystem-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb mod_md-2.0.8-7.module+el8.2.0+5576+c083ffcb httpd-tools-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb mod_ldap-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb

164329 - Oracle Enterprise Linux ELSA-2020-3556 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15664, CVE-2020-15669

Description The scan detected that the host is missing the following update: ELSA-2020-3556

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010270.html

OEL7 x86_64 firefox-68.12.0-1.0.1.el7_8

164330 - Oracle Enterprise Linux ELSA-2020-3643 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15664, CVE-2020-15669

Description The scan detected that the host is missing the following update: ELSA-2020-3643

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010272.html

OEL6 x86_64 thunderbird-68.12.0-1.0.1.el6_10 i386 thunderbird-68.12.0-1.0.1.el6_10

164332 - Oracle Enterprise Linux ELSA-2020-5837 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-16644, CVE-2019-10638, CVE-2019-10639, CVE-2019-19049, CVE-2019-19062, CVE-2019-19535, CVE-2019- 20811, CVE-2020-10732

Description The scan detected that the host is missing the following update: ELSA-2020-5837

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010265.html http://oss.oracle.com/pipermail/el-errata/2020-September/010266.html

OEL7 x86_64 kernel-uek-devel-4.1.12-124.42.3.el7uek kernel-uek-doc-4.1.12-124.42.3.el7uek kernel-uek-4.1.12-124.42.3.el7uek kernel-uek-debug-4.1.12-124.42.3.el7uek kernel-uek-debug-devel-4.1.12-124.42.3.el7uek kernel-uek-firmware-4.1.12-124.42.3.el7uek

OEL6 x86_64 kernel-uek-doc-4.1.12-124.42.3.el6uek kernel-uek-debug-devel-4.1.12-124.42.3.el6uek kernel-uek-debug-4.1.12-124.42.3.el6uek kernel-uek-firmware-4.1.12-124.42.3.el6uek kernel-uek-devel-4.1.12-124.42.3.el6uek kernel-uek-4.1.12-124.42.3.el6uek

164333 - Oracle Enterprise Linux ELSA-2020-3713 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-12100, CVE-2020-12673, CVE-2020-12674

Description The scan detected that the host is missing the following update: ELSA-2020-3713

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010295.html

OEL8 x86_64 dovecot-pigeonhole-2.3.8-2.el8_2.2 dovecot-devel-2.3.8-2.el8_2.2 dovecot-pgsql-2.3.8-2.el8_2.2 dovecot-mysql-2.3.8-2.el8_2.2 dovecot-2.3.8-2.el8_2.2

164334 - Oracle Enterprise Linux ELSA-2020-3617 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-12100, CVE-2020-12673, CVE-2020-12674

Description The scan detected that the host is missing the following update: ELSA-2020-3617

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010260.html

OEL7 x86_64 dovecot-pigeonhole-2.2.36-6.el7_8.1 dovecot-devel-2.2.36-6.el7_8.1 dovecot-2.2.36-6.el7_8.1 dovecot-mysql-2.2.36-6.el7_8.1 dovecot-pgsql-2.2.36-6.el7_8.1

164335 - Oracle Enterprise Linux ELSA-2020-5845 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2018-14613, CVE-2018-16884, CVE-2019-10638, CVE-2019-10639, CVE-2019-11487, CVE-2019-14898, CVE-2019- 15218, CVE-2019-16746, CVE-2019-17075, CVE-2019-17133, CVE-2019-18885, CVE-2019-19052, CVE-2019-19063, CVE-2019- 19066, CVE-2019-19073, CVE-2019-19074, CVE-2019-19078, CVE-2019-19535, CVE-2019-19922, CVE-2019-20812, CVE-2019- 3874, CVE-2019-3900, CVE-2019-5108, CVE-2020-10751, CVE-2020-10767, CVE-2020-10769, CVE-2020-10781, CVE-2020-12114, CVE-2020-12771, CVE-2020-14331, CVE-2020-16166, CVE-2020-24394

Description The scan detected that the host is missing the following update: ELSA-2020-5845

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010298.html

OEL7 x86_64 kernel-uek-debug-4.14.35-1902.306.2.el7uek kernel-uek-doc-4.14.35-1902.306.2.el7uek kernel-uek-debug-devel-4.14.35-1902.306.2.el7uek kernel-uek-4.14.35-1902.306.2.el7uek kernel-uek-tools-4.14.35-1902.306.2.el7uek kernel-uek-devel-4.14.35-1902.306.2.el7uek

164336 - Oracle Enterprise Linux ELSA-2020-3634 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15664, CVE-2020-15669 Description The scan detected that the host is missing the following update: ELSA-2020-3634

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010269.html

OEL8 x86_64 thunderbird-68.12.0-1.0.1.el8_2

164339 - Oracle Enterprise Linux ELSA-2020-3699 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-1045

Description The scan detected that the host is missing the following update: ELSA-2020-3699

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010294.html

OEL8 x86_64 aspnetcore-runtime-3.1-3.1.8-2.0.1.el8_2 dotnet-targeting-pack-3.1-3.1.8-2.0.1.el8_2 dotnet-templates-3.1-3.1.108-2.0.1.el8_2 aspnetcore-targeting-pack-3.1-3.1.8-2.0.1.el8_2 netstandard-targeting-pack-2.1-3.1.108-2.0.1.el8_2 dotnet-host-3.1.8-2.0.1.el8_2 dotnet-hostfxr-3.1-3.1.8-2.0.1.el8_2 dotnet-runtime-3.1-3.1.8-2.0.1.el8_2 dotnet-sdk-3.1-3.1.108-2.0.1.el8_2 dotnet-3.1.108-2.0.1.el8_2 dotnet-apphost-pack-3.1-3.1.8-2.0.1.el8_2

164340 - Oracle Enterprise Linux ELSA-2020-3658 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-14352

Description The scan detected that the host is missing the following update: ELSA-2020-3658

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010281.html

OEL8 x86_64 python3-librepo-1.11.0-3.el8_2 librepo-1.11.0-3.el8_2

27108 - (MSPT-Sep2020) Microsoft Windows COM Privilege Escalation (CVE-2020-1507)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1507

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the COM component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27114 - (MSPT-Sep2020) Microsoft Windows TLS Information Disclosure (CVE-2020-1596)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1596

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the TLS component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27115 - (MSPT-Sep2020) Microsoft Windows UPnP Privilege Escalation (CVE-2020-1598)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1598

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the UPnP component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27153 - (MSPT-Sep2020) Microsoft SharePoint Server Tampering Vulnerability (CVE-2020-1440)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1440

Description A vulnerability in some versions of Microsoft SharePoint Server could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to information disclosure.

The flaw lies in improperly handle profile data. Successful exploitation could allow a local user to disclose sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27158 - (MSPT-Sep2020) Microsoft Windows SharePoint Remote Code Execution Vulnerability (CVE-2020-1576)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1576

Description A vulnerability in some versions of Microsoft Windows could lead to Remote Code Execution.

Observation A vulnerability in some versions of Microsoft Windows could lead to Remote Code Execution.

The flaw lies in the SharePoint component. Successful exploitation could allow an attacker to execute remote code. The exploit requires the attacker to have valid credentials to the vulnerable system.

149358 - SuSE Linux 15.1 openSUSE-SU-2020:1420-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-17789

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1420-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00108.html SuSE Linux 15.1 i586 libgimp-2_0-0-2.8.22-lp151.5.3.1 libgimp-2_0-0-debuginfo-2.8.22-lp151.5.3.1 gimp-2.8.22-lp151.5.3.1 gimp-plugin-aa-debuginfo-2.8.22-lp151.5.3.1 gimp-debuginfo-2.8.22-lp151.5.3.1 gimp-plugins-python-2.8.22-lp151.5.3.1 gimp-debugsource-2.8.22-lp151.5.3.1 gimp-plugins-python-debuginfo-2.8.22-lp151.5.3.1 libgimpui-2_0-0-debuginfo-2.8.22-lp151.5.3.1 libgimpui-2_0-0-2.8.22-lp151.5.3.1 gimp-plugin-aa-2.8.22-lp151.5.3.1 gimp-devel-2.8.22-lp151.5.3.1 gimp-devel-debuginfo-2.8.22-lp151.5.3.1 noarch gimp-lang-2.8.22-lp151.5.3.1 x86_64 libgimp-2_0-0-2.8.22-lp151.5.3.1 libgimpui-2_0-0-32bit-2.8.22-lp151.5.3.1 libgimp-2_0-0-32bit-2.8.22-lp151.5.3.1 libgimp-2_0-0-debuginfo-2.8.22-lp151.5.3.1 gimp-2.8.22-lp151.5.3.1 gimp-plugin-aa-debuginfo-2.8.22-lp151.5.3.1 gimp-debuginfo-2.8.22-lp151.5.3.1 libgimp-2_0-0-32bit-debuginfo-2.8.22-lp151.5.3.1 gimp-plugins-python-2.8.22-lp151.5.3.1 gimp-debugsource-2.8.22-lp151.5.3.1 gimp-plugins-python-debuginfo-2.8.22-lp151.5.3.1 libgimpui-2_0-0-debuginfo-2.8.22-lp151.5.3.1 libgimpui-2_0-0-32bit-debuginfo-2.8.22-lp151.5.3.1 libgimpui-2_0-0-2.8.22-lp151.5.3.1 gimp-plugin-aa-2.8.22-lp151.5.3.1 gimp-devel-2.8.22-lp151.5.3.1 gimp-devel-debuginfo-2.8.22-lp151.5.3.1

149391 - SuSE SLED 15 SP1 SUSE-SU-2020:2604-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-17789

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2604-1

SuSE SLED 15 SP1 x86_64 libgimpui-2_0-0-debuginfo-2.8.22-5.3.1 gimp-debuginfo-2.8.22-5.3.1 gimp-debugsource-2.8.22-5.3.1 libgimp-2_0-0-debuginfo-2.8.22-5.3.1 gimp-devel-debuginfo-2.8.22-5.3.1 gimp-devel-2.8.22-5.3.1 libgimp-2_0-0-2.8.22-5.3.1 gimp-plugins-python-debuginfo-2.8.22-5.3.1 libgimpui-2_0-0-2.8.22-5.3.1 gimp-plugins-python-2.8.22-5.3.1 gimp-2.8.22-5.3.1 noarch gimp-lang-2.8.22-5.3.1

149396 - SuSE SLED 12 SP5 SUSE-SU-2020:2603-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-17789

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2603-1

SuSE SLED 12 SP5 x86_64 libgimp-2_0-0-2.8.18-9.12.1 gimp-debuginfo-2.8.18-9.12.1 libgimp-2_0-0-debuginfo-2.8.18-9.12.1 gimp-debugsource-2.8.18-9.12.1 gimp-plugins-python-2.8.18-9.12.1 libgimpui-2_0-0-2.8.18-9.12.1 gimp-2.8.18-9.12.1 libgimpui-2_0-0-debuginfo-2.8.18-9.12.1 gimp-plugins-python-debuginfo-2.8.18-9.12.1 noarch gimp-lang-2.8.18-9.12.1

164326 - Oracle Enterprise Linux ELSA-2020-5841 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-16884, CVE-2019-20812, CVE-2020-14331

Description The scan detected that the host is missing the following update: ELSA-2020-5841

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010297.html http://oss.oracle.com/pipermail/el-errata/2020-September/010296.html

OEL7 x86_64 kernel-uek-3.8.13-118.49.1.el7uek kernel-uek-devel-3.8.13-118.49.1.el7uek kernel-uek-firmware-3.8.13-118.49.1.el7uek kernel-uek-doc-3.8.13-118.49.1.el7uek kernel-uek-debug-devel-3.8.13-118.49.1.el7uek kernel-uek-debug-3.8.13-118.49.1.el7uek dtrace-modules-3.8.13-118.49.1.el7uek-0.4.5-3.el7

OEL6 x86_64 kernel-uek-firmware-3.8.13-118.49.1.el6uek kernel-uek-debug-devel-3.8.13-118.49.1.el6uek kernel-uek-debug-3.8.13-118.49.1.el6uek dtrace-modules-3.8.13-118.49.1.el6uek-0.4.5-3.el6 kernel-uek-3.8.13-118.49.1.el6uek kernel-uek-devel-3.8.13-118.49.1.el6uek kernel-uek-doc-3.8.13-118.49.1.el6uek

27028 - (MSPT-Sep2020) Microsoft Windows Graphics Component Information Disclosure (CVE-2020-0921)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0921

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the Graphics Component component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27030 - (MSPT-Sep2020) Microsoft DirectX Improperly Handles Objects in Memory Privilege Escalation (CVE-2020-1053)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1053

Description A vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.

The flaw lies in the improperly handles objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system. 27031 - (MSPT-Sep2020) Microsoft Windows GDI Information Disclosure (CVE-2020-1091)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1091

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the GDI component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.

27032 - (MSPT-Sep2020) Microsoft Windows GDI Information Disclosure (CVE-2020-1097)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1097

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

27033 - (MSPT-Sep2020) Microsoft Windows Win32k Privilege Escalation (CVE-2020-1245)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1245

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Win32k component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27034 - (MSPT-Sep2020) Microsoft Windows win32k Information Disclosure (CVE-2020-1250)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1250

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the win32k component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27035 - (MSPT-Sep2020) Microsoft Windows GDI Information Disclosure (CVE-2020-1256)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1256

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

27037 - (MSPT-Sep2020) Microsoft DirectX Improperly Handles Objects in Memory Privilege Escalation (CVE-2020-1308)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1308

Description A vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.

27038 - (MSPT-Sep2020) Microsoft Windows GDI Privilege Escalation (CVE-2020-0870)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0870

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation. Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the GDI component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27039 - (MSPT-Sep2020) Microsoft Windows Graphics Component Privilege Escalation (CVE-2020-0998)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0998

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Graphics Component component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27040 - (MSPT-Sep2020) Microsoft Windows Graphics Information Disclosure (CVE-2020-1083)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1083

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the Graphics component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27041 - (MSPT-Sep2020) Microsoft Windows GDI Privilege Escalation (CVE-2020-1098)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1098

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the GDI component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27048 - (MSPT-Sep2020) Microsoft ssdpsrv.dll Improperly Handles Objects in Memory Privilege Escalation (CVE-2020- 1052)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1052

Description A vulnerability in some versions of Microsoft ssdpsrv.dll could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft ssdpsrv.dll could lead to privilege escalation.

27049 - (MSPT-Sep2020) Microsoft ssdpsrv.dll Improperly Handles Objects in Memory Privilege Escalation (CVE-2020- 1376)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1376

Description A vulnerability in some versions of Microsoft ssdpsrv.dll could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft ssdpsrv.dll could lead to privilege escalation.

27050 - (MSPT-Sep2020) Microsoft StartTileData.dll Improperly Handles File Creation in Protected Locations Privilege Escalation (CVE-202

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1159

Description A vulnerability in some versions of Microsoft StartTileData.dll could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft StartTileData.dll could lead to privilege escalation.

The flaw lies in improperly handles file creation in protected locations. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system. 27051 - (MSPT-Sep2020) Microsoft Windows Runtime Privilege Escalation (CVE-2020-1169)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1169

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Runtime component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27052 - (MSPT-Sep2020) Microsoft Windows Runtime Privilege Escalation (CVE-2020-1303)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1303

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27054 - (MSPT-Sep2020) Microsoft Windows Cryptographic Catalog Services Privilege Escalation (CVE-2020-0782)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0782

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Cryptographic Catalog Services component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27058 - (MSPT-Sep2020) Microsoft Windows RSoP Service Application Privilege Escalation (CVE-2020-0648)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0648

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the RSoP Service Application component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27059 - (MSPT-Sep2020) Microsoft splwow64.exe Improperly Handles Certain Calls Privilege Escalation (CVE-2020-0790)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0790

Description A vulnerability in some versions of Microsoft splwow64.exe could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft splwow64.exe could lead to privilege escalation.

The flaw lies in improperly handles certain calls. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27062 - (MSPT-Sep2020) Microsoft Active Directory Federation Services Spoofing (CVE-2020-0837)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0837

Description A vulnerability in some versions of Microsoft Active Directory could lead to spoofing.

Observation A vulnerability in some versions of Microsoft Active Directory could lead to spoofing.

The flaw lies in the Federation Services component. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the attacker to have valid credentials to the vulnerable system.

27063 - (MSPT-Sep2020) Microsoft NTFS Improperly Checks Access Privilege Escalation (CVE-2020-0838)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0838

Description A vulnerability in some versions of Microsoft NTFS could lead to privilege escalation. Observation A vulnerability in some versions of Microsoft NTFS could lead to privilege escalation.

The flaw lies in improperly checks access. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27064 - (MSPT-Sep2020) Microsoft dnsrslvr.dll Improperly Handles Objects in Memory Privilege Escalation (CVE-2020- 0839)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0839

Description A vulnerability in some versions of Microsoft dnsrslvr.dll could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft dnsrslvr.dll could lead to privilege escalation.

27065 - (MSPT-Sep2020) Microsoft splwow64.exe Improperly Handles Certain Calls Information Disclosure (CVE-2020- 0875)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0875

Description A vulnerability in some versions of Microsoft splwow64.exe could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft splwow64.exe could lead to information disclosure.

The flaw lies in improperly handles certain calls. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27066 - (MSPT-Sep2020) Microsoft Windows Improperly Processes Group Policy Updates Privilege Escalation (CVE-2020- 1013)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1013

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation. The flaw lies in improperly processes group policy updates. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27068 - (MSPT-Sep2020) Microsoft Windows Print Spooler service Privilege Escalation (CVE-2020-1030)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1030

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Print Spooler service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27069 - (MSPT-Sep2020) Microsoft Windows DHCP Service Information Disclosure (CVE-2020-1031)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1031

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the DHCP Service component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information.

27071 - (MSPT-Sep2020) Microsoft StartTileData.dll Improperly Handles Objects in Memory Information Disclosure (CVE- 2020-1119)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1119

Description A vulnerability in some versions of Microsoft StartTileData.dll could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft StartTileData.dll could lead to information disclosure.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system. 27072 - (MSPT-Sep2020) Microsoft Windows Language Pack Installer Privilege Escalation (CVE-2020-1122)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1122

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Language Pack Installer component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27074 - (MSPT-Sep2020) Microsoft Windows Function Discovery Service Privilege Escalation (CVE-2020-1491)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1491

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Function Discovery Service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27076 - (MSPT-Sep2020) Microsoft Windows InstallService Privilege Escalation (CVE-2020-1532)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1532

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the InstallService component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27078 - (MSPT-Sep2020) Microsoft Win32k Improperly Provides Kernel Information Information Disclosure (CVE-2020- 0941)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0941

Description A vulnerability in some versions of Microsoft Win32k could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Win32k could lead to information disclosure.

The flaw lies in improperly provides kernel information. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27079 - (MSPT-Sep2020) Microsoft Windows Kernel Information Disclosure (CVE-2020-1033)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1033

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the Kernel component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27080 - (MSPT-Sep2020) Microsoft Windows Kernel Privilege Escalation (CVE-2020-1034)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1034

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Kernel component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27081 - (MSPT-Sep2020) Microsoft Windows Win32k.sys Privilege Escalation (CVE-2020-1152)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1152

The flaw lies in the Win32k.sys component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27082 - (MSPT-Sep2020) Microsoft Windows Kernel Information Disclosure (CVE-2020-16854)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-16854

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

27083 - (MSPT-Sep2020) Microsoft Windows Kernel Information Disclosure (CVE-2020-1589)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1589

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

27084 - (MSPT-Sep2020) Microsoft Windows Kernel Information Disclosure (CVE-2020-1592)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1592

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

27087 - (MSPT-Sep2020) Microsoft Active Directory ADIDNS Information Disclosure (CVE-2020-0664)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0664

Description A vulnerability in some versions of Microsoft Active Directory could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Active Directory could lead to information disclosure.

The flaw lies in the ADIDNS component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information.

27090 - (MSPT-Sep2020) Microsoft Active Directory DNS Information Disclosure (CVE-2020-0856)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0856

Description A vulnerability in some versions of Microsoft Active Directory could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Active Directory could lead to information disclosure.

The flaw lies in the DNS component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27096 - (MSPT-Sep2020) Microsoft Windows Kernel Information Disclosure (CVE-2020-0928)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0928

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

27097 - (MSPT-Sep2020) Microsoft Wininit.dll Improperly Handles Objects in Memory Privilege Escalation (CVE-2020-1012)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1012

Description A vulnerability in some versions of Microsoft Wininit.dll could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Wininit.dll could lead to privilege escalation.

27098 - (MSPT-Sep2020) Microsoft Wininit.dll Improperly Handles Objects in Memory Privilege Escalation (CVE-2020-1506)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1506

Description A vulnerability in some versions of Microsoft Wininit.dll could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Wininit.dll could lead to privilege escalation.

27101 - (MSPT-Sep2020) Microsoft Windows Store Runtime Privilege Escalation (CVE-2020-0766)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0766

Description A vulnerability in some versions of Microsoft Store Runtime could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Store Runtime could lead to privilege escalation.

The flaw lies in improperly handles memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27102 - (MSPT-Sep2020) Microsoft Windows Storage Services Privilege Escalation (CVE-2020-0886)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0886

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Storage Services component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27103 - (MSPT-Sep2020) Microsoft Windows Modules Installer Privilege Escalation (CVE-2020-0911)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0911

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Modules Installer component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the user to have valid credentials.

27104 - (MSPT-Sep2020) Microsoft Windows Function Discovery SSDP Provider Privilege Escalation (CVE-2020-0912)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0912

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Function Discovery SSDP Provider component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27105 - (MSPT-Sep2020) Microsoft Windows State Repository Service Information Disclosure (CVE-2020-0914)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0914

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure. The flaw lies in the State Repository Service component. Successful exploitation by an attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27107 - (MSPT-Sep2020) Microsoft Store Runtime Privilege Escalation (CVE-2020-1146)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1146

Description A vulnerability in some versions of Microsoft Store Runtime could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Store Runtime could lead to privilege escalation.

The flaw lies in the improperly handles memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27109 - (MSPT-Sep2020) Microsoft Windows Storage Services Privilege Escalation (CVE-2020-1559)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1559

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27111 - (MSPT-Sep2020) Microsoft Windows MDM Information Disclosure (CVE-2020-0989)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0989

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the MDM component. Successful exploitation by an attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

27112 - (MSPT-Sep2020) Microsoft Windows CLFS Privilege Escalation (CVE-2020-1115) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1115

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the CLFS component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27113 - (MSPT-Sep2020) Microsoft Windows Connected User Experiences and Telemetry Service Privilege Escalation (CVE-2020-1590)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1590

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Connected User Experiences and Telemetry Service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27129 - (MSPT-Sep2020) Microsoft Windows Projected Filesystem Information Disclosure (CVE-2020-16879)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-16879

Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the Projected Filesystem component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information.The exploit requires the attacker to have valid credentials to the vulnerable system.

27130 - (MSPT-Sep2020) Microsoft Windows CloudExperienceHost Privilege Escalation (CVE-2020-1471)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1471 Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the CloudExperienceHost component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27131 - (MSPT-Sep2020) Microsoft Windows Connected User Experiences and Telemetry Service Privilege Escalation (CVE-2020-1130)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1130

Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

27132 - (MSPT-Sep2020) Microsoft Diagnostics Hub Standard Collector Improperly Handles File Operations Privilege Escalation (CVE-2020-11

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1133

Description A vulnerability in some versions of Microsoft Diagnostics Hub Standard Collector could lead to privilege escalation.

Observation A vulnerability in some versions of Microsoft Diagnostics Hub Standard Collector could lead to privilege escalation.

The flaw lies in improperly handles file operations. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27135 - (MSPT-Sep2020) Microsoft SQL SSRS Privilege Escalation (CVE-2020-1044)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1044

Description A vulnerability in some versions of Microsoft SQL could lead to privilege escalation. Observation A vulnerability in some versions of Microsoft SQL could lead to privilege escalation.

The flaw lies in the SSRS component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

27136 - (MSPT-Sep2020) Microsoft Excel Remote Code Execution (CVE-2020-1193)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1193

Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27137 - (MSPT-Sep2020) Microsoft Word Remote Code Execution (CVE-2020-1218)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1218

Description A vulnerability in some versions of Microsoft Word could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Word could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27138 - (MSPT-Sep2020) Microsoft Excel Information Disclosure Vulnerability (CVE-2020-1224)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1224

Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

27139 - (MSPT-Sep2020) Microsoft Excel Remote Code Execution (CVE-2020-1332)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1332

Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

27140 - (MSPT-Sep2020) Microsoft Excel Remote Code Execution (CVE-2020-1335)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1335

Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

27142 - (MSPT-Sep2020) Microsoft Excel Remote Code Execution (CVE-2020-1594)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1594

Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.

The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

27145 - (MSPT-Sep2020) Microsoft SharePoint Server Spoofing (CVE-2020-1205)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1205

Description A vulnerability in some versions of Microsoft SharePoint Server could lead to spoofing.

Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to spoofing.

The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in spoofing

27146 - (MSPT-Sep2020) Microsoft SharePoint Server Properly XSS Vulnerability (CVE-2020-1227)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1227

Description A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.

Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.

The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the Cross Site Scripting Attack

27149 - (MSPT-Sep2020) Microsoft SharePoint Server Tampering Vulnerability (CVE-2020-1523)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1523

Description A vulnerability in some versions of Microsoft SharePoint Server could lead to information disclosure.

Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to information disclosure.

27150 - (MSPT-Sep2020) Microsoft SharePoint Server XSS Vulnerability (CVE-2020-1575)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1575

Description A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.

Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.

The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the Cross Site Scripting Attack. The exploit requires the attacker to have valid credentials to the vulnerable system.

164325 - Oracle Enterprise Linux ELSA-2020-3662 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11045, CVE-2019-11047, CVE-2019- 11048, CVE-2019-11050, CVE-2019-13224, CVE-2019-13225, CVE-2019-16163, CVE-2019-19203, CVE-2019-19204, CVE-2019- 19246, CVE-2019-20454, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066

Description The scan detected that the host is missing the following update: ELSA-2020-3662

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010290.html

OEL8 x86_64 php-xml-7.3.20-1.module+el8.2.0+7784+4033621d php-gd-7.3.20-1.module+el8.2.0+7784+4033621d php-json-7.3.20-1.module+el8.2.0+7784+4033621d php-dba-7.3.20-1.module+el8.2.0+7784+4033621d php-pecl-xdebug-2.8.0-1.module+el8.2.0+5569+98c8b30d apcu-panel-5.1.17-1.module+el8.2.0+5569+98c8b30d php-pdo-7.3.20-1.module+el8.2.0+7784+4033621d php-enchant-7.3.20-1.module+el8.2.0+7784+4033621d php-bcmath-7.3.20-1.module+el8.2.0+7784+4033621d php-xmlrpc-7.3.20-1.module+el8.2.0+7784+4033621d php-ldap-7.3.20-1.module+el8.2.0+7784+4033621d php-pecl-apcu-devel-5.1.17-1.module+el8.2.0+5569+98c8b30d php-dbg-7.3.20-1.module+el8.2.0+7784+4033621d libzip-devel-1.5.2-1.module+el8.2.0+5569+98c8b30d php-pecl-rrd-2.0.1-1.module+el8.2.0+5569+98c8b30d php-snmp-7.3.20-1.module+el8.2.0+7784+4033621d php-pecl-zip-1.15.4-1.module+el8.2.0+5569+98c8b30d php-odbc-7.3.20-1.module+el8.2.0+7784+4033621d libzip-1.5.2-1.module+el8.2.0+5569+98c8b30d php-mysqlnd-7.3.20-1.module+el8.2.0+7784+4033621d php-common-7.3.20-1.module+el8.2.0+7784+4033621d php-gmp-7.3.20-1.module+el8.2.0+7784+4033621d php-intl-7.3.20-1.module+el8.2.0+7784+4033621d php-cli-7.3.20-1.module+el8.2.0+7784+4033621d libzip-tools-1.5.2-1.module+el8.2.0+5569+98c8b30d php-pgsql-7.3.20-1.module+el8.2.0+7784+4033621d php-soap-7.3.20-1.module+el8.2.0+7784+4033621d php-7.3.20-1.module+el8.2.0+7784+4033621d php-mbstring-7.3.20-1.module+el8.2.0+7784+4033621d php-opcache-7.3.20-1.module+el8.2.0+7784+4033621d php-pecl-apcu-5.1.17-1.module+el8.2.0+5569+98c8b30d php-recode-7.3.20-1.module+el8.2.0+7784+4033621d php-process-7.3.20-1.module+el8.2.0+7784+4033621d php-fpm-7.3.20-1.module+el8.2.0+7784+4033621d php-embedded-7.3.20-1.module+el8.2.0+7784+4033621d php-devel-7.3.20-1.module+el8.2.0+7784+4033621d php-pear-1.10.9-1.module+el8.2.0+5569+98c8b30d

164331 - Oracle Enterprise Linux ELSA-2020-3665 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-14040, CVE-2020-15586, CVE-2020-16845

Description The scan detected that the host is missing the following update: ELSA-2020-3665

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010293.html

OEL8 x86_64 golang-bin-1.13.15-1.module+el8.2.0+7788+3ff8dc7f golang-tests-1.13.15-1.module+el8.2.0+7788+3ff8dc7f golang-misc-1.13.15-1.module+el8.2.0+7788+3ff8dc7f go-toolset-1.13.15-1.module+el8.2.0+7788+3ff8dc7f golang-src-1.13.15-1.module+el8.2.0+7788+3ff8dc7f golang-1.13.15-1.module+el8.2.0+7788+3ff8dc7f golang-race-1.13.15-1.module+el8.2.0+7788+3ff8dc7f delve-1.3.2-3.0.1.module+el8.2.0+5587+55f012d0 golang-docs-1.13.15-1.module+el8.2.0+7788+3ff8dc7f

164337 - Oracle Enterprise Linux ELSA-2020-3654 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-12825

Description The scan detected that the host is missing the following update: ELSA-2020-3654

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010288.html

OEL8 x86_64 libcroco-0.6.12-4.el8_2.1 libcroco-devel-0.6.12-4.el8_2.1

164338 - Oracle Enterprise Linux ELSA-2020-3669 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2019-10130, CVE-2019-10164, CVE-2019-10208, CVE-2020-14349, CVE-2020-14350, CVE-2020-1720

Description The scan detected that the host is missing the following update: ELSA-2020-3669

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010291.html

OEL8 x86_64 postgresql-upgrade-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-server-devel-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-pltcl-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-contrib-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-upgrade-devel-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-test-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-static-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-test-rpm-macros-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-plpython3-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-server-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-docs-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-plperl-10.14-1.module+el8.2.0+7785+0ea9f177

178977 - Gentoo Linux GLSA-202009-09 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-09

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-09

Affected packages: net-misc/nextcloud-client < 2.6.5

178978 - Gentoo Linux GLSA-202009-02 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-02

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-02

Affected packages: net-mail/dovecot < 2.3.11.3

178979 - Gentoo Linux GLSA-202009-12 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-12

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-12

Affected packages: net-libs/zeromq < 4.3.3

178980 - Gentoo Linux GLSA-202009-05 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-05

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-05

Affected packages: media-libs/gst-rtsp-server < 1.16.2 178981 - Gentoo Linux GLSA-202009-03 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-03

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-03

Affected packages: www-client/chromium < 85.0.4183.102 www-client/google-chrome < 85.0.4183.102

178984 - Gentoo Linux GLSA-202009-06 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-06

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-06

Affected packages: app-arch/file-roller < 3.36.3

149350 - SuSE SLES 12 SP5 SUSE-SU-2020:2540-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-3639, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-16166, CVE-2020-1749, CVE-2020-24394

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2540-1

SuSE SLES 12 SP5 x86_64 kernel-azure-debugsource-4.12.14-16.25.1 kernel-syms-azure-4.12.14-16.25.1 kernel-azure-base-4.12.14-16.25.1 kernel-azure-4.12.14-16.25.1 kernel-azure-debuginfo-4.12.14-16.25.1 kernel-azure-devel-4.12.14-16.25.1 kernel-azure-base-debuginfo-4.12.14-16.25.1 noarch kernel-source-azure-4.12.14-16.25.1 kernel-devel-azure-4.12.14-16.25.1

149360 - SuSE Linux 15.1 openSUSE-SU-2020:1325-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-3639, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-1749, CVE-2020-24394

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1325-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00015.html

SuSE Linux 15.1 x86_64 kernel-debug-base-debuginfo-4.12.14-lp151.28.63.1 kernel-kvmsmall-4.12.14-lp151.28.63.1 kernel-debug-base-4.12.14-lp151.28.63.1 kernel-kvmsmall-debugsource-4.12.14-lp151.28.63.1 kernel-debug-devel-4.12.14-lp151.28.63.1 kernel-vanilla-debuginfo-4.12.14-lp151.28.63.1 kernel-vanilla-base-debuginfo-4.12.14-lp151.28.63.1 kernel-default-devel-4.12.14-lp151.28.63.1 kernel-default-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-default-base-debuginfo-4.12.14-lp151.28.63.1 kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-obs-build-4.12.14-lp151.28.63.1 kernel-default-base-4.12.14-lp151.28.63.1 kernel-vanilla-debugsource-4.12.14-lp151.28.63.1 kernel-kvmsmall-debuginfo-4.12.14-lp151.28.63.1 kernel-vanilla-base-4.12.14-lp151.28.63.1 kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.63.1 kernel-debug-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-syms-4.12.14-lp151.28.63.1 kernel-vanilla-4.12.14-lp151.28.63.1 kernel-obs-build-debugsource-4.12.14-lp151.28.63.1 kernel-default-debugsource-4.12.14-lp151.28.63.1 kernel-kvmsmall-base-4.12.14-lp151.28.63.1 kernel-debug-debuginfo-4.12.14-lp151.28.63.1 kernel-default-4.12.14-lp151.28.63.1 kernel-default-debuginfo-4.12.14-lp151.28.63.1 kernel-vanilla-devel-4.12.14-lp151.28.63.1 kernel-debug-debugsource-4.12.14-lp151.28.63.1 kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-debug-4.12.14-lp151.28.63.1 kernel-kvmsmall-devel-4.12.14-lp151.28.63.1 kernel-obs-qa-4.12.14-lp151.28.63.1 noarch kernel-docs-html-4.12.14-lp151.28.63.1 kernel-macros-4.12.14-lp151.28.63.1 kernel-source-4.12.14-lp151.28.63.1 kernel-docs-4.12.14-lp151.28.63.1 kernel-source-vanilla-4.12.14-lp151.28.63.1 kernel-devel-4.12.14-lp151.28.63.1

149389 - SuSE SLES 12 SP5 SUSE-SU-2020:2478-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-1000199, CVE-2019-16746, CVE-2019-19462, CVE-2019-20806, CVE-2019-20810, CVE-2019-20812, CVE-2019- 20908, CVE-2019-9455, CVE-2020-0543, CVE-2020-10690, CVE-2020-10711, CVE-2020-10720, CVE-2020-10732, CVE-2020- 10751, CVE-2020-10757, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10769, CVE-2020-10773, CVE-2020- 10781, CVE-2020-11669, CVE-2020-12114, CVE-2020-12464, CVE-2020-12652, CVE-2020-12653, CVE-2020-12654, CVE-2020- 12655, CVE-2020-12656, CVE-2020-12657, CVE-2020-12659, CVE-2020-12769, CVE-2020-12771, CVE-2020-12888, CVE-2020- 13143, CVE-2020-13974, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2478-1

SuSE SLES 12 SP5 x86_64 kernel-rt_debug-4.12.14-10.13.1 kernel-rt_debug-devel-4.12.14-10.13.1 gfs2-kmp-rt-4.12.14-10.13.1 ocfs2-kmp-rt-4.12.14-10.13.1 kernel-rt-devel-4.12.14-10.13.1 cluster-md-kmp-rt-4.12.14-10.13.1 dlm-kmp-rt-4.12.14-10.13.1 kernel-rt-4.12.14-10.13.1 kernel-rt-base-4.12.14-10.13.1 kernel-syms-rt-4.12.14-10.13.1 noarch kernel-source-rt-4.12.14-10.13.1 kernel-devel-rt-4.12.14-10.13.1

149394 - SuSE SLES 12 SP5 SUSE-SU-2020:2605-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-3639, CVE-2020-0305, CVE-2020-10135, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-16166, CVE-2020-24394

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2605-1

SuSE SLES 12 SP5 x86_64 ocfs2-kmp-rt-4.12.14-10.16.1 gfs2-kmp-rt-4.12.14-10.16.1 kernel-rt-devel-4.12.14-10.16.1 kernel-syms-rt-4.12.14-10.16.1 kernel-rt_debug-devel-4.12.14-10.16.1 kernel-rt_debug-4.12.14-10.16.1 kernel-rt-4.12.14-10.16.1 cluster-md-kmp-rt-4.12.14-10.16.1 kernel-rt-base-4.12.14-10.16.1 dlm-kmp-rt-4.12.14-10.16.1 noarch kernel-devel-rt-4.12.14-10.16.1 kernel-source-rt-4.12.14-10.16.1

131661 - Debian Linux 10.0 DSA-4760-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-12829, CVE-2020-14364, CVE-2020-15863, CVE-2020-16092

Description The scan detected that the host is missing the following update: DSA-4760-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4760

Debian 10.0 all qemu_1:3.1+dfsg-8+deb10u8

131662 - Debian Linux 10.0 DSA-4761-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-15166

Description The scan detected that the host is missing the following update: DSA-4761-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4761

Debian 10.0 all libzmq5_4.3.1-4+deb10u2 libzmq3-dev_4.3.1-4+deb10u2

131663 - Debian Linux 10.0 DSA-4758-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14361, CVE-2020-14362

Description The scan detected that the host is missing the following update: DSA-4758-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4758

Debian 10.0 all xserver-xorg-core-udeb_2:1.20.4-1+deb10u1 xserver-xephyr_2:1.20.4-1+deb10u1 xserver-common_2:1.20.4-1+deb10u1 xwayland_2:1.20.4-1+deb10u1 xdmx_2:1.20.4-1+deb10u1 xserver-xorg-dev_2:1.20.4-1+deb10u1 xvfb_2:1.20.4-1+deb10u1 xdmx-tools_2:1.20.4-1+deb10u1 xnest_2:1.20.4-1+deb10u1 xserver-xorg-core_2:1.20.4-1+deb10u1 xserver-xorg-legacy_2:1.20.4-1+deb10u1 xorg-server-source_2:1.20.4-1+deb10u1

131664 - Debian Linux 10.0 DSA-4759-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-24654

Description The scan detected that the host is missing the following update: DSA-4759-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4759

Debian 10.0 all ark_4:18.08.3-1+deb10u2

131665 - Debian Linux 10.0 DSA-4762-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-24660

Description The scan detected that the host is missing the following update: DSA-4762-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4762

Debian 10.0 all lemonldap-ng_2.0.2+ds-7+deb10u5

164328 - Oracle Enterprise Linux ELSA-2020-5844 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Low CVE: CVE-2019-18885, CVE-2019-3874, CVE-2020-10767, CVE-2020-10781, CVE-2020-14331, CVE-2020-16166, CVE-2020- 24394

Description The scan detected that the host is missing the following update: ELSA-2020-5844

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010299.html

OEL7 x86_64 kernel-uek-4.14.35-2025.400.9.el7uek kernel-uek-doc-4.14.35-2025.400.9.el7uek kernel-uek-devel-4.14.35-2025.400.9.el7uek kernel-uek-debug-4.14.35-2025.400.9.el7uek kernel-uek-tools-4.14.35-2025.400.9.el7uek kernel-uek-debug-devel-4.14.35-2025.400.9.el7uek

178982 - Gentoo Linux GLSA-202009-11 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-11

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-11

Affected packages: net-ftp/proftpd < 1.3.7a

178983 - Gentoo Linux GLSA-202009-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-01

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-01

Affected packages: net-libs/gnutls < 3.6.15

178985 - Gentoo Linux GLSA-202009-08 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-08

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-08

Affected packages: gnome-base/gnome-shell < 3.34.5-r1

178986 - Gentoo Linux GLSA-202009-07 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-07

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-07

Affected packages: dev-perl/DBI < 1.643.0

178987 - Gentoo Linux GLSA-202009-04 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202009-04

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-04

Affected packages: dev-qt/qtgui < 5.14.2-r1

27125 - (MSPT-Sep2020) Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability (CVE-2020-16860)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Informational CVE: CVE-2020-16860

Description A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to remote code execution.

Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to remote code execution.

27126 - (MSPT-Sep2020) Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability (CVE-2020-16864)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Informational CVE: CVE-2020-16864

Description A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to cross sire scripting attacks.

Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to cross sire scripting attacks.

The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in cross- site scripting attacks.

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 70014 - netbios-helpers.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational CVE: CVE-MAP-NOMATCH

Update Details FASLScript is updated

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT ServicePortal: https://mysupport.mcafee.com Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.html Non-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.