2020-SEP-16 FSL version 7.6.173
MCAFEE FOUNDSTONE FSL UPDATE
To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.
NEW CHECKS
149363 - SuSE Linux 15.2 openSUSE-SU-2020:1369-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1369-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00060.html
SuSE Linux 15.2 x86_64 squid-debugsource-4.13-lp152.2.6.1 squid-debuginfo-4.13-lp152.2.6.1 squid-4.13-lp152.2.6.1
149365 - SuSE Linux 15.1 openSUSE-SU-2020:1346-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1346-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00033.html
SuSE Linux 15.1 x86_64 squid-debugsource-4.13-lp151.2.24.1 squid-4.13-lp151.2.24.1 squid-debuginfo-4.13-lp151.2.24.1 149393 - SuSE SLES 12 SP5 SUSE-SU-2020:2443-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2443-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007332.html
SuSE SLES 12 SP5 x86_64 squid-debugsource-4.13-4.15.1 squid-4.13-4.15.1 squid-debuginfo-4.13-4.15.1
27036 - (MSPT-Sep2020) Microsoft Windows GDI Remote Code Execution (CVE-2020-1285)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1285
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the GDI component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27045 - (MSPT-Sep2020) Microsoft Windows WDAC Remote Code Execution (CVE-2020-0951)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0951
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the WDAC component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system. 27046 - (MSPT-Sep2020) Microsoft Hyper-V Improperly Validate Malicious Data Denial of Service (CVE-2020-0890)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0890
Description A vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.
Observation A vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.
The flaw lies in improperly validate malicious data. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.
27047 - (MSPT-Sep2020) Microsoft Hyper-V Improperly Validate Malicious Data Denial of Service (CVE-2020-0904)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0904
Description A vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.
Observation A vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.
The flaw lies in improperly validate malicious data. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.
27053 - (MSPT-Sep2020) Microsoft Windows Improperly Handles Objects in Memory Remote Code Execution (CVE-2020- 1252)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1252
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.
27055 - (MSPT-Sep2020) Microsoft Windows Codecs Library Remote Code Execution (CVE-2020-1129)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1129
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Codecs Library component. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
27057 - (MSPT-Sep2020) Microsoft Windows Camera Codec Pack Remote Code Execution (CVE-2020-0997)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0997
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Camera Codec Pack component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27060 - (MSPT-Sep2020) Microsoft Windows Projected Filesystem Remote Code Execution (CVE-2020-0805)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0805
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Projected Filesystem component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.
27061 - (MSPT-Sep2020) Microsoft Windows DNS Denial of Service (CVE-2020-0836)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0836
Description A vulnerability in some versions of Microsoft Windows could lead to a denial of service. Observation A vulnerability in some versions of Microsoft Windows could lead to a denial of service.
The flaw lies in the DNS component. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.
27067 - (MSPT-Sep2020) Microsoft Windows Text Service Module Remote Code Execution (CVE-2020-0908)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0908
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Text Service Module component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.
27070 - (MSPT-Sep2020) Microsoft Windows Routing Utilities Denial of Service (CVE-2020-1038)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1038
Description A vulnerability in some versions of Microsoft Windows could lead to a denial of service.
Observation A vulnerability in some versions of Microsoft Windows could lead to a denial of service.
The flaw lies in the Routing Utilities component. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.
27073 - (MSPT-Sep2020) Microsoft Windows DNS Denial of Service (CVE-2020-1228)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1228
Description A vulnerability in some versions of Microsoft Windows could lead to a denial of service.
Observation A vulnerability in some versions of Microsoft Windows could lead to a denial of service.
The flaw lies in the DNS component. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.
27075 - (MSPT-Sep2020) Microsoft Media Audio Decoder Improperly Handles Objects in Memory Remote Code Execution (CVE-2020-1508)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1508
Description A vulnerability in some versions of Microsoft Media Audio Decoder could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Media Audio Decoder could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27077 - (MSPT-Sep2020) Microsoft Windows Media Audio Decoder Remote Code Execution (CVE-2020-1593)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1593
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Media Audio Decoder component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27085 - (MSPT-Sep2020) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2020-1039)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1039
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27086 - (MSPT-Sep2020) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2020-1074) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1074
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27088 - (MSPT-Sep2020) Microsoft Active Directory ADIDNS Remote Code Execution (CVE-2020-0718)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0718
Description A vulnerability in some versions of Microsoft Active Directory could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Active Directory could lead to remote code execution.
The flaw lies in the ADIDNS component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.
27089 - (MSPT-Sep2020) Microsoft Active Directory ADIDNS Remote Code Execution (CVE-2020-0761)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0761
Description A vulnerability in some versions of Microsoft Active Directory could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Active Directory could lead to remote code execution.
The flaw lies in the ADIDNS component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.
27092 - (MSPT-Sep2020) Microsoft Browsers Improperly Access Objects in Memory Remote Code Execution (CVE-2020- 0878)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0878 Description A vulnerability in some versions of Microsoft Browsers could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Browsers could lead to remote code execution.
The flaw lies in the Improperly Access Objects in Memory component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27093 - (MSPT-Sep2020) Microsoft ChakraCore Scripting Engine Remote Code Execution (CVE-2020-1057)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1057
Description A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.
The flaw lies in the Scripting Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27094 - (MSPT-Sep2020) Microsoft ChakraCore Improperly Handles Objects in Memory Remote Code Execution (CVE- 2020-1172)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1172
Description A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27095 - (MSPT-Sep2020) Microsoft ChakraCore Improperly Handles Objects in Memory Remote Code Execution (CVE- 2020-1180)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1180
Description A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution. Observation A vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27106 - (MSPT-Sep2020) Microsoft Windows COM Remote Code Execution (CVE-2020-0922)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-0922
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the COM component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27119 - (MSPT-Sep2020) Microsoft Dynamics 365 Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-2020-16858)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16858
Description A vulnerability in some versions of Microsoft Dynamics 365 could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Dynamics 365 could lead to remote code execution.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27120 - (MSPT-Sep2020) Microsoft Dynamics 365 Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-2020-16859)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16859
Description A vulnerability in some versions of Microsoft Dynamics 365 could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Dynamics 365 could lead to remote code execution. The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27121 - (MSPT-Sep2020) Microsoft Microsoft Dynamics 365 Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-202
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16861
Description A vulnerability in some versions of Microsoft Microsoft Dynamics 365 could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 365 could lead to remote code execution.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27122 - (MSPT-Sep2020) (CVE-2020-16862) Microsoft Microsoft Dynamics 366 Properly Sanitize a Specially Crafted Web Request Remote Code E
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16862
Description A vulnerability in some versions of Microsoft Microsoft Dynamics 366 could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 366 could lead to remote code execution.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27123 - (MSPT-Sep2020) Microsoft Microsoft Dynamics 366 Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-202
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16871
Description A vulnerability in some versions of Microsoft Microsoft Dynamics 366 could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 366 could lead to remote code execution.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document. 27124 - (MSPT-Sep2020) Microsoft Microsoft Dynamics 367 Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-202
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16872
Description A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to remote code execution.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27127 - (MSPT-Sep2020) Microsoft Dynamics 365 (on-premises) Improperly Sanitize a Specially Crafted Web Request Remote Code Execution (C
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16878
Description A vulnerability in some versions of Microsoft Dynamics 365 (on-premises) could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Dynamics 365 (on-premises) could lead to remote code execution.
The flaw lies in the Improperly Sanitize a Specially Crafted Web Request component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27128 - (MSPT-Sep2020) Microsoft Exchange Improperly Handles Objects in Memory Remote Code Execution (CVE-2020- 16875)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16875
Description A vulnerability in some versions of Microsoft Exchange could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Exchange could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27133 - (MSPT-Sep2020) Microsoft Visual Studio Improperly Handles Objects in Memory Remote Code Execution (CVE- 2020-16856)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16856
Description A vulnerability in some versions of Microsoft Visual Studio could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Visual Studio could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27134 - (MSPT-Sep2020) Microsoft Visual Studio Improperly Handles Objects in Memory Remote Code Execution (CVE- 2020-16874)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16874
Description A vulnerability in some versions of Microsoft Visual Studio could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Visual Studio could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27141 - (MSPT-Sep2020) Microsoft Word Remote Code Execution (CVE-2020-1338)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1338
Description A vulnerability in some versions of Microsoft Word could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Word could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.
27143 - (MSPT-Sep2020) Microsoft SharePoint Server Properly Sanitize a Specially Crafted Web Request Remote Code Execution (CVE-2020-119
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1198
Description A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.
Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by an attacker could result in the disclosure of sensitive information.
27144 - (MSPT-Sep2020) Microsoft SharePoint Remote Code Execution (CVE-2020-1200)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1200
Description A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
The flaw lies in improperly check the source markup of a package. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.
27147 - (MSPT-Sep2020) Microsoft SharePoint Server XSS Vulnerability (CVE-2020-1345)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1345
Description A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.
Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the Cross Site Scripting Attack.
27148 - (MSPT-Sep2020) Microsoft SharePoint Server XSS Vulnerability (CVE-2020-1482)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1482
Description A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.
Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the Cross Site Scripting Attack.
27151 - (MSPT-Sep2020) Microsoft SharePoint APIs Remote Code Execution (CVE-2020-1595)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1595
Description A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
The flaw lies in the APIs component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27152 - (MSPT-Sep2020) Microsoft Sharepoint Remote Code Execution (CVE-2020-1210)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1210
Description A vulnerability in some versions of Microsoft Sharepoint could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Sharepoint could lead to remote code execution.
The flaw lies in improperly check the source markup of a package. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27154 - (MSPT-Sep2020) Microsoft SharePoint Remote Code Execution (CVE-2020-1452)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1452
Description A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution. The flaw lies in improperly check the source markup of a package. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27155 - (MSPT-Sep2020) Microsoft SharePoint Remote Code Execution (CVE-2020-1453)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1453
Description A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
The flaw lies in improperly check the source markup of a package. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27156 - (MSPT-Sep2020) Microsoft SharePoint Server ASP.Net Remote Code Execution (CVE-2020-1460)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1460
Description A vulnerability in some versions of Microsoft SharePoint Server could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to remote code execution.
The flaw lies in the ASP.Net component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27157 - (MSPT-Sep2020) Microsoft SharePoint XSS Vulnerability (CVE-2020-1514)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1514
Description A vulnerability in some versions of Microsoft SharePoint Server could lead to cross site scripting attack.
Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to cross site scripting attack
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.
27159 - (MSPT-Sep2020) Microsoft Windows Visual Studio Code Remote Code Execution (CVE-2020-16881) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-16881
Description A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Visual Studio Code component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27160 - (MSPT-Sep2020) Microsoft ASP.NET Core Improperly Parses Encoded Cookie Names Remote Code Execution (CVE-2020-1045)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-1045
Description A vulnerability in some versions of Microsoft ASP.NET Core could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft ASP.NET Core could lead to remote code execution.
The flaw lies in improperly parses encoded cookie names. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
132540 - Oracle VM OVMSA-2020-0041 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle VM Patches and Hotfixes Risk Level: High CVE: CVE-2017-16644, CVE-2019-10638, CVE-2019-10639, CVE-2019-19049, CVE-2019-19062, CVE-2019-19535, CVE-2019- 20811, CVE-2020-10732
Description The scan detected that the host is missing the following update: OVMSA-2020-0041
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/oraclevm-errata/2020-September/000999.html
OVM3.4 x86_64 kernel-uek-4.1.12-124.42.3.el6uek kernel-uek-firmware-4.1.12-124.42.3.el6uek 149347 - SuSE SLES 12 SP5 SUSE-SU-2020:2475-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14363
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2475-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007344.html
SuSE SLES 12 SP5 noarch libX11-data-1.6.2-12.15.1 x86_64 libX11-6-1.6.2-12.15.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.15.1 libX11-debugsource-1.6.2-12.15.1 libX11-xcb1-1.6.2-12.15.1 libX11-6-debuginfo-1.6.2-12.15.1 libX11-xcb1-debuginfo-1.6.2-12.15.1 libX11-6-32bit-1.6.2-12.15.1 libX11-6-debuginfo-32bit-1.6.2-12.15.1 libX11-xcb1-32bit-1.6.2-12.15.1
149348 - SuSE Linux 15.1 openSUSE-SU-2020:1405-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14039, CVE-2020-15586, CVE-2020-16845
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1405-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00092.html
SuSE Linux 15.1 x86_64 go1.14-doc-1.14.7-lp151.13.1 go1.14-race-1.14.7-lp151.13.1 go1.14-1.14.7-lp151.13.1
149349 - SuSE Linux 15.1 openSUSE-SU-2020:1416-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15719
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1416-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00104.html
SuSE Linux 15.1 i586 openldap2-back-sock-2.4.46-lp151.10.15.1 openldap2-back-sql-debuginfo-2.4.46-lp151.10.15.1 libldap-2_4-2-debuginfo-2.4.46-lp151.10.15.1 openldap2-devel-2.4.46-lp151.10.15.1 openldap2-back-meta-debuginfo-2.4.46-lp151.10.15.1 openldap2-2.4.46-lp151.10.15.1 openldap2-devel-static-2.4.46-lp151.10.15.1 openldap2-client-2.4.46-lp151.10.15.1 openldap2-back-sock-debuginfo-2.4.46-lp151.10.15.1 openldap2-debugsource-2.4.46-lp151.10.15.1 libldap-2_4-2-2.4.46-lp151.10.15.1 openldap2-back-sql-2.4.46-lp151.10.15.1 openldap2-back-meta-2.4.46-lp151.10.15.1 openldap2-ppolicy-check-password-debuginfo-1.2-lp151.10.15.1 openldap2-ppolicy-check-password-1.2-lp151.10.15.1 openldap2-back-perl-debuginfo-2.4.46-lp151.10.15.1 openldap2-debuginfo-2.4.46-lp151.10.15.1 openldap2-client-debuginfo-2.4.46-lp151.10.15.1 openldap2-back-perl-2.4.46-lp151.10.15.1 openldap2-contrib-debuginfo-2.4.46-lp151.10.15.1 openldap2-contrib-2.4.46-lp151.10.15.1 noarch openldap2-doc-2.4.46-lp151.10.15.1 libldap-data-2.4.46-lp151.10.15.1 x86_64 libldap-2_4-2-32bit-debuginfo-2.4.46-lp151.10.15.1 openldap2-back-sock-2.4.46-lp151.10.15.1 openldap2-back-sql-debuginfo-2.4.46-lp151.10.15.1 libldap-2_4-2-debuginfo-2.4.46-lp151.10.15.1 openldap2-devel-2.4.46-lp151.10.15.1 openldap2-back-meta-debuginfo-2.4.46-lp151.10.15.1 openldap2-2.4.46-lp151.10.15.1 openldap2-devel-static-2.4.46-lp151.10.15.1 openldap2-client-2.4.46-lp151.10.15.1 openldap2-back-sock-debuginfo-2.4.46-lp151.10.15.1 openldap2-debugsource-2.4.46-lp151.10.15.1 libldap-2_4-2-2.4.46-lp151.10.15.1 openldap2-back-sql-2.4.46-lp151.10.15.1 openldap2-devel-32bit-2.4.46-lp151.10.15.1 openldap2-back-meta-2.4.46-lp151.10.15.1 openldap2-ppolicy-check-password-debuginfo-1.2-lp151.10.15.1 openldap2-ppolicy-check-password-1.2-lp151.10.15.1 openldap2-back-perl-debuginfo-2.4.46-lp151.10.15.1 libldap-2_4-2-32bit-2.4.46-lp151.10.15.1 openldap2-debuginfo-2.4.46-lp151.10.15.1 openldap2-client-debuginfo-2.4.46-lp151.10.15.1 openldap2-back-perl-2.4.46-lp151.10.15.1 openldap2-contrib-debuginfo-2.4.46-lp151.10.15.1 openldap2-contrib-2.4.46-lp151.10.15.1
149351 - SuSE SLED 15 SP2 SUSE-SU-2020:2486-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-16166
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2486-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007351.html
SuSE SLED 15 SP2 x86_64 kernel-default-debuginfo-5.3.18-24.12.1 kernel-default-extra-debuginfo-5.3.18-24.12.1 kernel-default-debugsource-5.3.18-24.12.1 kernel-default-extra-5.3.18-24.12.1
149352 - SuSE Linux 15.1 openSUSE-SU-2020:1413-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13790
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1413-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00099.html
SuSE Linux 15.1 x86_64 libturbojpeg0-32bit-8.1.2-lp151.6.6.1 libjpeg-turbo-1.5.3-lp151.6.6.1 libturbojpeg0-debuginfo-8.1.2-lp151.6.6.1 libjpeg62-turbo-debugsource-1.5.3-lp151.6.6.1 libjpeg62-32bit-62.2.0-lp151.6.6.1 libjpeg62-debuginfo-62.2.0-lp151.6.6.1 libturbojpeg0-8.1.2-lp151.6.6.1 libjpeg8-32bit-8.1.2-lp151.6.6.1 libjpeg-turbo-debugsource-1.5.3-lp151.6.6.1 libjpeg62-62.2.0-lp151.6.6.1 libjpeg62-32bit-debuginfo-62.2.0-lp151.6.6.1 libjpeg8-32bit-debuginfo-8.1.2-lp151.6.6.1 libjpeg62-devel-32bit-62.2.0-lp151.6.6.1 libjpeg62-devel-62.2.0-lp151.6.6.1 libjpeg8-8.1.2-lp151.6.6.1 libjpeg8-devel-32bit-8.1.2-lp151.6.6.1 libjpeg8-debuginfo-8.1.2-lp151.6.6.1 libjpeg-turbo-debuginfo-1.5.3-lp151.6.6.1 libturbojpeg0-32bit-debuginfo-8.1.2-lp151.6.6.1 libjpeg8-devel-8.1.2-lp151.6.6.1 libjpeg62-turbo-1.5.3-lp151.6.6.1 i586 libjpeg-turbo-1.5.3-lp151.6.6.1 libturbojpeg0-debuginfo-8.1.2-lp151.6.6.1 libjpeg62-turbo-debugsource-1.5.3-lp151.6.6.1 libjpeg62-debuginfo-62.2.0-lp151.6.6.1 libturbojpeg0-8.1.2-lp151.6.6.1 libjpeg-turbo-debugsource-1.5.3-lp151.6.6.1 libjpeg62-62.2.0-lp151.6.6.1 libjpeg62-devel-62.2.0-lp151.6.6.1 libjpeg8-8.1.2-lp151.6.6.1 libjpeg8-debuginfo-8.1.2-lp151.6.6.1 libjpeg-turbo-debuginfo-1.5.3-lp151.6.6.1 libjpeg8-devel-8.1.2-lp151.6.6.1 libjpeg62-turbo-1.5.3-lp151.6.6.1
149353 - SuSE SLES 12 SP5 SUSE-SU-2020:2482-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-17639, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020- 14621
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2482-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007347.html
SuSE SLES 12 SP5 x86_64 java-1_7_1-ibm-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-alsa-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-plugin-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-jdbc-1.7.1_sr4.70-38.56.1 java-1_7_1-ibm-devel-1.7.1_sr4.70-38.56.1
149354 - SuSE SLED 15 SP1 SUSE-SU-2020:2481-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14361, CVE-2020-14362
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2481-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007349.html
SuSE SLED 15 SP1 x86_64 xorg-x11-server-debugsource-1.20.3-14.5.5.2 xorg-x11-server-debuginfo-1.20.3-14.5.5.2 xorg-x11-server-wayland-1.20.3-14.5.5.2 xorg-x11-server-wayland-debuginfo-1.20.3-14.5.5.2
149355 - SuSE SLES 12 SP5 SUSE-SU-2020:2461-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-17639, CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020- 14583, CVE-2020-14593, CVE-2020-14621
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2461-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007338.html
SuSE SLES 12 SP5 x86_64 java-1_8_0-ibm-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-devel-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-alsa-1.8.0_sr6.15-30.72.1 java-1_8_0-ibm-plugin-1.8.0_sr6.15-30.72.1
149356 - SuSE Linux 15.1 openSUSE-SU-2020:1421-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-12693
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1421-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00109.html
SuSE Linux 15.1 x86_64 libpmi0-18.08.9-lp151.2.10.1 slurm-pam_slurm-18.08.9-lp151.2.10.1 slurm-lua-18.08.9-lp151.2.10.1 slurm-sjstat-18.08.9-lp151.2.10.1 slurm-sql-debuginfo-18.08.9-lp151.2.10.1 slurm-18.08.9-lp151.2.10.1 slurm-debugsource-18.08.9-lp151.2.10.1 slurm-auth-none-18.08.9-lp151.2.10.1 slurm-node-18.08.9-lp151.2.10.1 slurm-sview-18.08.9-lp151.2.10.1 slurm-webdoc-18.08.9-lp151.2.10.1 slurm-lua-debuginfo-18.08.9-lp151.2.10.1 perl-slurm-18.08.9-lp151.2.10.1 slurm-torque-18.08.9-lp151.2.10.1 libpmi0-debuginfo-18.08.9-lp151.2.10.1 slurm-cray-debuginfo-18.08.9-lp151.2.10.1 slurm-seff-18.08.9-lp151.2.10.1 slurm-hdf5-debuginfo-18.08.9-lp151.2.10.1 slurm-openlava-18.08.9-lp151.2.10.1 slurm-auth-none-debuginfo-18.08.9-lp151.2.10.1 slurm-munge-18.08.9-lp151.2.10.1 slurm-slurmdbd-debuginfo-18.08.9-lp151.2.10.1 slurm-plugins-debuginfo-18.08.9-lp151.2.10.1 libslurm33-18.08.9-lp151.2.10.1 slurm-config-18.08.9-lp151.2.10.1 slurm-doc-18.08.9-lp151.2.10.1 slurm-sql-18.08.9-lp151.2.10.1 perl-slurm-debuginfo-18.08.9-lp151.2.10.1 slurm-node-debuginfo-18.08.9-lp151.2.10.1 slurm-devel-18.08.9-lp151.2.10.1 slurm-slurmdbd-18.08.9-lp151.2.10.1 slurm-config-man-18.08.9-lp151.2.10.1 slurm-pam_slurm-debuginfo-18.08.9-lp151.2.10.1 slurm-cray-18.08.9-lp151.2.10.1 slurm-plugins-18.08.9-lp151.2.10.1 libslurm33-debuginfo-18.08.9-lp151.2.10.1 slurm-hdf5-18.08.9-lp151.2.10.1 slurm-debuginfo-18.08.9-lp151.2.10.1 slurm-munge-debuginfo-18.08.9-lp151.2.10.1 slurm-torque-debuginfo-18.08.9-lp151.2.10.1 slurm-sview-debuginfo-18.08.9-lp151.2.10.1
149357 - SuSE SLES 12 SP5 SUSE-SU-2020:2627-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-10713
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2627-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007424.html
SuSE SLES 12 SP5 x86_64 shim-15+git47-25.11.1
149359 - SuSE SLED 15 SP1, 15 SP2 SUSE-SU-2020:2552-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15669
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2552-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007376.html
SuSE SLED 15 SP1 x86_64 MozillaThunderbird-translations-common-68.12.0-3.94.1 MozillaThunderbird-translations-other-68.12.0-3.94.1 MozillaThunderbird-debuginfo-68.12.0-3.94.1 MozillaThunderbird-68.12.0-3.94.1 MozillaThunderbird-debugsource-68.12.0-3.94.1
SuSE SLED 15 SP2 x86_64 MozillaThunderbird-translations-common-68.12.0-3.94.1 MozillaThunderbird-translations-other-68.12.0-3.94.1 MozillaThunderbird-debuginfo-68.12.0-3.94.1 MozillaThunderbird-68.12.0-3.94.1 MozillaThunderbird-debugsource-68.12.0-3.94.1
149361 - SuSE Linux 15.1 openSUSE-SU-2020:1345-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-8231
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1345-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00029.html
SuSE Linux 15.1 x86_64 libcurl-mini-devel-7.60.0-lp151.5.15.1 libcurl-devel-7.60.0-lp151.5.15.1 libcurl4-32bit-debuginfo-7.60.0-lp151.5.15.1 libcurl4-32bit-7.60.0-lp151.5.15.1 libcurl4-debuginfo-7.60.0-lp151.5.15.1 libcurl4-mini-debuginfo-7.60.0-lp151.5.15.1 curl-7.60.0-lp151.5.15.1 curl-debugsource-7.60.0-lp151.5.15.1 libcurl-devel-32bit-7.60.0-lp151.5.15.1 libcurl4-7.60.0-lp151.5.15.1 curl-mini-debuginfo-7.60.0-lp151.5.15.1 curl-mini-7.60.0-lp151.5.15.1 libcurl4-mini-7.60.0-lp151.5.15.1 curl-mini-debugsource-7.60.0-lp151.5.15.1 curl-debuginfo-7.60.0-lp151.5.15.1 i586 curl-7.60.0-lp151.5.15.1 curl-mini-7.60.0-lp151.5.15.1 libcurl4-debuginfo-7.60.0-lp151.5.15.1 curl-mini-debugsource-7.60.0-lp151.5.15.1 libcurl4-7.60.0-lp151.5.15.1 curl-debuginfo-7.60.0-lp151.5.15.1 curl-mini-debuginfo-7.60.0-lp151.5.15.1 libcurl-devel-7.60.0-lp151.5.15.1 libcurl4-mini-7.60.0-lp151.5.15.1 libcurl-mini-devel-7.60.0-lp151.5.15.1 libcurl4-mini-debuginfo-7.60.0-lp151.5.15.1 curl-debugsource-7.60.0-lp151.5.15.1
149362 - SuSE SLES 12 SP5 SUSE-SU-2020:2544-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15670
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2544-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007373.html
SuSE SLES 12 SP5 x86_64 MozillaFirefox-debuginfo-78.2.0-112.19.2 MozillaFirefox-translations-common-78.2.0-112.19.2 MozillaFirefox-78.2.0-112.19.2 MozillaFirefox-debugsource-78.2.0-112.19.2 MozillaFirefox-devel-78.2.0-112.19.2
149364 - SuSE Linux 15.2 openSUSE-SU-2020:1326-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14349, CVE-2020-14350
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1326-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00016.html
SuSE Linux 15.2 i586 postgresql10-pltcl-debuginfo-10.14-lp152.2.6.2 postgresql10-plperl-debuginfo-10.14-lp152.2.6.2 postgresql10-contrib-10.14-lp152.2.6.2 postgresql10-contrib-debuginfo-10.14-lp152.2.6.2 postgresql10-server-10.14-lp152.2.6.2 postgresql10-plperl-10.14-lp152.2.6.2 postgresql10-devel-10.14-lp152.2.6.2 postgresql10-pltcl-10.14-lp152.2.6.2 postgresql10-test-10.14-lp152.2.6.2 postgresql10-debugsource-10.14-lp152.2.6.2 postgresql10-plpython-10.14-lp152.2.6.2 postgresql10-server-debuginfo-10.14-lp152.2.6.2 postgresql10-devel-debuginfo-10.14-lp152.2.6.2 postgresql10-plpython-debuginfo-10.14-lp152.2.6.2 postgresql10-debuginfo-10.14-lp152.2.6.2 postgresql10-10.14-lp152.2.6.2 noarch postgresql10-docs-10.14-lp152.2.6.2 x86_64 postgresql10-pltcl-debuginfo-10.14-lp152.2.6.2 postgresql10-plperl-debuginfo-10.14-lp152.2.6.2 postgresql10-contrib-10.14-lp152.2.6.2 postgresql10-contrib-debuginfo-10.14-lp152.2.6.2 postgresql10-server-10.14-lp152.2.6.2 postgresql10-plperl-10.14-lp152.2.6.2 postgresql10-devel-10.14-lp152.2.6.2 postgresql10-pltcl-10.14-lp152.2.6.2 postgresql10-test-10.14-lp152.2.6.2 postgresql10-debugsource-10.14-lp152.2.6.2 postgresql10-plpython-10.14-lp152.2.6.2 postgresql10-server-debuginfo-10.14-lp152.2.6.2 postgresql10-devel-debuginfo-10.14-lp152.2.6.2 postgresql10-plpython-debuginfo-10.14-lp152.2.6.2 postgresql10-debuginfo-10.14-lp152.2.6.2 postgresql10-10.14-lp152.2.6.2 149366 - SuSE Linux 15.1 openSUSE-SU-2020:1368-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14363
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1368-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00063.html
SuSE Linux 15.1 i586 libX11-xcb1-1.6.5-lp151.4.9.1 libX11-xcb1-debuginfo-1.6.5-lp151.4.9.1 libX11-6-1.6.5-lp151.4.9.1 libX11-6-debuginfo-1.6.5-lp151.4.9.1 libX11-debugsource-1.6.5-lp151.4.9.1 libX11-devel-1.6.5-lp151.4.9.1 noarch libX11-data-1.6.5-lp151.4.9.1 x86_64 libX11-xcb1-32bit-1.6.5-lp151.4.9.1 libX11-xcb1-1.6.5-lp151.4.9.1 libX11-6-32bit-debuginfo-1.6.5-lp151.4.9.1 libX11-xcb1-debuginfo-1.6.5-lp151.4.9.1 libX11-6-32bit-1.6.5-lp151.4.9.1 libX11-6-1.6.5-lp151.4.9.1 libX11-6-debuginfo-1.6.5-lp151.4.9.1 libX11-xcb1-32bit-debuginfo-1.6.5-lp151.4.9.1 libX11-debugsource-1.6.5-lp151.4.9.1 libX11-devel-1.6.5-lp151.4.9.1 libX11-devel-32bit-1.6.5-lp151.4.9.1
149367 - SuSE SLES 12 SP5 SUSE-SU-2020:2578-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14386
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2578-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007389.html
SuSE SLES 12 SP5 x86_64 kernel-azure-debuginfo-4.12.14-16.28.1 kernel-syms-azure-4.12.14-16.28.1 kernel-azure-base-debuginfo-4.12.14-16.28.1 kernel-azure-devel-4.12.14-16.28.1 kernel-azure-base-4.12.14-16.28.1 kernel-azure-4.12.14-16.28.1 kernel-azure-debugsource-4.12.14-16.28.1 noarch kernel-source-azure-4.12.14-16.28.1 kernel-devel-azure-4.12.14-16.28.1
149368 - SuSE Linux 15.1 openSUSE-SU-2020:1430-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-24977
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1430-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00111.html
SuSE Linux 15.1 i586 python3-libxml2-python-2.9.7-lp151.5.15.1 python3-libxml2-python-debuginfo-2.9.7-lp151.5.15.1 libxml2-2-debuginfo-2.9.7-lp151.5.15.1 libxml2-2-2.9.7-lp151.5.15.1 libxml2-debugsource-2.9.7-lp151.5.15.1 libxml2-devel-2.9.7-lp151.5.15.1 libxml2-tools-2.9.7-lp151.5.15.1 python2-libxml2-python-debuginfo-2.9.7-lp151.5.15.1 python-libxml2-python-debugsource-2.9.7-lp151.5.15.1 python2-libxml2-python-2.9.7-lp151.5.15.1 libxml2-tools-debuginfo-2.9.7-lp151.5.15.1 noarch libxml2-doc-2.9.7-lp151.5.15.1 x86_64 python3-libxml2-python-debuginfo-2.9.7-lp151.5.15.1 libxml2-2-32bit-2.9.7-lp151.5.15.1 python2-libxml2-python-2.9.7-lp151.5.15.1 libxml2-2-debuginfo-2.9.7-lp151.5.15.1 libxml2-debugsource-2.9.7-lp151.5.15.1 python2-libxml2-python-debuginfo-2.9.7-lp151.5.15.1 libxml2-2-2.9.7-lp151.5.15.1 libxml2-devel-32bit-2.9.7-lp151.5.15.1 libxml2-devel-2.9.7-lp151.5.15.1 libxml2-tools-2.9.7-lp151.5.15.1 python3-libxml2-python-2.9.7-lp151.5.15.1 libxml2-tools-debuginfo-2.9.7-lp151.5.15.1 libxml2-2-32bit-debuginfo-2.9.7-lp151.5.15.1 python-libxml2-python-debugsource-2.9.7-lp151.5.15.1
149369 - SuSE SLES 12 SP5, SLED 12 SP5 SUSE-SU-2020:2574-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-14386, CVE-2020-16166, CVE-2020-1749, CVE-2020- 24394
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2574-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007382.html
SuSE SLED 12 SP5 x86_64 kernel-default-extra-4.12.14-122.37.1 kernel-default-extra-debuginfo-4.12.14-122.37.1 kernel-default-debugsource-4.12.14-122.37.1 kernel-default-debuginfo-4.12.14-122.37.1
SuSE SLES 12 SP5 noarch kernel-devel-4.12.14-122.37.1 kernel-macros-4.12.14-122.37.1 kernel-source-4.12.14-122.37.1 x86_64 kernel-syms-4.12.14-122.37.1 kernel-default-base-debuginfo-4.12.14-122.37.1 kernel-default-4.12.14-122.37.1 kernel-default-base-4.12.14-122.37.1 kernel-default-devel-debuginfo-4.12.14-122.37.1 kernel-default-devel-4.12.14-122.37.1 kernel-default-debugsource-4.12.14-122.37.1 kernel-default-debuginfo-4.12.14-122.37.1
149370 - SuSE SLED 15 SP1 SUSE-SU-2020:2575-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-10135, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-14386, CVE-2020-16166, CVE-2020- 1749, CVE-2020-24394
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2575-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007388.html http://lists.suse.com/pipermail/sle-security-updates/2020-September/007383.html
SuSE SLED 15 SP1 x86_64 kernel-default-debuginfo-4.12.14-197.56.1 kernel-default-debugsource-4.12.14-197.56.1 kernel-default-extra-4.12.14-197.56.1 kernel-default-extra-debuginfo-4.12.14-197.56.1
149371 - SuSE SLES 12 SP5 SUSE-SU-2020:2450-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-11985, CVE-2020-11993, CVE-2020-9490
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2450-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007331.html
SuSE SLES 12 SP5 noarch apache2-doc-2.4.23-29.63.1 x86_64 apache2-utils-2.4.23-29.63.1 apache2-debugsource-2.4.23-29.63.1 apache2-2.4.23-29.63.1 apache2-example-pages-2.4.23-29.63.1 apache2-prefork-debuginfo-2.4.23-29.63.1 apache2-debuginfo-2.4.23-29.63.1 apache2-worker-2.4.23-29.63.1 apache2-worker-debuginfo-2.4.23-29.63.1 apache2-prefork-2.4.23-29.63.1 apache2-utils-debuginfo-2.4.23-29.63.1
149372 - SuSE Linux 15.2 openSUSE-SU-2020:1382-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14314, CVE-2020-14386
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1382-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00072.html
SuSE Linux 15.2 x86_64 kernel-default-base-rebuild-5.3.18-lp152.41.1.lp152.8.6.2 kernel-obs-build-debugsource-5.3.18-lp152.41.1 kernel-preempt-5.3.18-lp152.41.1 kernel-preempt-debugsource-5.3.18-lp152.41.1 kernel-default-5.3.18-lp152.41.1 kernel-kvmsmall-debugsource-5.3.18-lp152.41.1 kernel-kvmsmall-5.3.18-lp152.41.1 kernel-debug-debuginfo-5.3.18-lp152.41.1 kernel-kvmsmall-devel-5.3.18-lp152.41.1 kernel-debug-devel-debuginfo-5.3.18-lp152.41.1 kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.41.1 kernel-obs-qa-5.3.18-lp152.41.1 kernel-default-devel-5.3.18-lp152.41.1 kernel-preempt-debuginfo-5.3.18-lp152.41.1 kernel-kvmsmall-debuginfo-5.3.18-lp152.41.1 kernel-debug-debugsource-5.3.18-lp152.41.1 kernel-debug-devel-5.3.18-lp152.41.1 kernel-default-base-5.3.18-lp152.41.1.lp152.8.6.2 kernel-debug-5.3.18-lp152.41.1 kernel-preempt-devel-debuginfo-5.3.18-lp152.41.1 kernel-default-devel-debuginfo-5.3.18-lp152.41.1 kernel-preempt-devel-5.3.18-lp152.41.1 kernel-default-debuginfo-5.3.18-lp152.41.1 kernel-obs-build-5.3.18-lp152.41.1 kernel-default-debugsource-5.3.18-lp152.41.1 kernel-syms-5.3.18-lp152.41.1 noarch kernel-docs-html-5.3.18-lp152.41.1 kernel-source-vanilla-5.3.18-lp152.41.1 kernel-source-5.3.18-lp152.41.1 kernel-docs-5.3.18-lp152.41.1 kernel-macros-5.3.18-lp152.41.1 kernel-devel-5.3.18-lp152.41.1
149373 - SuSE SLED 15 SP2 SUSE-SU-2020:2577-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14386
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2577-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007390.html http://lists.suse.com/pipermail/sle-security-updates/2020-September/007386.html
SuSE SLED 15 SP2 x86_64 kernel-default-extra-5.3.18-24.15.1 kernel-default-debugsource-5.3.18-24.15.1 kernel-default-debuginfo-5.3.18-24.15.1 kernel-default-extra-debuginfo-5.3.18-24.15.1
149374 - SuSE Linux 15.2 openSUSE-SU-2020:1370-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14363
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1370-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00062.html
SuSE Linux 15.2 i586 libX11-xcb1-debuginfo-1.6.5-lp152.5.9.1 libX11-6-1.6.5-lp152.5.9.1 libX11-6-debuginfo-1.6.5-lp152.5.9.1 libX11-xcb1-1.6.5-lp152.5.9.1 libX11-devel-1.6.5-lp152.5.9.1 libX11-debugsource-1.6.5-lp152.5.9.1 noarch libX11-data-1.6.5-lp152.5.9.1 x86_64 libX11-6-32bit-1.6.5-lp152.5.9.1 libX11-xcb1-debuginfo-1.6.5-lp152.5.9.1 libX11-xcb1-32bit-debuginfo-1.6.5-lp152.5.9.1 libX11-6-1.6.5-lp152.5.9.1 libX11-xcb1-32bit-1.6.5-lp152.5.9.1 libX11-6-debuginfo-1.6.5-lp152.5.9.1 libX11-xcb1-1.6.5-lp152.5.9.1 libX11-devel-32bit-1.6.5-lp152.5.9.1 libX11-devel-1.6.5-lp152.5.9.1 libX11-debugsource-1.6.5-lp152.5.9.1 libX11-6-32bit-debuginfo-1.6.5-lp152.5.9.1
149375 - SuSE SLES 12 SP5 SUSE-SU-2020:2570-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13790
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2570-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007379.html
SuSE SLES 12 SP5 x86_64 libjpeg62-debuginfo-62.2.0-31.22.2 libjpeg8-debuginfo-8.1.2-31.22.2 libjpeg62-turbo-1.5.3-31.22.2 libjpeg-turbo-debuginfo-1.5.3-31.22.2 libjpeg8-32bit-8.1.2-31.22.2 libjpeg8-debuginfo-32bit-8.1.2-31.22.2 libturbojpeg0-debuginfo-8.1.2-31.22.2 libjpeg62-62.2.0-31.22.2 libjpeg62-turbo-debugsource-1.5.3-31.22.2 libturbojpeg0-8.1.2-31.22.2 libjpeg8-8.1.2-31.22.2 libjpeg62-32bit-62.2.0-31.22.2 libjpeg-turbo-debugsource-1.5.3-31.22.2 libjpeg-turbo-1.5.3-31.22.2 libjpeg62-debuginfo-32bit-62.2.0-31.22.2
149376 - SuSE SLED 15 SP2 SUSE-SU-2020:2452-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14361, CVE-2020-14362
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2452-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007335.html
SuSE SLED 15 SP2 x86_64 xorg-x11-server-debuginfo-1.20.3-22.5.5.1 xorg-x11-server-wayland-1.20.3-22.5.5.1 xorg-x11-server-wayland-debuginfo-1.20.3-22.5.5.1 xorg-x11-server-debugsource-1.20.3-22.5.5.1
149377 - SuSE Linux 15.1 openSUSE-SU-2020:1384-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15670
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1384-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00070.html
SuSE Linux 15.1 x86_64 MozillaFirefox-translations-other-78.2.0-lp151.2.65.1 MozillaFirefox-debugsource-78.2.0-lp151.2.65.1 MozillaFirefox-devel-78.2.0-lp151.2.65.1 MozillaFirefox-translations-common-78.2.0-lp151.2.65.1 MozillaFirefox-buildsymbols-78.2.0-lp151.2.65.1 MozillaFirefox-branding-upstream-78.2.0-lp151.2.65.1 MozillaFirefox-78.2.0-lp151.2.65.1 MozillaFirefox-debuginfo-78.2.0-lp151.2.65.1
149378 - SuSE Linux 15.1 openSUSE-SU-2020:1332-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15103
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1332-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00021.html
SuSE Linux 15.1 x86_64 freerdp-debuginfo-2.1.2-lp151.5.9.1 freerdp-2.1.2-lp151.5.9.1 freerdp-devel-2.1.2-lp151.5.9.1 libfreerdp2-2.1.2-lp151.5.9.1 freerdp-proxy-2.1.2-lp151.5.9.1 uwac0-0-devel-2.1.2-lp151.5.9.1 libwinpr2-debuginfo-2.1.2-lp151.5.9.1 freerdp-proxy-debuginfo-2.1.2-lp151.5.9.1 libuwac0-0-2.1.2-lp151.5.9.1 libfreerdp2-debuginfo-2.1.2-lp151.5.9.1 freerdp-server-debuginfo-2.1.2-lp151.5.9.1 libwinpr2-2.1.2-lp151.5.9.1 freerdp-debugsource-2.1.2-lp151.5.9.1 freerdp-wayland-debuginfo-2.1.2-lp151.5.9.1 freerdp-server-2.1.2-lp151.5.9.1 libuwac0-0-debuginfo-2.1.2-lp151.5.9.1 freerdp-wayland-2.1.2-lp151.5.9.1 winpr2-devel-2.1.2-lp151.5.9.1
149379 - SuSE Linux 15.1 openSUSE-SU-2020:1374-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14361, CVE-2020-14362
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1374-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00049.html
SuSE Linux 15.1 x86_64 xorg-x11-server-wayland-1.20.3-lp151.4.6.1 xorg-x11-server-extra-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-debugsource-1.20.3-lp151.4.6.1 xorg-x11-server-extra-1.20.3-lp151.4.6.1 xorg-x11-server-wayland-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-sdk-1.20.3-lp151.4.6.1 xorg-x11-server-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-1.20.3-lp151.4.6.1 xorg-x11-server-source-1.20.3-lp151.4.6.1 i586 xorg-x11-server-wayland-1.20.3-lp151.4.6.1 xorg-x11-server-extra-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-debugsource-1.20.3-lp151.4.6.1 xorg-x11-server-extra-1.20.3-lp151.4.6.1 xorg-x11-server-wayland-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-sdk-1.20.3-lp151.4.6.1 xorg-x11-server-debuginfo-1.20.3-lp151.4.6.1 xorg-x11-server-1.20.3-lp151.4.6.1 xorg-x11-server-source-1.20.3-lp151.4.6.1
149380 - SuSE Linux 15.1 openSUSE-SU-2020:1383-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15669
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1383-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00071.html
SuSE Linux 15.1 x86_64 MozillaThunderbird-debuginfo-68.12.0-lp151.2.50.1 MozillaThunderbird-translations-common-68.12.0-lp151.2.50.1 MozillaThunderbird-translations-other-68.12.0-lp151.2.50.1 MozillaThunderbird-68.12.0-lp151.2.50.1 MozillaThunderbird-debugsource-68.12.0-lp151.2.50.1
149381 - SuSE Linux 15.1 openSUSE-SU-2020:1379-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14386
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1379-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00065.html
SuSE Linux 15.1 x86_64 kernel-default-4.12.14-lp151.28.67.2 kernel-default-debuginfo-4.12.14-lp151.28.67.2 kernel-debug-4.12.14-lp151.28.67.2 kernel-vanilla-debugsource-4.12.14-lp151.28.67.2 kernel-debug-devel-4.12.14-lp151.28.67.2 kernel-debug-base-debuginfo-4.12.14-lp151.28.67.2 kernel-vanilla-devel-4.12.14-lp151.28.67.2 kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.67.2 kernel-syms-4.12.14-lp151.28.67.1 kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.67.2 kernel-vanilla-base-debuginfo-4.12.14-lp151.28.67.2 kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.67.2 kernel-debug-base-4.12.14-lp151.28.67.2 kernel-kvmsmall-devel-4.12.14-lp151.28.67.2 kernel-obs-qa-4.12.14-lp151.28.67.2 kernel-kvmsmall-4.12.14-lp151.28.67.2 kernel-kvmsmall-debugsource-4.12.14-lp151.28.67.2 kernel-debug-devel-debuginfo-4.12.14-lp151.28.67.2 kernel-vanilla-4.12.14-lp151.28.67.2 kernel-kvmsmall-base-4.12.14-lp151.28.67.2 kernel-default-base-debuginfo-4.12.14-lp151.28.67.2 kernel-obs-build-4.12.14-lp151.28.67.2 kernel-default-base-4.12.14-lp151.28.67.2 kernel-debug-debugsource-4.12.14-lp151.28.67.2 kernel-vanilla-debuginfo-4.12.14-lp151.28.67.2 kernel-debug-debuginfo-4.12.14-lp151.28.67.2 kernel-default-devel-4.12.14-lp151.28.67.2 kernel-default-devel-debuginfo-4.12.14-lp151.28.67.2 kernel-vanilla-base-4.12.14-lp151.28.67.2 kernel-kvmsmall-debuginfo-4.12.14-lp151.28.67.2 kernel-obs-build-debugsource-4.12.14-lp151.28.67.2 kernel-default-debugsource-4.12.14-lp151.28.67.2 noarch kernel-source-vanilla-4.12.14-lp151.28.67.1 kernel-docs-4.12.14-lp151.28.67.3 kernel-docs-html-4.12.14-lp151.28.67.3 kernel-macros-4.12.14-lp151.28.67.1 kernel-source-4.12.14-lp151.28.67.1 kernel-devel-4.12.14-lp151.28.67.1
149382 - SuSE Linux 15.1 openSUSE-SU-2020:1354-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-7068
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1354-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00064.html
SuSE Linux 15.1 x86_64 php7-gettext-debuginfo-7.2.5-lp151.6.32.1 php7-xmlwriter-debuginfo-7.2.5-lp151.6.32.1 php7-xsl-7.2.5-lp151.6.32.1 php7-openssl-debuginfo-7.2.5-lp151.6.32.1 php7-readline-debuginfo-7.2.5-lp151.6.32.1 php7-firebird-debuginfo-7.2.5-lp151.6.32.1 php7-ctype-7.2.5-lp151.6.32.1 php7-json-debuginfo-7.2.5-lp151.6.32.1 php7-shmop-7.2.5-lp151.6.32.1 php7-pgsql-7.2.5-lp151.6.32.1 php7-sockets-debuginfo-7.2.5-lp151.6.32.1 php7-7.2.5-lp151.6.32.1 php7-sqlite-7.2.5-lp151.6.32.1 php7-intl-debuginfo-7.2.5-lp151.6.32.1 php7-bz2-7.2.5-lp151.6.32.1 php7-ctype-debuginfo-7.2.5-lp151.6.32.1 php7-sysvsem-7.2.5-lp151.6.32.1 php7-gd-7.2.5-lp151.6.32.1 php7-ldap-7.2.5-lp151.6.32.1 php7-wddx-7.2.5-lp151.6.32.1 php7-bcmath-7.2.5-lp151.6.32.1 php7-fastcgi-7.2.5-lp151.6.32.1 php7-dba-7.2.5-lp151.6.32.1 php7-ftp-debuginfo-7.2.5-lp151.6.32.1 php7-tokenizer-7.2.5-lp151.6.32.1 php7-phar-7.2.5-lp151.6.32.1 php7-snmp-debuginfo-7.2.5-lp151.6.32.1 php7-zip-7.2.5-lp151.6.32.1 php7-sysvshm-debuginfo-7.2.5-lp151.6.32.1 php7-iconv-debuginfo-7.2.5-lp151.6.32.1 php7-bcmath-debuginfo-7.2.5-lp151.6.32.1 php7-mbstring-debuginfo-7.2.5-lp151.6.32.1 php7-tidy-debuginfo-7.2.5-lp151.6.32.1 php7-dba-debuginfo-7.2.5-lp151.6.32.1 php7-gettext-7.2.5-lp151.6.32.1 php7-sysvshm-7.2.5-lp151.6.32.1 php7-zlib-debuginfo-7.2.5-lp151.6.32.1 php7-pdo-debuginfo-7.2.5-lp151.6.32.1 php7-soap-debuginfo-7.2.5-lp151.6.32.1 php7-xmlrpc-7.2.5-lp151.6.32.1 php7-embed-debuginfo-7.2.5-lp151.6.32.1 php7-mysql-debuginfo-7.2.5-lp151.6.32.1 php7-opcache-debuginfo-7.2.5-lp151.6.32.1 php7-tokenizer-debuginfo-7.2.5-lp151.6.32.1 apache2-mod_php7-7.2.5-lp151.6.32.1 php7-debuginfo-7.2.5-lp151.6.32.1 php7-snmp-7.2.5-lp151.6.32.1 php7-pgsql-debuginfo-7.2.5-lp151.6.32.1 php7-shmop-debuginfo-7.2.5-lp151.6.32.1 php7-mbstring-7.2.5-lp151.6.32.1 php7-xmlwriter-7.2.5-lp151.6.32.1 php7-fastcgi-debuginfo-7.2.5-lp151.6.32.1 php7-embed-7.2.5-lp151.6.32.1 php7-curl-debuginfo-7.2.5-lp151.6.32.1 php7-pcntl-debuginfo-7.2.5-lp151.6.32.1 php7-calendar-7.2.5-lp151.6.32.1 apache2-mod_php7-debuginfo-7.2.5-lp151.6.32.1 php7-sockets-7.2.5-lp151.6.32.1 php7-sysvmsg-7.2.5-lp151.6.32.1 php7-odbc-7.2.5-lp151.6.32.1 php7-curl-7.2.5-lp151.6.32.1 php7-fileinfo-7.2.5-lp151.6.32.1 php7-posix-debuginfo-7.2.5-lp151.6.32.1 php7-pdo-7.2.5-lp151.6.32.1 php7-phar-debuginfo-7.2.5-lp151.6.32.1 php7-openssl-7.2.5-lp151.6.32.1 php7-fpm-debuginfo-7.2.5-lp151.6.32.1 php7-dom-7.2.5-lp151.6.32.1 php7-firebird-7.2.5-lp151.6.32.1 php7-posix-7.2.5-lp151.6.32.1 php7-odbc-debuginfo-7.2.5-lp151.6.32.1 php7-gmp-7.2.5-lp151.6.32.1 php7-xmlreader-debuginfo-7.2.5-lp151.6.32.1 php7-mysql-7.2.5-lp151.6.32.1 php7-calendar-debuginfo-7.2.5-lp151.6.32.1 php7-zlib-7.2.5-lp151.6.32.1 php7-iconv-7.2.5-lp151.6.32.1 php7-sqlite-debuginfo-7.2.5-lp151.6.32.1 php7-fpm-7.2.5-lp151.6.32.1 php7-tidy-7.2.5-lp151.6.32.1 php7-dom-debuginfo-7.2.5-lp151.6.32.1 php7-pcntl-7.2.5-lp151.6.32.1 php7-opcache-7.2.5-lp151.6.32.1 php7-debugsource-7.2.5-lp151.6.32.1 php7-bz2-debuginfo-7.2.5-lp151.6.32.1 php7-exif-debuginfo-7.2.5-lp151.6.32.1 php7-sysvsem-debuginfo-7.2.5-lp151.6.32.1 php7-json-7.2.5-lp151.6.32.1 php7-ftp-7.2.5-lp151.6.32.1 php7-xmlrpc-debuginfo-7.2.5-lp151.6.32.1 php7-zip-debuginfo-7.2.5-lp151.6.32.1 php7-readline-7.2.5-lp151.6.32.1 php7-enchant-7.2.5-lp151.6.32.1 php7-exif-7.2.5-lp151.6.32.1 php7-gd-debuginfo-7.2.5-lp151.6.32.1 php7-enchant-debuginfo-7.2.5-lp151.6.32.1 php7-gmp-debuginfo-7.2.5-lp151.6.32.1 php7-xmlreader-7.2.5-lp151.6.32.1 php7-intl-7.2.5-lp151.6.32.1 php7-sodium-debuginfo-7.2.5-lp151.6.32.1 php7-sodium-7.2.5-lp151.6.32.1 php7-xsl-debuginfo-7.2.5-lp151.6.32.1 php7-sysvmsg-debuginfo-7.2.5-lp151.6.32.1 php7-soap-7.2.5-lp151.6.32.1 php7-fileinfo-debuginfo-7.2.5-lp151.6.32.1 php7-ldap-debuginfo-7.2.5-lp151.6.32.1 php7-wddx-debuginfo-7.2.5-lp151.6.32.1 php7-test-7.2.5-lp151.6.32.1 php7-devel-7.2.5-lp151.6.32.1 noarch php7-pear-Archive_Tar-7.2.5-lp151.6.32.1 php7-pear-7.2.5-lp151.6.32.1
149383 - SuSE SLES 12 SP5 SUSE-SU-2020:2444-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-8231
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2444-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007328.html
SuSE SLES 12 SP5 x86_64 libcurl4-debuginfo-7.60.0-11.6.1 libcurl4-32bit-7.60.0-11.6.1 curl-7.60.0-11.6.1 curl-debuginfo-7.60.0-11.6.1 libcurl4-7.60.0-11.6.1 curl-debugsource-7.60.0-11.6.1 libcurl4-debuginfo-32bit-7.60.0-11.6.1
149384 - SuSE Linux 15.2 openSUSE-SU-2020:1376-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14361, CVE-2020-14362 Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1376-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00050.html
SuSE Linux 15.2 x86_64 xorg-x11-server-extra-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-1.20.3-lp152.8.6.1 xorg-x11-server-debugsource-1.20.3-lp152.8.6.1 xorg-x11-server-wayland-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-sdk-1.20.3-lp152.8.6.1 xorg-x11-server-extra-1.20.3-lp152.8.6.1 xorg-x11-server-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-source-1.20.3-lp152.8.6.1 xorg-x11-server-wayland-1.20.3-lp152.8.6.1 i586 xorg-x11-server-extra-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-1.20.3-lp152.8.6.1 xorg-x11-server-debugsource-1.20.3-lp152.8.6.1 xorg-x11-server-wayland-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-sdk-1.20.3-lp152.8.6.1 xorg-x11-server-extra-1.20.3-lp152.8.6.1 xorg-x11-server-debuginfo-1.20.3-lp152.8.6.1 xorg-x11-server-source-1.20.3-lp152.8.6.1 xorg-x11-server-wayland-1.20.3-lp152.8.6.1
149385 - SuSE Linux 15.2 openSUSE-SU-2020:1359-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-8231
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1359-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00052.html
SuSE Linux 15.2 x86_64 curl-7.66.0-lp152.3.6.1 libcurl4-32bit-debuginfo-7.66.0-lp152.3.6.1 curl-debugsource-7.66.0-lp152.3.6.1 curl-debuginfo-7.66.0-lp152.3.6.1 libcurl-devel-7.66.0-lp152.3.6.1 libcurl4-debuginfo-7.66.0-lp152.3.6.1 libcurl4-32bit-7.66.0-lp152.3.6.1 libcurl-devel-32bit-7.66.0-lp152.3.6.1 libcurl4-7.66.0-lp152.3.6.1 i586 curl-7.66.0-lp152.3.6.1 curl-debugsource-7.66.0-lp152.3.6.1 curl-debuginfo-7.66.0-lp152.3.6.1 libcurl-devel-7.66.0-lp152.3.6.1 libcurl4-debuginfo-7.66.0-lp152.3.6.1 libcurl4-7.66.0-lp152.3.6.1
149386 - SuSE Linux 15.2 openSUSE-SU-2020:1407-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14039, CVE-2020-15586, CVE-2020-16845
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1407-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00093.html
SuSE Linux 15.2 x86_64 go1.14-race-1.14.7-lp152.2.3.1 go1.14-doc-1.14.7-lp152.2.3.1 go1.14-1.14.7-lp152.2.3.1
149387 - SuSE Linux 15.2 openSUSE-SU-2020:1356-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-7068
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1356-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00053.html
SuSE Linux 15.2 x86_64 php7-xmlrpc-debuginfo-7.4.6-lp152.2.6.1 php7-calendar-debuginfo-7.4.6-lp152.2.6.1 php7-ctype-7.4.6-lp152.2.6.1 php7-sysvsem-debuginfo-7.4.6-lp152.2.6.1 php7-gd-7.4.6-lp152.2.6.1 php7-sockets-debuginfo-7.4.6-lp152.2.6.1 php7-fileinfo-7.4.6-lp152.2.6.1 php7-sodium-debuginfo-7.4.6-lp152.2.6.1 php7-calendar-7.4.6-lp152.2.6.1 php7-sysvsem-7.4.6-lp152.2.6.1 php7-mbstring-debuginfo-7.4.6-lp152.2.6.1 php7-json-debuginfo-7.4.6-lp152.2.6.1 php7-mbstring-7.4.6-lp152.2.6.1 php7-fastcgi-debuginfo-7.4.6-lp152.2.6.1 php7-mysql-7.4.6-lp152.2.6.1 php7-exif-7.4.6-lp152.2.6.1 php7-iconv-7.4.6-lp152.2.6.1 php7-curl-7.4.6-lp152.2.6.1 php7-opcache-debuginfo-7.4.6-lp152.2.6.1 php7-shmop-7.4.6-lp152.2.6.1 php7-snmp-7.4.6-lp152.2.6.1 php7-bz2-debuginfo-7.4.6-lp152.2.6.1 php7-sysvmsg-debuginfo-7.4.6-lp152.2.6.1 php7-embed-debuginfo-7.4.6-lp152.2.6.1 php7-zlib-debuginfo-7.4.6-lp152.2.6.1 php7-phar-7.4.6-lp152.2.6.1 php7-gmp-7.4.6-lp152.2.6.1 php7-devel-7.4.6-lp152.2.6.1 php7-ctype-debuginfo-7.4.6-lp152.2.6.1 php7-zip-debuginfo-7.4.6-lp152.2.6.1 php7-soap-debuginfo-7.4.6-lp152.2.6.1 php7-fpm-7.4.6-lp152.2.6.1 php7-pdo-7.4.6-lp152.2.6.1 php7-firebird-7.4.6-lp152.2.6.1 php7-mysql-debuginfo-7.4.6-lp152.2.6.1 php7-bcmath-7.4.6-lp152.2.6.1 php7-sodium-7.4.6-lp152.2.6.1 php7-posix-7.4.6-lp152.2.6.1 php7-snmp-debuginfo-7.4.6-lp152.2.6.1 php7-gd-debuginfo-7.4.6-lp152.2.6.1 php7-curl-debuginfo-7.4.6-lp152.2.6.1 apache2-mod_php7-debuginfo-7.4.6-lp152.2.6.1 php7-sqlite-debuginfo-7.4.6-lp152.2.6.1 php7-sockets-7.4.6-lp152.2.6.1 php7-odbc-7.4.6-lp152.2.6.1 php7-pcntl-7.4.6-lp152.2.6.1 php7-pgsql-debuginfo-7.4.6-lp152.2.6.1 php7-xmlreader-debuginfo-7.4.6-lp152.2.6.1 php7-sysvshm-7.4.6-lp152.2.6.1 php7-tokenizer-7.4.6-lp152.2.6.1 php7-pgsql-7.4.6-lp152.2.6.1 php7-iconv-debuginfo-7.4.6-lp152.2.6.1 php7-ftp-7.4.6-lp152.2.6.1 php7-fileinfo-debuginfo-7.4.6-lp152.2.6.1 php7-readline-debuginfo-7.4.6-lp152.2.6.1 php7-bcmath-debuginfo-7.4.6-lp152.2.6.1 php7-dba-debuginfo-7.4.6-lp152.2.6.1 php7-xmlreader-7.4.6-lp152.2.6.1 php7-pcntl-debuginfo-7.4.6-lp152.2.6.1 php7-readline-7.4.6-lp152.2.6.1 php7-ldap-debuginfo-7.4.6-lp152.2.6.1 php7-dba-7.4.6-lp152.2.6.1 php7-shmop-debuginfo-7.4.6-lp152.2.6.1 php7-tidy-7.4.6-lp152.2.6.1 apache2-mod_php7-7.4.6-lp152.2.6.1 php7-soap-7.4.6-lp152.2.6.1 php7-gettext-debuginfo-7.4.6-lp152.2.6.1 php7-xsl-7.4.6-lp152.2.6.1 php7-sysvshm-debuginfo-7.4.6-lp152.2.6.1 php7-openssl-7.4.6-lp152.2.6.1 php7-firebird-debuginfo-7.4.6-lp152.2.6.1 php7-xmlwriter-7.4.6-lp152.2.6.1 php7-odbc-debuginfo-7.4.6-lp152.2.6.1 php7-intl-7.4.6-lp152.2.6.1 php7-test-7.4.6-lp152.2.6.1 php7-fpm-debuginfo-7.4.6-lp152.2.6.1 php7-fastcgi-7.4.6-lp152.2.6.1 php7-json-7.4.6-lp152.2.6.1 php7-intl-debuginfo-7.4.6-lp152.2.6.1 php7-ldap-7.4.6-lp152.2.6.1 php7-xsl-debuginfo-7.4.6-lp152.2.6.1 php7-debuginfo-7.4.6-lp152.2.6.1 php7-opcache-7.4.6-lp152.2.6.1 php7-zlib-7.4.6-lp152.2.6.1 php7-dom-7.4.6-lp152.2.6.1 php7-exif-debuginfo-7.4.6-lp152.2.6.1 php7-gettext-7.4.6-lp152.2.6.1 php7-ftp-debuginfo-7.4.6-lp152.2.6.1 php7-xmlrpc-7.4.6-lp152.2.6.1 php7-tidy-debuginfo-7.4.6-lp152.2.6.1 php7-posix-debuginfo-7.4.6-lp152.2.6.1 php7-xmlwriter-debuginfo-7.4.6-lp152.2.6.1 php7-pdo-debuginfo-7.4.6-lp152.2.6.1 php7-sysvmsg-7.4.6-lp152.2.6.1 php7-tokenizer-debuginfo-7.4.6-lp152.2.6.1 php7-openssl-debuginfo-7.4.6-lp152.2.6.1 php7-bz2-7.4.6-lp152.2.6.1 php7-embed-7.4.6-lp152.2.6.1 php7-zip-7.4.6-lp152.2.6.1 php7-enchant-7.4.6-lp152.2.6.1 php7-sqlite-7.4.6-lp152.2.6.1 php7-phar-debuginfo-7.4.6-lp152.2.6.1 php7-enchant-debuginfo-7.4.6-lp152.2.6.1 php7-7.4.6-lp152.2.6.1 php7-gmp-debuginfo-7.4.6-lp152.2.6.1 php7-dom-debuginfo-7.4.6-lp152.2.6.1 php7-debugsource-7.4.6-lp152.2.6.1 i586 php7-xmlrpc-debuginfo-7.4.6-lp152.2.6.1 php7-calendar-debuginfo-7.4.6-lp152.2.6.1 php7-ctype-7.4.6-lp152.2.6.1 php7-sysvsem-debuginfo-7.4.6-lp152.2.6.1 php7-gd-7.4.6-lp152.2.6.1 php7-sockets-debuginfo-7.4.6-lp152.2.6.1 php7-fileinfo-7.4.6-lp152.2.6.1 php7-sodium-debuginfo-7.4.6-lp152.2.6.1 php7-calendar-7.4.6-lp152.2.6.1 php7-sysvsem-7.4.6-lp152.2.6.1 php7-mbstring-debuginfo-7.4.6-lp152.2.6.1 php7-json-debuginfo-7.4.6-lp152.2.6.1 php7-mbstring-7.4.6-lp152.2.6.1 php7-fastcgi-debuginfo-7.4.6-lp152.2.6.1 php7-mysql-7.4.6-lp152.2.6.1 php7-exif-7.4.6-lp152.2.6.1 php7-iconv-7.4.6-lp152.2.6.1 php7-curl-7.4.6-lp152.2.6.1 php7-opcache-debuginfo-7.4.6-lp152.2.6.1 php7-shmop-7.4.6-lp152.2.6.1 php7-snmp-7.4.6-lp152.2.6.1 php7-bz2-debuginfo-7.4.6-lp152.2.6.1 php7-sysvmsg-debuginfo-7.4.6-lp152.2.6.1 php7-embed-debuginfo-7.4.6-lp152.2.6.1 php7-zlib-debuginfo-7.4.6-lp152.2.6.1 php7-phar-7.4.6-lp152.2.6.1 php7-gmp-7.4.6-lp152.2.6.1 php7-devel-7.4.6-lp152.2.6.1 php7-ctype-debuginfo-7.4.6-lp152.2.6.1 php7-zip-debuginfo-7.4.6-lp152.2.6.1 php7-soap-debuginfo-7.4.6-lp152.2.6.1 php7-fpm-7.4.6-lp152.2.6.1 php7-pdo-7.4.6-lp152.2.6.1 php7-firebird-7.4.6-lp152.2.6.1 php7-mysql-debuginfo-7.4.6-lp152.2.6.1 php7-bcmath-7.4.6-lp152.2.6.1 php7-sodium-7.4.6-lp152.2.6.1 php7-posix-7.4.6-lp152.2.6.1 php7-snmp-debuginfo-7.4.6-lp152.2.6.1 php7-gd-debuginfo-7.4.6-lp152.2.6.1 php7-curl-debuginfo-7.4.6-lp152.2.6.1 apache2-mod_php7-debuginfo-7.4.6-lp152.2.6.1 php7-sqlite-debuginfo-7.4.6-lp152.2.6.1 php7-sockets-7.4.6-lp152.2.6.1 php7-odbc-7.4.6-lp152.2.6.1 php7-pcntl-7.4.6-lp152.2.6.1 php7-pgsql-debuginfo-7.4.6-lp152.2.6.1 php7-xmlreader-debuginfo-7.4.6-lp152.2.6.1 php7-sysvshm-7.4.6-lp152.2.6.1 php7-tokenizer-7.4.6-lp152.2.6.1 php7-pgsql-7.4.6-lp152.2.6.1 php7-iconv-debuginfo-7.4.6-lp152.2.6.1 php7-ftp-7.4.6-lp152.2.6.1 php7-fileinfo-debuginfo-7.4.6-lp152.2.6.1 php7-readline-debuginfo-7.4.6-lp152.2.6.1 php7-bcmath-debuginfo-7.4.6-lp152.2.6.1 php7-dba-debuginfo-7.4.6-lp152.2.6.1 php7-xmlreader-7.4.6-lp152.2.6.1 php7-pcntl-debuginfo-7.4.6-lp152.2.6.1 php7-readline-7.4.6-lp152.2.6.1 php7-ldap-debuginfo-7.4.6-lp152.2.6.1 php7-dba-7.4.6-lp152.2.6.1 php7-shmop-debuginfo-7.4.6-lp152.2.6.1 php7-tidy-7.4.6-lp152.2.6.1 apache2-mod_php7-7.4.6-lp152.2.6.1 php7-soap-7.4.6-lp152.2.6.1 php7-gettext-debuginfo-7.4.6-lp152.2.6.1 php7-xsl-7.4.6-lp152.2.6.1 php7-sysvshm-debuginfo-7.4.6-lp152.2.6.1 php7-openssl-7.4.6-lp152.2.6.1 php7-firebird-debuginfo-7.4.6-lp152.2.6.1 php7-xmlwriter-7.4.6-lp152.2.6.1 php7-odbc-debuginfo-7.4.6-lp152.2.6.1 php7-intl-7.4.6-lp152.2.6.1 php7-test-7.4.6-lp152.2.6.1 php7-fpm-debuginfo-7.4.6-lp152.2.6.1 php7-fastcgi-7.4.6-lp152.2.6.1 php7-json-7.4.6-lp152.2.6.1 php7-intl-debuginfo-7.4.6-lp152.2.6.1 php7-ldap-7.4.6-lp152.2.6.1 php7-xsl-debuginfo-7.4.6-lp152.2.6.1 php7-debuginfo-7.4.6-lp152.2.6.1 php7-opcache-7.4.6-lp152.2.6.1 php7-zlib-7.4.6-lp152.2.6.1 php7-dom-7.4.6-lp152.2.6.1 php7-exif-debuginfo-7.4.6-lp152.2.6.1 php7-gettext-7.4.6-lp152.2.6.1 php7-ftp-debuginfo-7.4.6-lp152.2.6.1 php7-xmlrpc-7.4.6-lp152.2.6.1 php7-tidy-debuginfo-7.4.6-lp152.2.6.1 php7-posix-debuginfo-7.4.6-lp152.2.6.1
149388 - SuSE SLES 12 SP5 SUSE-SU-2020:2609-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-19956, CVE-2019-20388, CVE-2020-24977, CVE-2020-7595
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2609-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007409.html
SuSE SLES 12 SP5 noarch libxml2-doc-2.9.4-46.34.1 x86_64 libxml2-2-debuginfo-2.9.4-46.34.1 python-libxml2-debugsource-2.9.4-46.34.1 libxml2-tools-debuginfo-2.9.4-46.34.1 libxml2-2-debuginfo-32bit-2.9.4-46.34.1 libxml2-2-32bit-2.9.4-46.34.1 libxml2-debugsource-2.9.4-46.34.1 python-libxml2-2.9.4-46.34.1 libxml2-tools-2.9.4-46.34.1 python-libxml2-debuginfo-2.9.4-46.34.1 libxml2-2-2.9.4-46.34.1
149390 - SuSE Linux 15.2 openSUSE-SU-2020:1391-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15670
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1391-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00079.html
SuSE Linux 15.2 x86_64 MozillaFirefox-branding-upstream-78.2.0-lp152.2.18.1 MozillaFirefox-debugsource-78.2.0-lp152.2.18.1 MozillaFirefox-translations-common-78.2.0-lp152.2.18.1 MozillaFirefox-buildsymbols-78.2.0-lp152.2.18.1 MozillaFirefox-debuginfo-78.2.0-lp152.2.18.1 MozillaFirefox-78.2.0-lp152.2.18.1 MozillaFirefox-devel-78.2.0-lp152.2.18.1 MozillaFirefox-translations-other-78.2.0-lp152.2.18.1
149392 - SuSE Linux 15.1, 15.2 openSUSE-SU-2020:1393-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-25032
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1393-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00080.html
SuSE Linux 15.2 noarch python2-Flask-Cors-3.0.8-lp152.2.3.1 python3-Flask-Cors-3.0.8-lp152.2.3.1
SuSE Linux 15.1 noarch python2-Flask-Cors-3.0.7-lp151.2.3.1 python3-Flask-Cors-3.0.7-lp151.2.3.1
149395 - SuSE Linux 15.2 openSUSE-SU-2020:1392-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15663, CVE-2020-15664, CVE-2020-15669
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1392-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00078.html
SuSE Linux 15.2 x86_64 MozillaThunderbird-debuginfo-68.12.0-lp152.2.10.1 MozillaThunderbird-debugsource-68.12.0-lp152.2.10.1 MozillaThunderbird-translations-common-68.12.0-lp152.2.10.1 MozillaThunderbird-68.12.0-lp152.2.10.1 MozillaThunderbird-translations-other-68.12.0-lp152.2.10.1
160775 - CentOS 7 CESA-2020-3631 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2020-15664, CVE-2020-15669
Description The scan detected that the host is missing the following update: CESA-2020-3631
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-September/035808.html
CentOS 7 x86_64 thunderbird-68.12.0-1.el7.centos
160776 - CentOS 7 CESA-2020-3617 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
Description The scan detected that the host is missing the following update: CESA-2020-3617
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-September/035809.html
CentOS 7 x86_64 dovecot-pigeonhole-2.2.36-6.el7_8.1 dovecot-devel-2.2.36-6.el7_8.1 dovecot-2.2.36-6.el7_8.1 dovecot-mysql-2.2.36-6.el7_8.1 dovecot-pgsql-2.2.36-6.el7_8.1 i686 dovecot-2.2.36-6.el7_8.1
160777 - CentOS 6 CESA-2020-3643 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2020-15664, CVE-2020-15669
Description The scan detected that the host is missing the following update: CESA-2020-3643
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-September/035807.html
CentOS 6 x86_64 thunderbird-68.12.0-1.el6.centos i686 thunderbird-68.12.0-1.el6.centos
164327 - Oracle Enterprise Linux ELSA-2020-3714 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-9490
Description The scan detected that the host is missing the following update: ELSA-2020-3714
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010292.html
OEL8 x86_64 httpd-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb mod_session-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb mod_proxy_html-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb mod_http2-1.11.3-3.module+el8.2.0+7789+dac765eb.1 mod_ssl-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb httpd-manual-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb httpd-devel-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb httpd-filesystem-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb mod_md-2.0.8-7.module+el8.2.0+5576+c083ffcb httpd-tools-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb mod_ldap-2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb
164329 - Oracle Enterprise Linux ELSA-2020-3556 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15664, CVE-2020-15669
Description The scan detected that the host is missing the following update: ELSA-2020-3556
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010270.html
OEL7 x86_64 firefox-68.12.0-1.0.1.el7_8
164330 - Oracle Enterprise Linux ELSA-2020-3643 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15664, CVE-2020-15669
Description The scan detected that the host is missing the following update: ELSA-2020-3643
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010272.html
OEL6 x86_64 thunderbird-68.12.0-1.0.1.el6_10 i386 thunderbird-68.12.0-1.0.1.el6_10
164332 - Oracle Enterprise Linux ELSA-2020-5837 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-16644, CVE-2019-10638, CVE-2019-10639, CVE-2019-19049, CVE-2019-19062, CVE-2019-19535, CVE-2019- 20811, CVE-2020-10732
Description The scan detected that the host is missing the following update: ELSA-2020-5837
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010265.html http://oss.oracle.com/pipermail/el-errata/2020-September/010266.html
OEL7 x86_64 kernel-uek-devel-4.1.12-124.42.3.el7uek kernel-uek-doc-4.1.12-124.42.3.el7uek kernel-uek-4.1.12-124.42.3.el7uek kernel-uek-debug-4.1.12-124.42.3.el7uek kernel-uek-debug-devel-4.1.12-124.42.3.el7uek kernel-uek-firmware-4.1.12-124.42.3.el7uek
OEL6 x86_64 kernel-uek-doc-4.1.12-124.42.3.el6uek kernel-uek-debug-devel-4.1.12-124.42.3.el6uek kernel-uek-debug-4.1.12-124.42.3.el6uek kernel-uek-firmware-4.1.12-124.42.3.el6uek kernel-uek-devel-4.1.12-124.42.3.el6uek kernel-uek-4.1.12-124.42.3.el6uek
164333 - Oracle Enterprise Linux ELSA-2020-3713 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
Description The scan detected that the host is missing the following update: ELSA-2020-3713
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010295.html
OEL8 x86_64 dovecot-pigeonhole-2.3.8-2.el8_2.2 dovecot-devel-2.3.8-2.el8_2.2 dovecot-pgsql-2.3.8-2.el8_2.2 dovecot-mysql-2.3.8-2.el8_2.2 dovecot-2.3.8-2.el8_2.2
164334 - Oracle Enterprise Linux ELSA-2020-3617 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-12100, CVE-2020-12673, CVE-2020-12674
Description The scan detected that the host is missing the following update: ELSA-2020-3617
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010260.html
OEL7 x86_64 dovecot-pigeonhole-2.2.36-6.el7_8.1 dovecot-devel-2.2.36-6.el7_8.1 dovecot-2.2.36-6.el7_8.1 dovecot-mysql-2.2.36-6.el7_8.1 dovecot-pgsql-2.2.36-6.el7_8.1
164335 - Oracle Enterprise Linux ELSA-2020-5845 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2018-14613, CVE-2018-16884, CVE-2019-10638, CVE-2019-10639, CVE-2019-11487, CVE-2019-14898, CVE-2019- 15218, CVE-2019-16746, CVE-2019-17075, CVE-2019-17133, CVE-2019-18885, CVE-2019-19052, CVE-2019-19063, CVE-2019- 19066, CVE-2019-19073, CVE-2019-19074, CVE-2019-19078, CVE-2019-19535, CVE-2019-19922, CVE-2019-20812, CVE-2019- 3874, CVE-2019-3900, CVE-2019-5108, CVE-2020-10751, CVE-2020-10767, CVE-2020-10769, CVE-2020-10781, CVE-2020-12114, CVE-2020-12771, CVE-2020-14331, CVE-2020-16166, CVE-2020-24394
Description The scan detected that the host is missing the following update: ELSA-2020-5845
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010298.html
OEL7 x86_64 kernel-uek-debug-4.14.35-1902.306.2.el7uek kernel-uek-doc-4.14.35-1902.306.2.el7uek kernel-uek-debug-devel-4.14.35-1902.306.2.el7uek kernel-uek-4.14.35-1902.306.2.el7uek kernel-uek-tools-4.14.35-1902.306.2.el7uek kernel-uek-devel-4.14.35-1902.306.2.el7uek
164336 - Oracle Enterprise Linux ELSA-2020-3634 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15664, CVE-2020-15669 Description The scan detected that the host is missing the following update: ELSA-2020-3634
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010269.html
OEL8 x86_64 thunderbird-68.12.0-1.0.1.el8_2
164339 - Oracle Enterprise Linux ELSA-2020-3699 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-1045
Description The scan detected that the host is missing the following update: ELSA-2020-3699
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010294.html
OEL8 x86_64 aspnetcore-runtime-3.1-3.1.8-2.0.1.el8_2 dotnet-targeting-pack-3.1-3.1.8-2.0.1.el8_2 dotnet-templates-3.1-3.1.108-2.0.1.el8_2 aspnetcore-targeting-pack-3.1-3.1.8-2.0.1.el8_2 netstandard-targeting-pack-2.1-3.1.108-2.0.1.el8_2 dotnet-host-3.1.8-2.0.1.el8_2 dotnet-hostfxr-3.1-3.1.8-2.0.1.el8_2 dotnet-runtime-3.1-3.1.8-2.0.1.el8_2 dotnet-sdk-3.1-3.1.108-2.0.1.el8_2 dotnet-3.1.108-2.0.1.el8_2 dotnet-apphost-pack-3.1-3.1.8-2.0.1.el8_2
164340 - Oracle Enterprise Linux ELSA-2020-3658 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-14352
Description The scan detected that the host is missing the following update: ELSA-2020-3658
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010281.html
OEL8 x86_64 python3-librepo-1.11.0-3.el8_2 librepo-1.11.0-3.el8_2
27108 - (MSPT-Sep2020) Microsoft Windows COM Privilege Escalation (CVE-2020-1507)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1507
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the COM component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27114 - (MSPT-Sep2020) Microsoft Windows TLS Information Disclosure (CVE-2020-1596)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1596
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the TLS component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27115 - (MSPT-Sep2020) Microsoft Windows UPnP Privilege Escalation (CVE-2020-1598)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1598
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the UPnP component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27153 - (MSPT-Sep2020) Microsoft SharePoint Server Tampering Vulnerability (CVE-2020-1440)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1440
Description A vulnerability in some versions of Microsoft SharePoint Server could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to information disclosure.
The flaw lies in improperly handle profile data. Successful exploitation could allow a local user to disclose sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27158 - (MSPT-Sep2020) Microsoft Windows SharePoint Remote Code Execution Vulnerability (CVE-2020-1576)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1576
Description A vulnerability in some versions of Microsoft Windows could lead to Remote Code Execution.
Observation A vulnerability in some versions of Microsoft Windows could lead to Remote Code Execution.
The flaw lies in the SharePoint component. Successful exploitation could allow an attacker to execute remote code. The exploit requires the attacker to have valid credentials to the vulnerable system.
149358 - SuSE Linux 15.1 openSUSE-SU-2020:1420-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-17789
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1420-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00108.html SuSE Linux 15.1 i586 libgimp-2_0-0-2.8.22-lp151.5.3.1 libgimp-2_0-0-debuginfo-2.8.22-lp151.5.3.1 gimp-2.8.22-lp151.5.3.1 gimp-plugin-aa-debuginfo-2.8.22-lp151.5.3.1 gimp-debuginfo-2.8.22-lp151.5.3.1 gimp-plugins-python-2.8.22-lp151.5.3.1 gimp-debugsource-2.8.22-lp151.5.3.1 gimp-plugins-python-debuginfo-2.8.22-lp151.5.3.1 libgimpui-2_0-0-debuginfo-2.8.22-lp151.5.3.1 libgimpui-2_0-0-2.8.22-lp151.5.3.1 gimp-plugin-aa-2.8.22-lp151.5.3.1 gimp-devel-2.8.22-lp151.5.3.1 gimp-devel-debuginfo-2.8.22-lp151.5.3.1 noarch gimp-lang-2.8.22-lp151.5.3.1 x86_64 libgimp-2_0-0-2.8.22-lp151.5.3.1 libgimpui-2_0-0-32bit-2.8.22-lp151.5.3.1 libgimp-2_0-0-32bit-2.8.22-lp151.5.3.1 libgimp-2_0-0-debuginfo-2.8.22-lp151.5.3.1 gimp-2.8.22-lp151.5.3.1 gimp-plugin-aa-debuginfo-2.8.22-lp151.5.3.1 gimp-debuginfo-2.8.22-lp151.5.3.1 libgimp-2_0-0-32bit-debuginfo-2.8.22-lp151.5.3.1 gimp-plugins-python-2.8.22-lp151.5.3.1 gimp-debugsource-2.8.22-lp151.5.3.1 gimp-plugins-python-debuginfo-2.8.22-lp151.5.3.1 libgimpui-2_0-0-debuginfo-2.8.22-lp151.5.3.1 libgimpui-2_0-0-32bit-debuginfo-2.8.22-lp151.5.3.1 libgimpui-2_0-0-2.8.22-lp151.5.3.1 gimp-plugin-aa-2.8.22-lp151.5.3.1 gimp-devel-2.8.22-lp151.5.3.1 gimp-devel-debuginfo-2.8.22-lp151.5.3.1
149391 - SuSE SLED 15 SP1 SUSE-SU-2020:2604-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-17789
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2604-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007400.html
SuSE SLED 15 SP1 x86_64 libgimpui-2_0-0-debuginfo-2.8.22-5.3.1 gimp-debuginfo-2.8.22-5.3.1 gimp-debugsource-2.8.22-5.3.1 libgimp-2_0-0-debuginfo-2.8.22-5.3.1 gimp-devel-debuginfo-2.8.22-5.3.1 gimp-devel-2.8.22-5.3.1 libgimp-2_0-0-2.8.22-5.3.1 gimp-plugins-python-debuginfo-2.8.22-5.3.1 libgimpui-2_0-0-2.8.22-5.3.1 gimp-plugins-python-2.8.22-5.3.1 gimp-2.8.22-5.3.1 noarch gimp-lang-2.8.22-5.3.1
149396 - SuSE SLED 12 SP5 SUSE-SU-2020:2603-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-17789
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2603-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007398.html
SuSE SLED 12 SP5 x86_64 libgimp-2_0-0-2.8.18-9.12.1 gimp-debuginfo-2.8.18-9.12.1 libgimp-2_0-0-debuginfo-2.8.18-9.12.1 gimp-debugsource-2.8.18-9.12.1 gimp-plugins-python-2.8.18-9.12.1 libgimpui-2_0-0-2.8.18-9.12.1 gimp-2.8.18-9.12.1 libgimpui-2_0-0-debuginfo-2.8.18-9.12.1 gimp-plugins-python-debuginfo-2.8.18-9.12.1 noarch gimp-lang-2.8.18-9.12.1
164326 - Oracle Enterprise Linux ELSA-2020-5841 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-16884, CVE-2019-20812, CVE-2020-14331
Description The scan detected that the host is missing the following update: ELSA-2020-5841
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010297.html http://oss.oracle.com/pipermail/el-errata/2020-September/010296.html
OEL7 x86_64 kernel-uek-3.8.13-118.49.1.el7uek kernel-uek-devel-3.8.13-118.49.1.el7uek kernel-uek-firmware-3.8.13-118.49.1.el7uek kernel-uek-doc-3.8.13-118.49.1.el7uek kernel-uek-debug-devel-3.8.13-118.49.1.el7uek kernel-uek-debug-3.8.13-118.49.1.el7uek dtrace-modules-3.8.13-118.49.1.el7uek-0.4.5-3.el7
OEL6 x86_64 kernel-uek-firmware-3.8.13-118.49.1.el6uek kernel-uek-debug-devel-3.8.13-118.49.1.el6uek kernel-uek-debug-3.8.13-118.49.1.el6uek dtrace-modules-3.8.13-118.49.1.el6uek-0.4.5-3.el6 kernel-uek-3.8.13-118.49.1.el6uek kernel-uek-devel-3.8.13-118.49.1.el6uek kernel-uek-doc-3.8.13-118.49.1.el6uek
27028 - (MSPT-Sep2020) Microsoft Windows Graphics Component Information Disclosure (CVE-2020-0921)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0921
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Graphics Component component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27030 - (MSPT-Sep2020) Microsoft DirectX Improperly Handles Objects in Memory Privilege Escalation (CVE-2020-1053)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1053
Description A vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.
The flaw lies in the improperly handles objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system. 27031 - (MSPT-Sep2020) Microsoft Windows GDI Information Disclosure (CVE-2020-1091)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1091
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the GDI component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
27032 - (MSPT-Sep2020) Microsoft Windows GDI Information Disclosure (CVE-2020-1097)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1097
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the GDI component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
27033 - (MSPT-Sep2020) Microsoft Windows Win32k Privilege Escalation (CVE-2020-1245)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1245
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Win32k component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27034 - (MSPT-Sep2020) Microsoft Windows win32k Information Disclosure (CVE-2020-1250)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1250
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the win32k component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27035 - (MSPT-Sep2020) Microsoft Windows GDI Information Disclosure (CVE-2020-1256)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1256
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the GDI component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
27037 - (MSPT-Sep2020) Microsoft DirectX Improperly Handles Objects in Memory Privilege Escalation (CVE-2020-1308)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1308
Description A vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.
The flaw lies in the improperly handles objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27038 - (MSPT-Sep2020) Microsoft Windows GDI Privilege Escalation (CVE-2020-0870)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0870
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation. Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the GDI component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27039 - (MSPT-Sep2020) Microsoft Windows Graphics Component Privilege Escalation (CVE-2020-0998)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0998
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Graphics Component component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27040 - (MSPT-Sep2020) Microsoft Windows Graphics Information Disclosure (CVE-2020-1083)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1083
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Graphics component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27041 - (MSPT-Sep2020) Microsoft Windows GDI Privilege Escalation (CVE-2020-1098)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1098
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the GDI component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27048 - (MSPT-Sep2020) Microsoft ssdpsrv.dll Improperly Handles Objects in Memory Privilege Escalation (CVE-2020- 1052)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1052
Description A vulnerability in some versions of Microsoft ssdpsrv.dll could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft ssdpsrv.dll could lead to privilege escalation.
The flaw lies in the improperly handles objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27049 - (MSPT-Sep2020) Microsoft ssdpsrv.dll Improperly Handles Objects in Memory Privilege Escalation (CVE-2020- 1376)
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1376
Description A vulnerability in some versions of Microsoft ssdpsrv.dll could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft ssdpsrv.dll could lead to privilege escalation.
The flaw lies in the improperly handles objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27050 - (MSPT-Sep2020) Microsoft StartTileData.dll Improperly Handles File Creation in Protected Locations Privilege Escalation (CVE-202
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1159
Description A vulnerability in some versions of Microsoft StartTileData.dll could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft StartTileData.dll could lead to privilege escalation.
The flaw lies in improperly handles file creation in protected locations. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system. 27051 - (MSPT-Sep2020) Microsoft Windows Runtime Privilege Escalation (CVE-2020-1169)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1169
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Runtime component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27052 - (MSPT-Sep2020) Microsoft Windows Runtime Privilege Escalation (CVE-2020-1303)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1303
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Runtime component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27054 - (MSPT-Sep2020) Microsoft Windows Cryptographic Catalog Services Privilege Escalation (CVE-2020-0782)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0782
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Cryptographic Catalog Services component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27058 - (MSPT-Sep2020) Microsoft Windows RSoP Service Application Privilege Escalation (CVE-2020-0648)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0648
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the RSoP Service Application component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27059 - (MSPT-Sep2020) Microsoft splwow64.exe Improperly Handles Certain Calls Privilege Escalation (CVE-2020-0790)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0790
Description A vulnerability in some versions of Microsoft splwow64.exe could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft splwow64.exe could lead to privilege escalation.
The flaw lies in improperly handles certain calls. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27062 - (MSPT-Sep2020) Microsoft Active Directory Federation Services Spoofing (CVE-2020-0837)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0837
Description A vulnerability in some versions of Microsoft Active Directory could lead to spoofing.
Observation A vulnerability in some versions of Microsoft Active Directory could lead to spoofing.
The flaw lies in the Federation Services component. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the attacker to have valid credentials to the vulnerable system.
27063 - (MSPT-Sep2020) Microsoft NTFS Improperly Checks Access Privilege Escalation (CVE-2020-0838)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0838
Description A vulnerability in some versions of Microsoft NTFS could lead to privilege escalation. Observation A vulnerability in some versions of Microsoft NTFS could lead to privilege escalation.
The flaw lies in improperly checks access. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27064 - (MSPT-Sep2020) Microsoft dnsrslvr.dll Improperly Handles Objects in Memory Privilege Escalation (CVE-2020- 0839)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0839
Description A vulnerability in some versions of Microsoft dnsrslvr.dll could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft dnsrslvr.dll could lead to privilege escalation.
The flaw lies in the improperly handles objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27065 - (MSPT-Sep2020) Microsoft splwow64.exe Improperly Handles Certain Calls Information Disclosure (CVE-2020- 0875)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0875
Description A vulnerability in some versions of Microsoft splwow64.exe could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft splwow64.exe could lead to information disclosure.
The flaw lies in improperly handles certain calls. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27066 - (MSPT-Sep2020) Microsoft Windows Improperly Processes Group Policy Updates Privilege Escalation (CVE-2020- 1013)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1013
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation. The flaw lies in improperly processes group policy updates. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27068 - (MSPT-Sep2020) Microsoft Windows Print Spooler service Privilege Escalation (CVE-2020-1030)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1030
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Print Spooler service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27069 - (MSPT-Sep2020) Microsoft Windows DHCP Service Information Disclosure (CVE-2020-1031)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1031
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the DHCP Service component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information.
27071 - (MSPT-Sep2020) Microsoft StartTileData.dll Improperly Handles Objects in Memory Information Disclosure (CVE- 2020-1119)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1119
Description A vulnerability in some versions of Microsoft StartTileData.dll could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft StartTileData.dll could lead to information disclosure.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system. 27072 - (MSPT-Sep2020) Microsoft Windows Language Pack Installer Privilege Escalation (CVE-2020-1122)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1122
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Language Pack Installer component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27074 - (MSPT-Sep2020) Microsoft Windows Function Discovery Service Privilege Escalation (CVE-2020-1491)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1491
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Function Discovery Service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27076 - (MSPT-Sep2020) Microsoft Windows InstallService Privilege Escalation (CVE-2020-1532)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1532
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the InstallService component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27078 - (MSPT-Sep2020) Microsoft Win32k Improperly Provides Kernel Information Information Disclosure (CVE-2020- 0941)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0941
Description A vulnerability in some versions of Microsoft Win32k could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Win32k could lead to information disclosure.
The flaw lies in improperly provides kernel information. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27079 - (MSPT-Sep2020) Microsoft Windows Kernel Information Disclosure (CVE-2020-1033)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1033
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Kernel component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27080 - (MSPT-Sep2020) Microsoft Windows Kernel Privilege Escalation (CVE-2020-1034)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1034
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Kernel component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27081 - (MSPT-Sep2020) Microsoft Windows Win32k.sys Privilege Escalation (CVE-2020-1152)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1152
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation. Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Win32k.sys component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27082 - (MSPT-Sep2020) Microsoft Windows Kernel Information Disclosure (CVE-2020-16854)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-16854
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Kernel component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27083 - (MSPT-Sep2020) Microsoft Windows Kernel Information Disclosure (CVE-2020-1589)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1589
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Kernel component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27084 - (MSPT-Sep2020) Microsoft Windows Kernel Information Disclosure (CVE-2020-1592)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1592
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Kernel component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27087 - (MSPT-Sep2020) Microsoft Active Directory ADIDNS Information Disclosure (CVE-2020-0664)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0664
Description A vulnerability in some versions of Microsoft Active Directory could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Active Directory could lead to information disclosure.
The flaw lies in the ADIDNS component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information.
27090 - (MSPT-Sep2020) Microsoft Active Directory DNS Information Disclosure (CVE-2020-0856)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0856
Description A vulnerability in some versions of Microsoft Active Directory could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Active Directory could lead to information disclosure.
The flaw lies in the DNS component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27096 - (MSPT-Sep2020) Microsoft Windows Kernel Information Disclosure (CVE-2020-0928)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0928
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Kernel component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27097 - (MSPT-Sep2020) Microsoft Wininit.dll Improperly Handles Objects in Memory Privilege Escalation (CVE-2020-1012)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1012
Description A vulnerability in some versions of Microsoft Wininit.dll could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Wininit.dll could lead to privilege escalation.
The flaw lies in the improperly handles objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27098 - (MSPT-Sep2020) Microsoft Wininit.dll Improperly Handles Objects in Memory Privilege Escalation (CVE-2020-1506)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1506
Description A vulnerability in some versions of Microsoft Wininit.dll could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Wininit.dll could lead to privilege escalation.
The flaw lies in the improperly handles objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27101 - (MSPT-Sep2020) Microsoft Windows Store Runtime Privilege Escalation (CVE-2020-0766)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0766
Description A vulnerability in some versions of Microsoft Store Runtime could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Store Runtime could lead to privilege escalation.
The flaw lies in improperly handles memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27102 - (MSPT-Sep2020) Microsoft Windows Storage Services Privilege Escalation (CVE-2020-0886)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0886
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Storage Services component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27103 - (MSPT-Sep2020) Microsoft Windows Modules Installer Privilege Escalation (CVE-2020-0911)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0911
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Modules Installer component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the user to have valid credentials.
27104 - (MSPT-Sep2020) Microsoft Windows Function Discovery SSDP Provider Privilege Escalation (CVE-2020-0912)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0912
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Function Discovery SSDP Provider component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27105 - (MSPT-Sep2020) Microsoft Windows State Repository Service Information Disclosure (CVE-2020-0914)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0914
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure. The flaw lies in the State Repository Service component. Successful exploitation by an attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27107 - (MSPT-Sep2020) Microsoft Store Runtime Privilege Escalation (CVE-2020-1146)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1146
Description A vulnerability in some versions of Microsoft Store Runtime could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Store Runtime could lead to privilege escalation.
The flaw lies in the improperly handles memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27109 - (MSPT-Sep2020) Microsoft Windows Storage Services Privilege Escalation (CVE-2020-1559)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1559
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Storage Services component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27111 - (MSPT-Sep2020) Microsoft Windows MDM Information Disclosure (CVE-2020-0989)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-0989
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the MDM component. Successful exploitation by an attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27112 - (MSPT-Sep2020) Microsoft Windows CLFS Privilege Escalation (CVE-2020-1115) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1115
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the CLFS component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27113 - (MSPT-Sep2020) Microsoft Windows Connected User Experiences and Telemetry Service Privilege Escalation (CVE-2020-1590)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1590
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Connected User Experiences and Telemetry Service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27129 - (MSPT-Sep2020) Microsoft Windows Projected Filesystem Information Disclosure (CVE-2020-16879)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-16879
Description A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Projected Filesystem component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information.The exploit requires the attacker to have valid credentials to the vulnerable system.
27130 - (MSPT-Sep2020) Microsoft Windows CloudExperienceHost Privilege Escalation (CVE-2020-1471)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1471 Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the CloudExperienceHost component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27131 - (MSPT-Sep2020) Microsoft Windows Connected User Experiences and Telemetry Service Privilege Escalation (CVE-2020-1130)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1130
Description A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Connected User Experiences and Telemetry Service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27132 - (MSPT-Sep2020) Microsoft Diagnostics Hub Standard Collector Improperly Handles File Operations Privilege Escalation (CVE-2020-11
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1133
Description A vulnerability in some versions of Microsoft Diagnostics Hub Standard Collector could lead to privilege escalation.
Observation A vulnerability in some versions of Microsoft Diagnostics Hub Standard Collector could lead to privilege escalation.
The flaw lies in improperly handles file operations. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27135 - (MSPT-Sep2020) Microsoft SQL SSRS Privilege Escalation (CVE-2020-1044)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1044
Description A vulnerability in some versions of Microsoft SQL could lead to privilege escalation. Observation A vulnerability in some versions of Microsoft SQL could lead to privilege escalation.
The flaw lies in the SSRS component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
27136 - (MSPT-Sep2020) Microsoft Excel Remote Code Execution (CVE-2020-1193)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1193
Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27137 - (MSPT-Sep2020) Microsoft Word Remote Code Execution (CVE-2020-1218)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1218
Description A vulnerability in some versions of Microsoft Word could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Word could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27138 - (MSPT-Sep2020) Microsoft Excel Information Disclosure Vulnerability (CVE-2020-1224)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1224
Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27139 - (MSPT-Sep2020) Microsoft Excel Remote Code Execution (CVE-2020-1332)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1332
Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27140 - (MSPT-Sep2020) Microsoft Excel Remote Code Execution (CVE-2020-1335)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1335
Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27142 - (MSPT-Sep2020) Microsoft Excel Remote Code Execution (CVE-2020-1594)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1594
Description A vulnerability in some versions of Microsoft Excel could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Excel could lead to remote code execution.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27145 - (MSPT-Sep2020) Microsoft SharePoint Server Spoofing (CVE-2020-1205)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1205
Description A vulnerability in some versions of Microsoft SharePoint Server could lead to spoofing.
Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to spoofing.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in spoofing
27146 - (MSPT-Sep2020) Microsoft SharePoint Server Properly XSS Vulnerability (CVE-2020-1227)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1227
Description A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.
Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the Cross Site Scripting Attack
27149 - (MSPT-Sep2020) Microsoft SharePoint Server Tampering Vulnerability (CVE-2020-1523)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1523
Description A vulnerability in some versions of Microsoft SharePoint Server could lead to information disclosure.
Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to information disclosure.
The flaw lies in the improperly handles objects in memory. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
27150 - (MSPT-Sep2020) Microsoft SharePoint Server XSS Vulnerability (CVE-2020-1575)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-1575
Description A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.
Observation A vulnerability in some versions of Microsoft SharePoint Server could lead to Cross Site Scripting Attack.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the Cross Site Scripting Attack. The exploit requires the attacker to have valid credentials to the vulnerable system.
164325 - Oracle Enterprise Linux ELSA-2020-3662 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11045, CVE-2019-11047, CVE-2019- 11048, CVE-2019-11050, CVE-2019-13224, CVE-2019-13225, CVE-2019-16163, CVE-2019-19203, CVE-2019-19204, CVE-2019- 19246, CVE-2019-20454, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
Description The scan detected that the host is missing the following update: ELSA-2020-3662
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010290.html
OEL8 x86_64 php-xml-7.3.20-1.module+el8.2.0+7784+4033621d php-gd-7.3.20-1.module+el8.2.0+7784+4033621d php-json-7.3.20-1.module+el8.2.0+7784+4033621d php-dba-7.3.20-1.module+el8.2.0+7784+4033621d php-pecl-xdebug-2.8.0-1.module+el8.2.0+5569+98c8b30d apcu-panel-5.1.17-1.module+el8.2.0+5569+98c8b30d php-pdo-7.3.20-1.module+el8.2.0+7784+4033621d php-enchant-7.3.20-1.module+el8.2.0+7784+4033621d php-bcmath-7.3.20-1.module+el8.2.0+7784+4033621d php-xmlrpc-7.3.20-1.module+el8.2.0+7784+4033621d php-ldap-7.3.20-1.module+el8.2.0+7784+4033621d php-pecl-apcu-devel-5.1.17-1.module+el8.2.0+5569+98c8b30d php-dbg-7.3.20-1.module+el8.2.0+7784+4033621d libzip-devel-1.5.2-1.module+el8.2.0+5569+98c8b30d php-pecl-rrd-2.0.1-1.module+el8.2.0+5569+98c8b30d php-snmp-7.3.20-1.module+el8.2.0+7784+4033621d php-pecl-zip-1.15.4-1.module+el8.2.0+5569+98c8b30d php-odbc-7.3.20-1.module+el8.2.0+7784+4033621d libzip-1.5.2-1.module+el8.2.0+5569+98c8b30d php-mysqlnd-7.3.20-1.module+el8.2.0+7784+4033621d php-common-7.3.20-1.module+el8.2.0+7784+4033621d php-gmp-7.3.20-1.module+el8.2.0+7784+4033621d php-intl-7.3.20-1.module+el8.2.0+7784+4033621d php-cli-7.3.20-1.module+el8.2.0+7784+4033621d libzip-tools-1.5.2-1.module+el8.2.0+5569+98c8b30d php-pgsql-7.3.20-1.module+el8.2.0+7784+4033621d php-soap-7.3.20-1.module+el8.2.0+7784+4033621d php-7.3.20-1.module+el8.2.0+7784+4033621d php-mbstring-7.3.20-1.module+el8.2.0+7784+4033621d php-opcache-7.3.20-1.module+el8.2.0+7784+4033621d php-pecl-apcu-5.1.17-1.module+el8.2.0+5569+98c8b30d php-recode-7.3.20-1.module+el8.2.0+7784+4033621d php-process-7.3.20-1.module+el8.2.0+7784+4033621d php-fpm-7.3.20-1.module+el8.2.0+7784+4033621d php-embedded-7.3.20-1.module+el8.2.0+7784+4033621d php-devel-7.3.20-1.module+el8.2.0+7784+4033621d php-pear-1.10.9-1.module+el8.2.0+5569+98c8b30d
164331 - Oracle Enterprise Linux ELSA-2020-3665 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-14040, CVE-2020-15586, CVE-2020-16845
Description The scan detected that the host is missing the following update: ELSA-2020-3665
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010293.html
OEL8 x86_64 golang-bin-1.13.15-1.module+el8.2.0+7788+3ff8dc7f golang-tests-1.13.15-1.module+el8.2.0+7788+3ff8dc7f golang-misc-1.13.15-1.module+el8.2.0+7788+3ff8dc7f go-toolset-1.13.15-1.module+el8.2.0+7788+3ff8dc7f golang-src-1.13.15-1.module+el8.2.0+7788+3ff8dc7f golang-1.13.15-1.module+el8.2.0+7788+3ff8dc7f golang-race-1.13.15-1.module+el8.2.0+7788+3ff8dc7f delve-1.3.2-3.0.1.module+el8.2.0+5587+55f012d0 golang-docs-1.13.15-1.module+el8.2.0+7788+3ff8dc7f
164337 - Oracle Enterprise Linux ELSA-2020-3654 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-12825
Description The scan detected that the host is missing the following update: ELSA-2020-3654
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010288.html
OEL8 x86_64 libcroco-0.6.12-4.el8_2.1 libcroco-devel-0.6.12-4.el8_2.1
164338 - Oracle Enterprise Linux ELSA-2020-3669 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2019-10130, CVE-2019-10164, CVE-2019-10208, CVE-2020-14349, CVE-2020-14350, CVE-2020-1720
Description The scan detected that the host is missing the following update: ELSA-2020-3669
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010291.html
OEL8 x86_64 postgresql-upgrade-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-server-devel-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-pltcl-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-contrib-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-upgrade-devel-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-test-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-static-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-test-rpm-macros-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-plpython3-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-server-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-docs-10.14-1.module+el8.2.0+7785+0ea9f177 postgresql-plperl-10.14-1.module+el8.2.0+7785+0ea9f177
178977 - Gentoo Linux GLSA-202009-09 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-09
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-09
Affected packages: net-misc/nextcloud-client < 2.6.5
178978 - Gentoo Linux GLSA-202009-02 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-02
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-02
Affected packages: net-mail/dovecot < 2.3.11.3
178979 - Gentoo Linux GLSA-202009-12 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-12
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-12
Affected packages: net-libs/zeromq < 4.3.3
178980 - Gentoo Linux GLSA-202009-05 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-05
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-05
Affected packages: media-libs/gst-rtsp-server < 1.16.2 178981 - Gentoo Linux GLSA-202009-03 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-03
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-03
Affected packages: www-client/chromium < 85.0.4183.102 www-client/google-chrome < 85.0.4183.102
178984 - Gentoo Linux GLSA-202009-06 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-06
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-06
Affected packages: app-arch/file-roller < 3.36.3
149350 - SuSE SLES 12 SP5 SUSE-SU-2020:2540-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-3639, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-16166, CVE-2020-1749, CVE-2020-24394
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2540-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007375.html
SuSE SLES 12 SP5 x86_64 kernel-azure-debugsource-4.12.14-16.25.1 kernel-syms-azure-4.12.14-16.25.1 kernel-azure-base-4.12.14-16.25.1 kernel-azure-4.12.14-16.25.1 kernel-azure-debuginfo-4.12.14-16.25.1 kernel-azure-devel-4.12.14-16.25.1 kernel-azure-base-debuginfo-4.12.14-16.25.1 noarch kernel-source-azure-4.12.14-16.25.1 kernel-devel-azure-4.12.14-16.25.1
149360 - SuSE Linux 15.1 openSUSE-SU-2020:1325-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-3639, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-1749, CVE-2020-24394
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1325-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-09/msg00015.html
SuSE Linux 15.1 x86_64 kernel-debug-base-debuginfo-4.12.14-lp151.28.63.1 kernel-kvmsmall-4.12.14-lp151.28.63.1 kernel-debug-base-4.12.14-lp151.28.63.1 kernel-kvmsmall-debugsource-4.12.14-lp151.28.63.1 kernel-debug-devel-4.12.14-lp151.28.63.1 kernel-vanilla-debuginfo-4.12.14-lp151.28.63.1 kernel-vanilla-base-debuginfo-4.12.14-lp151.28.63.1 kernel-default-devel-4.12.14-lp151.28.63.1 kernel-default-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-default-base-debuginfo-4.12.14-lp151.28.63.1 kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-obs-build-4.12.14-lp151.28.63.1 kernel-default-base-4.12.14-lp151.28.63.1 kernel-vanilla-debugsource-4.12.14-lp151.28.63.1 kernel-kvmsmall-debuginfo-4.12.14-lp151.28.63.1 kernel-vanilla-base-4.12.14-lp151.28.63.1 kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.63.1 kernel-debug-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-syms-4.12.14-lp151.28.63.1 kernel-vanilla-4.12.14-lp151.28.63.1 kernel-obs-build-debugsource-4.12.14-lp151.28.63.1 kernel-default-debugsource-4.12.14-lp151.28.63.1 kernel-kvmsmall-base-4.12.14-lp151.28.63.1 kernel-debug-debuginfo-4.12.14-lp151.28.63.1 kernel-default-4.12.14-lp151.28.63.1 kernel-default-debuginfo-4.12.14-lp151.28.63.1 kernel-vanilla-devel-4.12.14-lp151.28.63.1 kernel-debug-debugsource-4.12.14-lp151.28.63.1 kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-debug-4.12.14-lp151.28.63.1 kernel-kvmsmall-devel-4.12.14-lp151.28.63.1 kernel-obs-qa-4.12.14-lp151.28.63.1 noarch kernel-docs-html-4.12.14-lp151.28.63.1 kernel-macros-4.12.14-lp151.28.63.1 kernel-source-4.12.14-lp151.28.63.1 kernel-docs-4.12.14-lp151.28.63.1 kernel-source-vanilla-4.12.14-lp151.28.63.1 kernel-devel-4.12.14-lp151.28.63.1
149389 - SuSE SLES 12 SP5 SUSE-SU-2020:2478-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-1000199, CVE-2019-16746, CVE-2019-19462, CVE-2019-20806, CVE-2019-20810, CVE-2019-20812, CVE-2019- 20908, CVE-2019-9455, CVE-2020-0543, CVE-2020-10690, CVE-2020-10711, CVE-2020-10720, CVE-2020-10732, CVE-2020- 10751, CVE-2020-10757, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10769, CVE-2020-10773, CVE-2020- 10781, CVE-2020-11669, CVE-2020-12114, CVE-2020-12464, CVE-2020-12652, CVE-2020-12653, CVE-2020-12654, CVE-2020- 12655, CVE-2020-12656, CVE-2020-12657, CVE-2020-12659, CVE-2020-12769, CVE-2020-12771, CVE-2020-12888, CVE-2020- 13143, CVE-2020-13974, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2478-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007345.html
SuSE SLES 12 SP5 x86_64 kernel-rt_debug-4.12.14-10.13.1 kernel-rt_debug-devel-4.12.14-10.13.1 gfs2-kmp-rt-4.12.14-10.13.1 ocfs2-kmp-rt-4.12.14-10.13.1 kernel-rt-devel-4.12.14-10.13.1 cluster-md-kmp-rt-4.12.14-10.13.1 dlm-kmp-rt-4.12.14-10.13.1 kernel-rt-4.12.14-10.13.1 kernel-rt-base-4.12.14-10.13.1 kernel-syms-rt-4.12.14-10.13.1 noarch kernel-source-rt-4.12.14-10.13.1 kernel-devel-rt-4.12.14-10.13.1
149394 - SuSE SLES 12 SP5 SUSE-SU-2020:2605-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-3639, CVE-2020-0305, CVE-2020-10135, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-16166, CVE-2020-24394
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2605-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-September/007405.html
SuSE SLES 12 SP5 x86_64 ocfs2-kmp-rt-4.12.14-10.16.1 gfs2-kmp-rt-4.12.14-10.16.1 kernel-rt-devel-4.12.14-10.16.1 kernel-syms-rt-4.12.14-10.16.1 kernel-rt_debug-devel-4.12.14-10.16.1 kernel-rt_debug-4.12.14-10.16.1 kernel-rt-4.12.14-10.16.1 cluster-md-kmp-rt-4.12.14-10.16.1 kernel-rt-base-4.12.14-10.16.1 dlm-kmp-rt-4.12.14-10.16.1 noarch kernel-devel-rt-4.12.14-10.16.1 kernel-source-rt-4.12.14-10.16.1
131661 - Debian Linux 10.0 DSA-4760-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-12829, CVE-2020-14364, CVE-2020-15863, CVE-2020-16092
Description The scan detected that the host is missing the following update: DSA-4760-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4760
Debian 10.0 all qemu_1:3.1+dfsg-8+deb10u8
131662 - Debian Linux 10.0 DSA-4761-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-15166
Description The scan detected that the host is missing the following update: DSA-4761-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4761
Debian 10.0 all libzmq5_4.3.1-4+deb10u2 libzmq3-dev_4.3.1-4+deb10u2
131663 - Debian Linux 10.0 DSA-4758-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14361, CVE-2020-14362
Description The scan detected that the host is missing the following update: DSA-4758-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4758
Debian 10.0 all xserver-xorg-core-udeb_2:1.20.4-1+deb10u1 xserver-xephyr_2:1.20.4-1+deb10u1 xserver-common_2:1.20.4-1+deb10u1 xwayland_2:1.20.4-1+deb10u1 xdmx_2:1.20.4-1+deb10u1 xserver-xorg-dev_2:1.20.4-1+deb10u1 xvfb_2:1.20.4-1+deb10u1 xdmx-tools_2:1.20.4-1+deb10u1 xnest_2:1.20.4-1+deb10u1 xserver-xorg-core_2:1.20.4-1+deb10u1 xserver-xorg-legacy_2:1.20.4-1+deb10u1 xorg-server-source_2:1.20.4-1+deb10u1
131664 - Debian Linux 10.0 DSA-4759-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-24654
Description The scan detected that the host is missing the following update: DSA-4759-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4759
Debian 10.0 all ark_4:18.08.3-1+deb10u2
131665 - Debian Linux 10.0 DSA-4762-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-24660
Description The scan detected that the host is missing the following update: DSA-4762-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4762
Debian 10.0 all lemonldap-ng_2.0.2+ds-7+deb10u5
164328 - Oracle Enterprise Linux ELSA-2020-5844 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Low CVE: CVE-2019-18885, CVE-2019-3874, CVE-2020-10767, CVE-2020-10781, CVE-2020-14331, CVE-2020-16166, CVE-2020- 24394
Description The scan detected that the host is missing the following update: ELSA-2020-5844
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-September/010299.html
OEL7 x86_64 kernel-uek-4.14.35-2025.400.9.el7uek kernel-uek-doc-4.14.35-2025.400.9.el7uek kernel-uek-devel-4.14.35-2025.400.9.el7uek kernel-uek-debug-4.14.35-2025.400.9.el7uek kernel-uek-tools-4.14.35-2025.400.9.el7uek kernel-uek-debug-devel-4.14.35-2025.400.9.el7uek
178982 - Gentoo Linux GLSA-202009-11 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-11
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-11
Affected packages: net-ftp/proftpd < 1.3.7a
178983 - Gentoo Linux GLSA-202009-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-01
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-01
Affected packages: net-libs/gnutls < 3.6.15
178985 - Gentoo Linux GLSA-202009-08 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-08
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-08
Affected packages: gnome-base/gnome-shell < 3.34.5-r1
178986 - Gentoo Linux GLSA-202009-07 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-07
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-07
Affected packages: dev-perl/DBI < 1.643.0
178987 - Gentoo Linux GLSA-202009-04 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202009-04
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202009-04
Affected packages: dev-qt/qtgui < 5.14.2-r1
27125 - (MSPT-Sep2020) Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability (CVE-2020-16860)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Informational CVE: CVE-2020-16860
Description A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to remote code execution.
Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to remote code execution.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
27126 - (MSPT-Sep2020) Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability (CVE-2020-16864)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Informational CVE: CVE-2020-16864
Description A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to cross sire scripting attacks.
Observation A vulnerability in some versions of Microsoft Microsoft Dynamics 367 could lead to cross sire scripting attacks.
The flaw lies in improperly sanitize a specially crafted web request. Successful exploitation by a remote attacker could result in cross- site scripting attacks.
ENHANCED CHECKS
The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 70014 - netbios-helpers.fasl3.inc
Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational CVE: CVE-MAP-NOMATCH
Update Details FASLScript is updated
HOW TO UPDATE
FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing.
FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.
MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.
MCAFEE TECHNICAL SUPPORT ServicePortal: https://mysupport.mcafee.com Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.html Non-US customers - Select your country from the list of Worldwide Offices.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.
Copyright 2020 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates