2020-AUG-10 FSL version 7.6.169
MCAFEE FOUNDSTONE FSL UPDATE
To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.
NEW CHECKS
26857 - Google Chrome Multiple Vulnerabilities Prior To 84.0.4147.89
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-6510, CVE-2020-6511, CVE-2020-6512, CVE-2020-6513, CVE-2020-6514, CVE-2020-6515, CVE-2020-6516, CVE-2020-6517, CVE-2020-6518, CVE- 2020-6519, CVE-2020-6520, CVE-2020-6521, CVE-2020-6522, CVE-2020-6523, CVE-2020-6524, CVE-2020-6525, CVE-2020-6526, CVE-2020-6527, CVE-2020-6528, CVE-2020-6529, CVE-2020-6530, CVE-2020-6531, CVE-2020-6533, CVE-2020-6534, CVE-2020-6535, CVE-2020-6536
Description Multiple vulnerabilities are present in some versions of Google Chrome.
Observation Google Chrome is a popular web browser.
Multiple vulnerabilities are present in some versions of Google Chrome. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a buffer overflow, or remotely execute arbitrary code on the target system.
26868 - (APSB20-33) Adobe Creative Cloud Desktop Application Multiple Vulnerabilities Prior to 5.2
Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-9669, CVE-2020-9670, CVE-2020-9671, CVE-2020-9682
Description Multiple vulnerabilities are present in some versions of Adobe Creative Cloud Desktop Application.
Observation Adobe Creative Cloud Desktop Application is the desktop client used to access Adobe Creative Cloud.
Multiple vulnerabilities are present in some versions of Adobe Creative Cloud Desktop Application. The flaws lie in multiple components. Successful exploitation could allow an attacker to gain elevated privileges or execute arbitrary code.
26870 - Security Vulnerabilities Fixed In Thunderbird 78
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-12402, CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421, CVE-2020- 12422, CVE-2020-12423, CVE-2020-12424, CVE-2020-12425, CVE-2020-12426, CVE-2020-15648
Description Multiple vulnerabilities are present in some versions of Mozilla Thunderbird.
Observation Mozilla Thunderbird is an open-source email, newsgroup, news feed, and chat client.
Multiple vulnerabilities are present in some versions of Mozilla Thunderbird. The flaws lie in several components. Successful exploitation by a remote attacker could result in the execution of arbitrary code, disclosure of sensitive information, or cause a denial of service condition.
26867 - (VMSA-2020-0015) VMware Workstation Player Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE- 2020-3971
Description Multiple vulnerabilities are present in some versions of VMware Workstation Player.
Observation VMware Workstation is virtualization software.
Multiple vulnerabilities are present in some versions of the VMware Workstation Player. The flaws lie in multiple components. Successful exploitation could allow an attacker to execute arbitrary code, disclosure of sensitive information, and cause a denial of service condition in the targeted system.
26869 - Security Vulnerabilities Fixed In Firefox 78.0.2
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-15648
Description A vulnerability is present in some versions of Mozilla Firefox.
Observation Mozilla Firefox is a popular web browser.
A vulnerability is present in some versions of Mozilla Firefox. The flaw lies in X-Frame-Options header. Successful exploitation could allow an attacker to bypass the X- Frame-Options header and frame other Web sites.
26860 - Oracle MySQL Server Critical Patch Update July 2020
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14553, CVE-2020-14559, CVE-2020-14567, CVE-2020-14568, CVE-2020-14575, CVE-2020- 14576, CVE-2020-14586, CVE-2020-14591, CVE-2020-14597, CVE-2020-14614, CVE-2020-14619, CVE-2020-14620, CVE-2020-14623, CVE-2020-14624, CVE-2020- 14631, CVE-2020-14632, CVE-2020-14633, CVE-2020-14634, CVE-2020-14641, CVE-2020-14643, CVE-2020-14651, CVE-2020-14654, CVE-2020-14656, CVE-2020- 14663, CVE-2020-14678, CVE-2020-14680, CVE-2020-14697, CVE-2020-14702, CVE-2020-1967
Description Multiple vulnerabilities are present in some versions of Oracle MySQL Server.
Observation Oracle MySQL Server is a popular open source database.
Multiple vulnerabilities are present in some versions of Oracle MySQL Server. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a denial of service condition or an information disclosure or cause an unspecified impact on the target system.
26866 - WordPress Multiple Vulnerabilities Fixed In 5.4.2
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High CVE: CVE-MAP-NOMATCH
Description Multiple vulnerabilities are present in some versions of WordPress.
Observation WordPress is a popular blog application.
Multiple vulnerabilities are present in some versions of WordPress. The flaws lie in multiple components. Successful exploitation could allow an attacker to gain elevated privileges or perform cross-site scripting attacks.
149232 - SuSE Linux 15.2 openSUSE-SU-2020:1108-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-10761, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13800
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1108-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-07/msg00189.html
SuSE Linux 15.2 x86_64 qemu-block-iscsi-debuginfo-4.2.1-lp152.9.3.1 qemu-vhost-user-gpu-4.2.1-lp152.9.3.1 qemu-guest-agent-debuginfo-4.2.1-lp152.9.3.1 qemu-tools-debuginfo-4.2.1-lp152.9.3.1 qemu-testsuite-4.2.1-lp152.9.3.1 qemu-block-nfs-debuginfo-4.2.1-lp152.9.3.1 qemu-block-ssh-4.2.1-lp152.9.3.1 qemu-lang-4.2.1-lp152.9.3.1 qemu-audio-alsa-debuginfo-4.2.1-lp152.9.3.1 qemu-extra-4.2.1-lp152.9.3.1 qemu-guest-agent-4.2.1-lp152.9.3.1 qemu-ui-spice-app-debuginfo-4.2.1-lp152.9.3.1 qemu-audio-sdl-debuginfo-4.2.1-lp152.9.3.1 qemu-ui-sdl-4.2.1-lp152.9.3.1 qemu-arm-4.2.1-lp152.9.3.1 qemu-x86-4.2.1-lp152.9.3.1 qemu-block-dmg-4.2.1-lp152.9.3.1 qemu-ui-curses-4.2.1-lp152.9.3.1 qemu-tools-4.2.1-lp152.9.3.1 qemu-block-gluster-4.2.1-lp152.9.3.1 qemu-ui-curses-debuginfo-4.2.1-lp152.9.3.1 qemu-ui-spice-app-4.2.1-lp152.9.3.1 qemu-ui-gtk-debuginfo-4.2.1-lp152.9.3.1 qemu-kvm-4.2.1-lp152.9.3.1 qemu-debugsource-4.2.1-lp152.9.3.1 qemu-audio-pa-debuginfo-4.2.1-lp152.9.3.1 qemu-linux-user-4.2.1-lp152.9.3.1 qemu-ppc-debuginfo-4.2.1-lp152.9.3.1 qemu-4.2.1-lp152.9.3.1 qemu-block-curl-4.2.1-lp152.9.3.1 qemu-debuginfo-4.2.1-lp152.9.3.1 qemu-linux-user-debugsource-4.2.1-lp152.9.3.1 qemu-s390-4.2.1-lp152.9.3.1 qemu-vhost-user-gpu-debuginfo-4.2.1-lp152.9.3.1 qemu-audio-pa-4.2.1-lp152.9.3.1 qemu-linux-user-debuginfo-4.2.1-lp152.9.3.1 qemu-audio-sdl-4.2.1-lp152.9.3.1 qemu-block-iscsi-4.2.1-lp152.9.3.1 qemu-x86-debuginfo-4.2.1-lp152.9.3.1 qemu-ksm-4.2.1-lp152.9.3.1 qemu-block-nfs-4.2.1-lp152.9.3.1 qemu-block-ssh-debuginfo-4.2.1-lp152.9.3.1 qemu-extra-debuginfo-4.2.1-lp152.9.3.1 qemu-ui-gtk-4.2.1-lp152.9.3.1 qemu-block-dmg-debuginfo-4.2.1-lp152.9.3.1 qemu-block-rbd-4.2.1-lp152.9.3.1 qemu-block-rbd-debuginfo-4.2.1-lp152.9.3.1 qemu-arm-debuginfo-4.2.1-lp152.9.3.1 qemu-s390-debuginfo-4.2.1-lp152.9.3.1 qemu-ppc-4.2.1-lp152.9.3.1 qemu-ui-sdl-debuginfo-4.2.1-lp152.9.3.1 qemu-block-gluster-debuginfo-4.2.1-lp152.9.3.1 qemu-block-curl-debuginfo-4.2.1-lp152.9.3.1 qemu-audio-alsa-4.2.1-lp152.9.3.1 noarch qemu-vgabios-1.12.1+-lp152.9.3.1 qemu-ipxe-1.0.0+-lp152.9.3.1 qemu-sgabios-8-lp152.9.3.1 qemu-microvm-4.2.1-lp152.9.3.1 qemu-seabios-1.12.1+-lp152.9.3.1
149233 - SuSE Linux 15.2 openSUSE-SU-2020:1111-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13934, CVE-2020-13935
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1111-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-07/msg00190.html
SuSE Linux 15.2 noarch tomcat-servlet-4_0-api-9.0.36-lp152.2.4.1 tomcat-javadoc-9.0.36-lp152.2.4.1 tomcat-webapps-9.0.36-lp152.2.4.1 tomcat-jsvc-9.0.36-lp152.2.4.1 tomcat-embed-9.0.36-lp152.2.4.1 tomcat-admin-webapps-9.0.36-lp152.2.4.1 tomcat-lib-9.0.36-lp152.2.4.1 tomcat-docs-webapp-9.0.36-lp152.2.4.1 tomcat-jsp-2_3-api-9.0.36-lp152.2.4.1 tomcat-9.0.36-lp152.2.4.1 tomcat-el-3_0-api-9.0.36-lp152.2.4.1
149234 - SuSE Linux 15.2 openSUSE-SU-2020:1128-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15503
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1128-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00006.html
SuSE Linux 15.2 x86_64 libraw-tools-0.18.9-lp152.5.3.1 libraw-debugsource-0.18.9-lp152.5.3.1 libraw16-debuginfo-0.18.9-lp152.5.3.1 libraw-tools-debuginfo-0.18.9-lp152.5.3.1 libraw16-0.18.9-lp152.5.3.1 libraw-debuginfo-0.18.9-lp152.5.3.1 libraw-devel-static-0.18.9-lp152.5.3.1 libraw-devel-0.18.9-lp152.5.3.1 i586 libraw-tools-0.18.9-lp152.5.3.1 libraw-debugsource-0.18.9-lp152.5.3.1 libraw16-debuginfo-0.18.9-lp152.5.3.1 libraw-tools-debuginfo-0.18.9-lp152.5.3.1 libraw16-0.18.9-lp152.5.3.1 libraw-debuginfo-0.18.9-lp152.5.3.1 libraw-devel-static-0.18.9-lp152.5.3.1 libraw-devel-0.18.9-lp152.5.3.1
149235 - SuSE SLES 12 SP5 SUSE-SU-2020:2078-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15706, CVE-2020-15707
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2078-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-July/007198.html
SuSE SLES 12 SP5 noarch grub2-x86_64-xen-2.02-12.31.1 grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 x86_64 grub2-2.02-12.31.1 grub2-i386-pc-2.02-12.31.1 grub2-debugsource-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1
149236 - SuSE Linux 15.1 openSUSE-SU-2020:1116-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15917
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1116-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-07/msg00195.html
SuSE Linux 15.1 x86_64 claws-mail-debuginfo-3.17.3-lp151.2.3.1 claws-mail-debugsource-3.17.3-lp151.2.3.1 claws-mail-3.17.3-lp151.2.3.1 claws-mail-devel-3.17.3-lp151.2.3.1 noarch claws-mail-lang-3.17.3-lp151.2.3.1
149237 - SuSE SLES 12 SP5 SUSE-SU-2020:2117-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14344
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2117-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-August/007222.html
SuSE SLES 12 SP5 noarch libX11-data-1.6.2-12.8.1 x86_64 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libX11-xcb1-32bit-1.6.2-12.8.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libX11-6-debuginfo-1.6.2-12.8.1 libxcb-glx0-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libX11-xcb1-1.6.2-12.8.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-render0-32bit-1.10-4.5.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libX11-6-1.6.2-12.8.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libX11-debugsource-1.6.2-12.8.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libX11-6-32bit-1.6.2-12.8.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1
149238 - SuSE Linux 15.1 openSUSE-SU-2020:1141-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13867
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1141-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00019.html
SuSE Linux 15.1 noarch python2-targetcli-fb-2.1.49-lp151.2.10.1 python3-targetcli-fb-2.1.49-lp151.2.10.1 targetcli-fb-common-2.1.49-lp151.2.10.1 149239 - SuSE Linux 15.1 openSUSE-SU-2020:1142-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15900
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1142-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00021.html
SuSE Linux 15.1 x86_64 ghostscript-x11-debuginfo-9.52-lp151.3.15.1 ghostscript-debugsource-9.52-lp151.3.15.1 ghostscript-debuginfo-9.52-lp151.3.15.1 ghostscript-mini-debugsource-9.52-lp151.3.15.1 ghostscript-devel-9.52-lp151.3.15.1 ghostscript-9.52-lp151.3.15.1 ghostscript-mini-devel-9.52-lp151.3.15.1 ghostscript-mini-9.52-lp151.3.15.1 ghostscript-mini-debuginfo-9.52-lp151.3.15.1 ghostscript-x11-9.52-lp151.3.15.1 i586 ghostscript-x11-debuginfo-9.52-lp151.3.15.1 ghostscript-debugsource-9.52-lp151.3.15.1 ghostscript-debuginfo-9.52-lp151.3.15.1 ghostscript-mini-debugsource-9.52-lp151.3.15.1 ghostscript-devel-9.52-lp151.3.15.1 ghostscript-9.52-lp151.3.15.1 ghostscript-mini-devel-9.52-lp151.3.15.1 ghostscript-mini-9.52-lp151.3.15.1 ghostscript-mini-debuginfo-9.52-lp151.3.15.1 ghostscript-x11-9.52-lp151.3.15.1
149240 - SuSE Linux 15.2 openSUSE-SU-2020:1139-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15917
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1139-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00017.html
SuSE Linux 15.2 x86_64 claws-mail-devel-3.17.6-lp152.3.3.1 claws-mail-3.17.6-lp152.3.3.1 claws-mail-debuginfo-3.17.6-lp152.3.3.1 claws-mail-debugsource-3.17.6-lp152.3.3.1 noarch claws-mail-lang-3.17.6-lp152.3.3.1
149241 - SuSE Linux 15.1 openSUSE-SU-2020:1147-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15655, CVE-2020-15656, CVE-2020-15657, CVE-2020-15658, CVE-2020-15659, CVE-2020- 6463, CVE-2020-6514
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1147-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00026.html
SuSE Linux 15.1 x86_64 MozillaFirefox-buildsymbols-78.1.0-lp151.2.61.1 MozillaFirefox-translations-other-78.1.0-lp151.2.61.1 MozillaFirefox-debuginfo-78.1.0-lp151.2.61.1 MozillaFirefox-branding-upstream-78.1.0-lp151.2.61.1 MozillaFirefox-translations-common-78.1.0-lp151.2.61.1 MozillaFirefox-78.1.0-lp151.2.61.1 MozillaFirefox-devel-78.1.0-lp151.2.61.1 MozillaFirefox-debugsource-78.1.0-lp151.2.61.1
149242 - SuSE SLES 12 SP5 SUSE-SU-2020:2100-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15655, CVE-2020-15656, CVE-2020-15657, CVE-2020-15658, CVE-2020-15659, CVE-2020- 6463, CVE-2020-6514
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2100-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-July/007206.html
SuSE SLES 12 SP5 x86_64 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1
149243 - SuSE Linux 15.2 openSUSE-SU-2020:1146-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15900
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1146-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00024.html
SuSE Linux 15.2 x86_64 ghostscript-debugsource-9.52-lp152.2.4.1 ghostscript-mini-9.52-lp152.2.4.1 ghostscript-mini-debuginfo-9.52-lp152.2.4.1 ghostscript-x11-debuginfo-9.52-lp152.2.4.1 ghostscript-mini-debugsource-9.52-lp152.2.4.1 ghostscript-9.52-lp152.2.4.1 ghostscript-x11-9.52-lp152.2.4.1 ghostscript-devel-9.52-lp152.2.4.1 ghostscript-debuginfo-9.52-lp152.2.4.1 ghostscript-mini-devel-9.52-lp152.2.4.1 i586 ghostscript-debugsource-9.52-lp152.2.4.1 ghostscript-mini-9.52-lp152.2.4.1 ghostscript-mini-debuginfo-9.52-lp152.2.4.1 ghostscript-x11-debuginfo-9.52-lp152.2.4.1 ghostscript-mini-debugsource-9.52-lp152.2.4.1 ghostscript-9.52-lp152.2.4.1 ghostscript-x11-9.52-lp152.2.4.1 ghostscript-devel-9.52-lp152.2.4.1 ghostscript-debuginfo-9.52-lp152.2.4.1 ghostscript-mini-devel-9.52-lp152.2.4.1
149244 - SuSE SLES 12 SP5, SLED 12 SP5 SUSE-SU-2020:2122-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-16746, CVE-2019-20908, CVE-2020-0305, CVE-2020-10135, CVE-2020-10769, CVE-2020-10773, CVE-2020-10781, CVE-2020-12771, CVE-2020- 12888, CVE-2020-14331, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2122-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-August/007225.html
SuSE SLED 12 SP5 x86_64 kernel-default-debugsource-4.12.14-122.29.1 kernel-default-extra-debuginfo-4.12.14-122.29.1 kernel-default-extra-4.12.14-122.29.1 kernel-default-debuginfo-4.12.14-122.29.1
SuSE SLES 12 SP5 noarch kernel-source-4.12.14-122.29.1 kernel-devel-4.12.14-122.29.1 kernel-macros-4.12.14-122.29.1 x86_64 kernel-default-base-debuginfo-4.12.14-122.29.1 kernel-default-devel-4.12.14-122.29.1 kernel-default-base-4.12.14-122.29.1 kernel-default-devel-debuginfo-4.12.14-122.29.1 kernel-syms-4.12.14-122.29.1 kernel-default-debugsource-4.12.14-122.29.1 kernel-default-4.12.14-122.29.1 kernel-default-debuginfo-4.12.14-122.29.1
149245 - SuSE Linux 15.1 openSUSE-SU-2020:1121-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-10730
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1121-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00001.html
SuSE Linux 15.1 x86_64 python3-ldb-devel-1.4.6-lp151.2.3.1 ldb-debugsource-1.4.6-lp151.2.3.1 python-ldb-devel-1.4.6-lp151.2.3.1 python3-ldb-32bit-debuginfo-1.4.6-lp151.2.3.1 python3-ldb-debuginfo-1.4.6-lp151.2.3.1 libldb-devel-1.4.6-lp151.2.3.1 libldb1-1.4.6-lp151.2.3.1 libldb1-debuginfo-1.4.6-lp151.2.3.1 python-ldb-1.4.6-lp151.2.3.1 python-ldb-debuginfo-1.4.6-lp151.2.3.1 python3-ldb-1.4.6-lp151.2.3.1 libldb1-32bit-1.4.6-lp151.2.3.1 python-ldb-32bit-debuginfo-1.4.6-lp151.2.3.1 ldb-tools-1.4.6-lp151.2.3.1 python3-ldb-32bit-1.4.6-lp151.2.3.1 libldb1-32bit-debuginfo-1.4.6-lp151.2.3.1 ldb-tools-debuginfo-1.4.6-lp151.2.3.1 python-ldb-32bit-1.4.6-lp151.2.3.1 i586 python-ldb-debuginfo-1.4.6-lp151.2.3.1 ldb-tools-debuginfo-1.4.6-lp151.2.3.1 libldb-devel-1.4.6-lp151.2.3.1 libldb1-1.4.6-lp151.2.3.1 ldb-debugsource-1.4.6-lp151.2.3.1 python-ldb-1.4.6-lp151.2.3.1 ldb-tools-1.4.6-lp151.2.3.1 python-ldb-devel-1.4.6-lp151.2.3.1 python3-ldb-devel-1.4.6-lp151.2.3.1 python3-ldb-1.4.6-lp151.2.3.1 python3-ldb-debuginfo-1.4.6-lp151.2.3.1 libldb1-debuginfo-1.4.6-lp151.2.3.1
149246 - SuSE SLED 15 SP2 SUSE-SU-2020:2105-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-19462, CVE-2019-20810, CVE-2019-20812, CVE-2020-0305, CVE-2020-10135, CVE-2020-10711, CVE-2020-10732, CVE-2020-10751, CVE-2020- 10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10773, CVE-2020-10781, CVE-2020-12656, CVE-2020-12769, CVE-2020-12771, CVE-2020-12888, CVE-2020- 13143, CVE-2020-13974, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2105-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-August/007215.html http://lists.suse.com/pipermail/sle-security-updates/2020-August/007213.html
SuSE SLED 15 SP2 x86_64 kernel-default-debugsource-5.3.18-24.9.1 kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-extra-5.3.18-24.9.1 kernel-default-extra-debuginfo-5.3.18-24.9.1
149247 - SuSE SLED 15 SP2 SUSE-SU-2020:2068-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-11017, CVE-2020-11018, CVE-2020-11019, CVE-2020-11038, CVE-2020-11039, CVE-2020-11040, CVE-2020-11041, CVE-2020-11043, CVE-2020- 11085, CVE-2020-11086, CVE-2020-11087, CVE-2020-11088, CVE-2020-11089, CVE-2020-11095, CVE-2020-11096, CVE-2020-11097, CVE-2020-11098, CVE-2020- 11099, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523, CVE-2020-11524, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396, CVE-2020-13397, CVE-2020- 13398, CVE-2020-4030, CVE-2020-4031, CVE-2020-4032, CVE-2020-4033
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2068-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-July/007190.html
SuSE SLED 15 SP2 x86_64 freerdp-devel-2.1.2-15.7.1 freerdp-debuginfo-2.1.2-15.7.1 libwinpr2-2.1.2-15.7.1 libfreerdp2-debuginfo-2.1.2-15.7.1 winpr2-devel-2.1.2-15.7.1 libwinpr2-debuginfo-2.1.2-15.7.1 libfreerdp2-2.1.2-15.7.1 freerdp-debugsource-2.1.2-15.7.1 freerdp-2.1.2-15.7.1
149248 - SuSE SLES 12 SP5 SUSE-SU-2020:2097-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15900
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2097-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-July/007204.html
SuSE SLES 12 SP5 x86_64 ghostscript-debugsource-9.52-23.39.1 ghostscript-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1
149249 - SuSE Linux 15.2 openSUSE-SU-2020:1144-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13867
Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1144-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00022.html
SuSE Linux 15.2 noarch python3-targetcli-fb-2.1.52-lp152.2.3.1 python2-targetcli-fb-2.1.52-lp152.2.3.1 targetcli-fb-common-2.1.52-lp152.2.3.1
149250 - SuSE SLED 15 SP1 SUSE-SU-2020:2107-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-16746, CVE-2019-20810, CVE-2019-20908, CVE-2020-0305, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10769, CVE-2020- 10773, CVE-2020-10781, CVE-2020-12771, CVE-2020-12888, CVE-2020-13974, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2107-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-August/007216.html http://lists.suse.com/pipermail/sle-security-updates/2020-August/007212.html
SuSE SLED 15 SP1 x86_64 kernel-default-extra-4.12.14-197.48.1 kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 kernel-default-extra-debuginfo-4.12.14-197.48.1
149251 - SuSE SLES 12 SP5 SUSE-SU-2020:2119-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-16746, CVE-2019-20908, CVE-2020-0305, CVE-2020-10135, CVE-2020-10769, CVE-2020-10773, CVE-2020-10781, CVE-2020-12771, CVE-2020- 12888, CVE-2020-14331, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2119-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-August/007218.html
SuSE SLES 12 SP5 x86_64 kernel-azure-base-4.12.14-16.22.1 kernel-syms-azure-4.12.14-16.22.1 kernel-azure-base-debuginfo-4.12.14-16.22.1 kernel-azure-devel-4.12.14-16.22.1 kernel-azure-debugsource-4.12.14-16.22.1 kernel-azure-4.12.14-16.22.1 kernel-azure-debuginfo-4.12.14-16.22.1 noarch kernel-devel-azure-4.12.14-16.22.1 kernel-source-azure-4.12.14-16.22.1
149252 - SuSE SLES 12 SP5 SUSE-SU-2020:2069-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13753, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850
Description The scan detected that the host is missing the following update: SUSE-SU-2020:2069-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-July/007191.html
SuSE SLES 12 SP5 noarch libwebkit2gtk3-lang-2.28.3-2.56.1 x86_64 webkit2gtk3-debugsource-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-2.28.3-2.56.1
160761 - CentOS 7 CESA-2020-3220 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2019-19527, CVE-2020-10757, CVE-2020-12653, CVE-2020-12654
Description The scan detected that the host is missing the following update: CESA-2020-3220
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-July/035780.html
CentOS 7 x86_64 kernel-debug-devel-3.10.0-1127.18.2.el7 python-perf-3.10.0-1127.18.2.el7 kernel-headers-3.10.0-1127.18.2.el7 kernel-debug-3.10.0-1127.18.2.el7 kernel-tools-libs-3.10.0-1127.18.2.el7 kernel-tools-3.10.0-1127.18.2.el7 perf-3.10.0-1127.18.2.el7 bpftool-3.10.0-1127.18.2.el7 kernel-3.10.0-1127.18.2.el7 kernel-tools-libs-devel-3.10.0-1127.18.2.el7 kernel-devel-3.10.0-1127.18.2.el7 noarch kernel-doc-3.10.0-1127.18.2.el7 kernel-abi-whitelists-3.10.0-1127.18.2.el7
160762 - CentOS 7 CESA-2018-3140 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2015-9381, CVE-2015-9382, CVE-2017-18267, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-12910, CVE-2018-13988
Description The scan detected that the host is missing the following update: CESA-2018-3140
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-July/035782.html
CentOS 7 x86_64 fwupdate-libs-12-6.el7.centos fwupdate-12-6.el7.centos fwupdate-devel-12-6.el7.centos fwupdate-efi-12-6.el7.centos
164297 - Oracle Enterprise Linux ELSA-2020-5782 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707
Description The scan detected that the host is missing the following update: ELSA-2020-5782
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010163.html
OEL7 x86_64 grub2-efi-x64-modules-2.02-0.81.0.3.el7 grub2-tools-2.02-0.81.0.3.el7 grub2-efi-x64-2.02-0.81.0.3.el7 grub2-2.02-0.81.0.3.el7 grub2-efi-x64-cdboot-2.02-0.81.0.3.el7 grub2-pc-modules-2.02-0.81.0.3.el7 grub2-common-2.02-0.81.0.3.el7 grub2-pc-2.02-0.81.0.3.el7 grub2-efi-ia32-modules-2.02-0.81.0.3.el7 grub2-tools-extra-2.02-0.81.0.3.el7 grub2-efi-ia32-cdboot-2.02-0.81.0.3.el7 grub2-tools-minimal-2.02-0.81.0.3.el7 grub2-efi-ia32-2.02-0.81.0.3.el7
164298 - Oracle Enterprise Linux ELSA-2020-3284 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-13692
Description The scan detected that the host is missing the following update: ELSA-2020-3284
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-August/010194.html
OEL6 x86_64 postgresql-jdbc-8.4.704-4.el6_10 i386 postgresql-jdbc-8.4.704-4.el6_10
164301 - Oracle Enterprise Linux ELSA-2020-5791 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2019-20908
Description The scan detected that the host is missing the following update: ELSA-2020-5791
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010165.html
OEL7 x86_64 kernel-uek-devel-4.14.35-1902.304.6.3.el7uek kernel-uek-debug-4.14.35-1902.304.6.3.el7uek kernel-uek-debug-devel-4.14.35-1902.304.6.3.el7uek kernel-uek-tools-4.14.35-1902.304.6.3.el7uek kernel-uek-doc-4.14.35-1902.304.6.3.el7uek kernel-uek-4.14.35-1902.304.6.3.el7uek
164302 - Oracle Enterprise Linux ELSA-2020-3241 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
Description The scan detected that the host is missing the following update: ELSA-2020-3241
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010186.html
OEL8 x86_64 firefox-68.11.0-1.0.1.el8_2
164303 - Oracle Enterprise Linux ELSA-2020-3281 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-18922
Description The scan detected that the host is missing the following update: ELSA-2020-3281 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-August/010193.html
OEL7 x86_64 libvncserver-0.9.9-14.el7_8.1 libvncserver-devel-0.9.9-14.el7_8.1
164304 - Oracle Enterprise Linux ELSA-2020-3185 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-11538, CVE-2020-5313
Description The scan detected that the host is missing the following update: ELSA-2020-3185
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010173.html
OEL8 x86_64 python3-pillow-5.1.1-12.el8_2
164305 - Oracle Enterprise Linux ELSA-2020-5786 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707
Description The scan detected that the host is missing the following update: ELSA-2020-5786
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010174.html
OEL8 x86_64 grub2-tools-minimal-2.02-82.0.2.el8_2.1 grub2-efi-x64-2.02-82.0.2.el8_2.1 grub2-efi-x64-modules-2.02-82.0.2.el8_2.1 grub2-pc-2.02-82.0.2.el8_2.1 grub2-efi-ia32-cdboot-2.02-82.0.2.el8_2.1 grub2-common-2.02-82.0.2.el8_2.1 grub2-tools-extra-2.02-82.0.2.el8_2.1 grub2-efi-ia32-modules-2.02-82.0.2.el8_2.1 grub2-pc-modules-2.02-82.0.2.el8_2.1 grub2-efi-ia32-2.02-82.0.2.el8_2.1 grub2-tools-2.02-82.0.2.el8_2.1 grub2-efi-x64-cdboot-2.02-82.0.2.el8_2.1 grub2-efi-aa64-modules-2.02-82.0.2.el8_2.1 grub2-tools-efi-2.02-82.0.2.el8_2.1
164306 - Oracle Enterprise Linux ELSA-2020-3233 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
Description The scan detected that the host is missing the following update: ELSA-2020-3233
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010191.html
OEL6 x86_64 firefox-68.11.0-1.0.1.el6_10 i386 firefox-68.11.0-1.0.1.el6_10
164307 - Oracle Enterprise Linux ELSA-2020-3253 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
Description The scan detected that the host is missing the following update: ELSA-2020-3253
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010188.html
OEL7 x86_64 firefox-68.11.0-1.0.1.el7_8
164308 - Oracle Enterprise Linux ELSA-2020-5792 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15780
Description The scan detected that the host is missing the following update: ELSA-2020-5792
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010167.html http://oss.oracle.com/pipermail/el-errata/2020-July/010171.html http://oss.oracle.com/pipermail/el-errata/2020-July/010175.html
OEL7 x86_64 kernel-uek-5.4.17-2011.4.6.el8uek kernel-uek-devel-5.4.17-2011.4.6.el8uek kernel-uek-debug-5.4.17-2011.4.6.el7uek kernel-uek-5.4.17-2011.4.6.el7uek kernel-uek-debug-5.4.17-2011.4.6.el8uek kernel-uek-tools-5.4.17-2011.4.6.el7uek kernel-uek-devel-5.4.17-2011.4.6.el7uek kernel-uek-debug-devel-5.4.17-2011.4.6.el7uek kernel-uek-debug-devel-5.4.17-2011.4.6.el8uek kernel-uek-doc-5.4.17-2011.4.6.el7uek kernel-uek-doc-5.4.17-2011.4.6.el8uek
164309 - Oracle Enterprise Linux ELSA-2020-3220 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2019-19527, CVE-2020-10713, CVE-2020-10757, CVE-2020-12653, CVE-2020-12654
Description The scan detected that the host is missing the following update: ELSA-2020-3220
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010184.html
OEL7 x86_64 kernel-tools-libs-3.10.0-1127.18.2.el7 bpftool-3.10.0-1127.18.2.el7 perf-3.10.0-1127.18.2.el7 kernel-tools-3.10.0-1127.18.2.el7 python-perf-3.10.0-1127.18.2.el7 kernel-doc-3.10.0-1127.18.2.el7 kernel-tools-libs-devel-3.10.0-1127.18.2.el7 kernel-debug-devel-3.10.0-1127.18.2.el7 kernel-devel-3.10.0-1127.18.2.el7 kernel-debug-3.10.0-1127.18.2.el7 kernel-abi-whitelists-3.10.0-1127.18.2.el7 kernel-3.10.0-1127.18.2.el7 kernel-headers-3.10.0-1127.18.2.el7 164310 - Oracle Enterprise Linux ELSA-2020-3176 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-13692
Description The scan detected that the host is missing the following update: ELSA-2020-3176
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010172.html
OEL8 x86_64 postgresql-jdbc-javadoc-42.2.3-3.el8_2 postgresql-jdbc-42.2.3-3.el8_2
164311 - Oracle Enterprise Linux ELSA-2020-3285 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-13692
Description The scan detected that the host is missing the following update: ELSA-2020-3285
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-August/010195.html
OEL7 x86_64 postgresql-jdbc-javadoc-9.2.1002-8.el7_8 postgresql-jdbc-9.2.1002-8.el7_8
171257 - Amazon Linux AMI ALAS-2020-1413 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-11008, CVE-2020-5260
Description The scan detected that the host is missing the following update: ALAS-2020-1413
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1413.html
Amazon Linux AMI i686 git-2.18.4-2.71.amzn1 git-debuginfo-2.18.4-2.71.amzn1 git-core-2.18.4-2.71.amzn1 git-svn-2.18.4-2.71.amzn1 git-instaweb-2.18.4-2.71.amzn1 git-daemon-2.18.4-2.71.amzn1 git-subtree-2.18.4-2.71.amzn1 noarch gitweb-2.18.4-2.71.amzn1 git-core-doc-2.18.4-2.71.amzn1 git-bzr-2.18.4-2.71.amzn1 emacs-git-el-2.18.4-2.71.amzn1 git-hg-2.18.4-2.71.amzn1 git-cvs-2.18.4-2.71.amzn1 perl-Git-SVN-2.18.4-2.71.amzn1 git-email-2.18.4-2.71.amzn1 git-p4-2.18.4-2.71.amzn1 git-all-2.18.4-2.71.amzn1 emacs-git-2.18.4-2.71.amzn1 perl-Git-2.18.4-2.71.amzn1 x86_64 git-2.18.4-2.71.amzn1 git-debuginfo-2.18.4-2.71.amzn1 git-core-2.18.4-2.71.amzn1 git-svn-2.18.4-2.71.amzn1 git-instaweb-2.18.4-2.71.amzn1 git-daemon-2.18.4-2.71.amzn1 git-subtree-2.18.4-2.71.amzn1
171258 - Amazon Linux AMI ALAS-2020-1408 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2019-9824, CVE-2020-7039, CVE-2020-8608
Description The scan detected that the host is missing the following update: ALAS-2020-1408
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1408.html
Amazon Linux AMI x86_64 qemu-kvm-1.5.3-156.19.amzn1 qemu-kvm-common-1.5.3-156.19.amzn1 qemu-kvm-tools-1.5.3-156.19.amzn1 qemu-kvm-debuginfo-1.5.3-156.19.amzn1 qemu-img-1.5.3-156.19.amzn1
171259 - Amazon Linux AMI ALAS-2020-1404 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-11080
Description The scan detected that the host is missing the following update: ALAS-2020-1404
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1404.html
Amazon Linux AMI x86_64 libnghttp2-1.33.0-1.1.6.amzn1 nghttp2-1.33.0-1.1.6.amzn1 nghttp2-debuginfo-1.33.0-1.1.6.amzn1 libnghttp2-devel-1.33.0-1.1.6.amzn1 i686 libnghttp2-1.33.0-1.1.6.amzn1 nghttp2-1.33.0-1.1.6.amzn1 nghttp2-debuginfo-1.33.0-1.1.6.amzn1 libnghttp2-devel-1.33.0-1.1.6.amzn1
171264 - Amazon Linux AMI ALAS-2020-1409 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-13934, CVE-2020-13935
Description The scan detected that the host is missing the following update: ALAS-2020-1409
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1409.html
Amazon Linux AMI noarch tomcat8-webapps-8.5.57-1.85.amzn1 tomcat8-jsp-2.3-api-8.5.57-1.85.amzn1 tomcat8-lib-8.5.57-1.85.amzn1 tomcat8-javadoc-8.5.57-1.85.amzn1 tomcat8-admin-webapps-8.5.57-1.85.amzn1 tomcat8-docs-webapp-8.5.57-1.85.amzn1 tomcat8-log4j-8.5.57-1.85.amzn1 tomcat8-el-3.0-api-8.5.57-1.85.amzn1 tomcat8-servlet-3.1-api-8.5.57-1.85.amzn1 tomcat8-8.5.57-1.85.amzn1 26852 - Joomla Inconsistent default textfilter settings Vulnerability (20200602)
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2020-13763
Description A vulnerability is present in some versions of Joomla! CMS.
Observation Joomla! CMS is an open-source content management system.
A vulnerability is present in some versions of Joomla! CMS. The flaw lies in the textfilter settings. Successful exploitation could allow access to user groups for unauthorized modifications to the target system.
26854 - Cisco NX-OS Software Unexpected IP In IP Packet Processing Vulnerability
Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Medium CVE: CVE-2020-10136
Description A vulnerability is present in some versions of Cisco NX-OS Software.
Observation Cisco NX-OS Software is the operating system used in Cisco Nexus devices.
A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in network stack . Successful exploitation could allow an attacker to cause a denial of service condition on affected device.
26859 - Apache Tomcat Vulnerability Prior To 7.0.105
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2020-13935
Description A vulnerability is present in some versions of Apache Tomcat.
Observation Apache Tomcat is an open-source software implementation of the Java Servlet and JavaServer Pages technologies.
A vulnerability is present in some versions of Apache Tomcat. The flaw is due to invalid payload length in a WebSocket frame. Successful exploitation could allow an attacker to cause a denial of service condition.
160760 - CentOS 7 CESA-2020-3217 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707
Description The scan detected that the host is missing the following update: CESA-2020-3217
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-July/035781.html http://lists.centos.org/pipermail/centos-announce/2020-July/035784.html http://lists.centos.org/pipermail/centos-announce/2020-July/035783.html
CentOS 7 x86_64 grub2-efi-ia32-cdboot-2.02-0.86.el7.centos grub2-efi-x64-cdboot-2.02-0.86.el7.centos mokutil-15-7.el7_9 shim-x64-15-7.el7_9 grub2-tools-minimal-2.02-0.86.el7.centos grub2-tools-extra-2.02-0.86.el7.centos shim-unsigned-x64-15-7.el7_9 shim-ia32-15-7.el7_9 grub2-tools-2.02-0.86.el7.centos shim-unsigned-ia32-15-7.el7_9 grub2-efi-ia32-2.02-0.86.el7.centos grub2-2.02-0.86.el7.centos grub2-efi-x64-2.02-0.86.el7.centos grub2-pc-2.02-0.86.el7.centos noarch grub2-efi-x64-modules-2.02-0.86.el7.centos grub2-common-2.02-0.86.el7.centos grub2-pc-modules-2.02-0.86.el7.centos grub2-efi-ia32-modules-2.02-0.86.el7.centos grub2-i386-modules-2.02-0.86.el7.centos
164299 - Oracle Enterprise Linux ELSA-2020-3218 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2019-20908, CVE-2020-10713, CVE-2020-15780
Description The scan detected that the host is missing the following update: ELSA-2020-3218
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010187.html
OEL8 x86_64 perf-4.18.0-193.14.3.el8_2 kernel-modules-4.18.0-193.14.3.el8_2 kernel-abi-whitelists-4.18.0-193.14.3.el8_2 kernel-modules-extra-4.18.0-193.14.3.el8_2 kernel-debug-devel-4.18.0-193.14.3.el8_2 kernel-tools-libs-devel-4.18.0-193.14.3.el8_2 kernel-headers-4.18.0-193.14.3.el8_2 kernel-tools-libs-4.18.0-193.14.3.el8_2 kernel-debug-modules-extra-4.18.0-193.14.3.el8_2 kernel-debug-modules-4.18.0-193.14.3.el8_2 kernel-devel-4.18.0-193.14.3.el8_2 kernel-cross-headers-4.18.0-193.14.3.el8_2 bpftool-4.18.0-193.14.3.el8_2 kernel-doc-4.18.0-193.14.3.el8_2 python3-perf-4.18.0-193.14.3.el8_2 kernel-debug-4.18.0-193.14.3.el8_2 kernel-tools-4.18.0-193.14.3.el8_2 kernel-4.18.0-193.14.3.el8_2 kernel-core-4.18.0-193.14.3.el8_2 kernel-debug-core-4.18.0-193.14.3.el8_2
171255 - Amazon Linux AMI ALAS-2020-1407 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-8492
Description The scan detected that the host is missing the following update: ALAS-2020-1407
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1407.html
Amazon Linux AMI x86_64 python35-debuginfo-3.5.7-1.26.amzn1 python27-devel-2.7.18-1.138.amzn1 python36-devel-3.6.11-1.17.amzn1 python36-test-3.6.11-1.17.amzn1 python35-libs-3.5.7-1.26.amzn1 python27-debuginfo-2.7.18-1.138.amzn1 python36-debug-3.6.11-1.17.amzn1 python34-tools-3.4.10-1.50.amzn1 python27-test-2.7.18-1.138.amzn1 python36-3.6.11-1.17.amzn1 python35-tools-3.5.7-1.26.amzn1 python27-2.7.18-1.138.amzn1 python36-libs-3.6.11-1.17.amzn1 python27-tools-2.7.18-1.138.amzn1 python34-debuginfo-3.4.10-1.50.amzn1 python34-devel-3.4.10-1.50.amzn1 python34-libs-3.4.10-1.50.amzn1 python36-tools-3.6.11-1.17.amzn1 python36-debuginfo-3.6.11-1.17.amzn1 python34-3.4.10-1.50.amzn1 python27-libs-2.7.18-1.138.amzn1 python35-devel-3.5.7-1.26.amzn1 python35-test-3.5.7-1.26.amzn1 python34-test-3.4.10-1.50.amzn1 python35-3.5.7-1.26.amzn1 i686 python35-libs-3.5.7-1.26.amzn1 python27-devel-2.7.18-1.138.amzn1 python35-debuginfo-3.5.7-1.26.amzn1 python27-debuginfo-2.7.18-1.138.amzn1 python36-test-3.6.11-1.17.amzn1 python36-devel-3.6.11-1.17.amzn1 python34-tools-3.4.10-1.50.amzn1 python27-test-2.7.18-1.138.amzn1 python36-3.6.11-1.17.amzn1 python35-tools-3.5.7-1.26.amzn1 python27-2.7.18-1.138.amzn1 python36-libs-3.6.11-1.17.amzn1 python27-tools-2.7.18-1.138.amzn1 python34-debuginfo-3.4.10-1.50.amzn1 python34-devel-3.4.10-1.50.amzn1 python34-libs-3.4.10-1.50.amzn1 python36-tools-3.6.11-1.17.amzn1 python36-debuginfo-3.6.11-1.17.amzn1 python34-3.4.10-1.50.amzn1 python27-libs-2.7.18-1.138.amzn1 python35-devel-3.5.7-1.26.amzn1 python36-debug-3.6.11-1.17.amzn1 python35-test-3.5.7-1.26.amzn1 python34-test-3.4.10-1.50.amzn1 python35-3.5.7-1.26.amzn1
171256 - Amazon Linux AMI ALAS-2020-1403 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-2760, CVE-2020-2763, CVE-2020-2765, CVE-2020-2780, CVE-2020-2804, CVE-2020-2812, CVE-2020-2814
Description The scan detected that the host is missing the following update: ALAS-2020-1403
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1403.html
Amazon Linux AMI x86_64 mysql57-embedded-devel-5.7.30-1.15.amzn1 mysql57-server-5.7.30-1.15.amzn1 mysql57-devel-5.7.30-1.15.amzn1 mysql57-common-5.7.30-1.15.amzn1 mysql57-test-5.7.30-1.15.amzn1 mysql57-5.7.30-1.15.amzn1 mysql57-embedded-5.7.30-1.15.amzn1 mysql57-libs-5.7.30-1.15.amzn1 mysql57-errmsg-5.7.30-1.15.amzn1 mysql57-debuginfo-5.7.30-1.15.amzn1 i686 mysql57-embedded-devel-5.7.30-1.15.amzn1 mysql57-server-5.7.30-1.15.amzn1 mysql57-devel-5.7.30-1.15.amzn1 mysql57-common-5.7.30-1.15.amzn1 mysql57-test-5.7.30-1.15.amzn1 mysql57-5.7.30-1.15.amzn1 mysql57-embedded-5.7.30-1.15.amzn1 mysql57-libs-5.7.30-1.15.amzn1 mysql57-errmsg-5.7.30-1.15.amzn1 mysql57-debuginfo-5.7.30-1.15.amzn1
171260 - Amazon Linux AMI ALAS-2020-1410 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-11810
Description The scan detected that the host is missing the following update: ALAS-2020-1410
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1410.html
Amazon Linux AMI x86_64 openvpn-2.4.9-1.23.amzn1 openvpn-debuginfo-2.4.9-1.23.amzn1 openvpn-devel-2.4.9-1.23.amzn1 i686 openvpn-2.4.9-1.23.amzn1 openvpn-debuginfo-2.4.9-1.23.amzn1 openvpn-devel-2.4.9-1.23.amzn1
171261 - Amazon Linux AMI ALAS-2020-1406 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-8492
Description The scan detected that the host is missing the following update: ALAS-2020-1406
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1406.html
Amazon Linux AMI x86_64 python26-test-2.6.9-2.90.amzn1 python26-tools-2.6.9-2.90.amzn1 python26-devel-2.6.9-2.90.amzn1 python26-2.6.9-2.90.amzn1 python26-libs-2.6.9-2.90.amzn1 python26-debuginfo-2.6.9-2.90.amzn1 i686 python26-tools-2.6.9-2.90.amzn1 python26-libs-2.6.9-2.90.amzn1 python26-test-2.6.9-2.90.amzn1 python26-devel-2.6.9-2.90.amzn1 python26-2.6.9-2.90.amzn1 python26-debuginfo-2.6.9-2.90.amzn1
171262 - Amazon Linux AMI ALAS-2020-1402 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-2763, CVE-2020-2780, CVE-2020-2804, CVE-2020-2812, CVE-2020-2814
Description The scan detected that the host is missing the following update: ALAS-2020-1402
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1402.html
Amazon Linux AMI x86_64 mysql56-common-5.6.49-1.37.amzn1 mysql56-devel-5.6.49-1.37.amzn1 mysql56-test-5.6.49-1.37.amzn1 mysql56-libs-5.6.49-1.37.amzn1 mysql56-server-5.6.49-1.37.amzn1 mysql56-embedded-devel-5.6.49-1.37.amzn1 mysql56-5.6.49-1.37.amzn1 mysql56-bench-5.6.49-1.37.amzn1 mysql56-embedded-5.6.49-1.37.amzn1 mysql56-debuginfo-5.6.49-1.37.amzn1 mysql56-errmsg-5.6.49-1.37.amzn1 i686 mysql56-common-5.6.49-1.37.amzn1 mysql56-devel-5.6.49-1.37.amzn1 mysql56-test-5.6.49-1.37.amzn1 mysql56-libs-5.6.49-1.37.amzn1 mysql56-server-5.6.49-1.37.amzn1 mysql56-embedded-devel-5.6.49-1.37.amzn1 mysql56-5.6.49-1.37.amzn1 mysql56-bench-5.6.49-1.37.amzn1 mysql56-embedded-5.6.49-1.37.amzn1 mysql56-debuginfo-5.6.49-1.37.amzn1 mysql56-errmsg-5.6.49-1.37.amzn1
171265 - Amazon Linux AMI ALAS-2020-1411 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-8177
Description The scan detected that the host is missing the following update: ALAS-2020-1411 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1411.html
Amazon Linux AMI x86_64 libcurl-7.61.1-12.94.amzn1 curl-7.61.1-12.94.amzn1 libcurl-devel-7.61.1-12.94.amzn1 curl-debuginfo-7.61.1-12.94.amzn1 i686 curl-debuginfo-7.61.1-12.94.amzn1 curl-7.61.1-12.94.amzn1 libcurl-devel-7.61.1-12.94.amzn1 libcurl-7.61.1-12.94.amzn1
178941 - Gentoo Linux GLSA-202007-59 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-59
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-59
Affected packages: www-client/chromium < 84.0.4147.105 www-client/google-chrome < 84.0.4147.105
178942 - Gentoo Linux GLSA-202007-53 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-53
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-53
Affected packages: net-misc/dropbear < 2020.80
178943 - Gentoo Linux GLSA-202007-63 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-63
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-63
Affected packages: net-analyzer/snmptt < 1.4.1
178944 - Gentoo Linux GLSA-202007-54 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-54
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-54
Affected packages: net-misc/rsync < 3.2.0
178945 - Gentoo Linux GLSA-202007-64 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-64
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-64
Affected packages: mail-client/thunderbird < 68.11.0 mail-client/thunderbird-bin < 68.11.0
178946 - Gentoo Linux GLSA-202007-61 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-61
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-61
Affected packages: net-libs/webkit-gtk < 2.28.4
178947 - Gentoo Linux GLSA-202007-60 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-60
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-60
Affected packages: www-client/firefox < 68.11.0 www-client/firefox-bin < 68.11.0
178948 - Gentoo Linux GLSA-202007-55 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-55
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-55
Affected packages: net-libs/libetpan < 1.9.4-r1
178949 - Gentoo Linux GLSA-202007-52 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-52
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-52
Affected packages: dev-lang/mujs < 1.0.6
178950 - Gentoo Linux GLSA-202007-62 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-62
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-62
Affected packages: dev-python/pycrypto <= 2.6.1-r2
178951 - Gentoo Linux GLSA-202007-65 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-65
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-65
Affected packages: media-libs/libsndfile < 1.0.29_pre2
178952 - Gentoo Linux GLSA-202007-58 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-58
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-58
Affected packages: media-video/ffmpeg < 4.2.4
178953 - Gentoo Linux GLSA-202007-56 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-56
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-56
Affected packages: mail-client/claws-mail < 3.17.6
178954 - Gentoo Linux GLSA-202007-57 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GLSA-202007-57
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-57
Affected packages: mail-client/mutt < 1.14.4 mail-client/neomutt < 20200619
26853 - Oracle Java SE Critical Patch Update July 2020
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14583, CVE-2020- 14593, CVE-2020-14621, CVE-2020-14664
Description Multiple vulnerabilities are present in some versions of Oracle Java SE.
Observation Oracle Java SE is used to run Java applications.
Multiple vulnerabilities are present in some versions of Oracle Java SE. The flaws lie in multiple components. Successful exploitation could allow an attacker to affect integrity, availability, and confidentiality of the target system.
26855 - Joomla XSS in modules heading tag option Vulnerability (20200601)
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2020-13761
Description A vulnerability is present in some versions of Joomla! CMS.
Observation Joomla! CMS is an open-source content management system.
A vulnerability is present in some versions of Joomla! CMS. The flaw is due to the lack of input validation in the heading tag option of the "Articles -Newsflash" and "Articles - Categories" modules. Successful exploitation could allow an attacker to conduct cross-site scripting attacks on the target.
26863 - Joomla CSRF In Com_installer Ajax_install Endpoint Vulnerability (20200701)
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-MAP-NOMATCH
Description A vulnerability is present in some versions of Joomla!.
Observation Joomla! is a content management system.
A vulnerability is present in some versions of Joomla!. The flaw lies in ajax_install endpoint com_installer. Successful exploitation could allow an attacker to conduct cross- site request forgery attacks.
26864 - (APSB20-43) Vulnerability In Adobe ColdFusion
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-9672, CVE-2020-9673
Description Multiple vulnerabilities are present in some versions of Adobe ColdFusion.
Observation Adobe ColdFusion is a web application development platform.
Multiple vulnerabilities are present in some versions of Adobe ColdFusion. The flaws lies in different components. Successful exploitation could allow a local attacker to gain administrator privileges.
131638 - Debian Linux 10.0 DSA-4739-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925
Description The scan detected that the host is missing the following update: DSA-4739-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4739
Debian 10.0 all gir1.2-javascriptcoregtk-4.0_2.28.4-1~deb10u1 gir1.2-webkit2-4.0_2.28.4-1~deb10u1 libjavascriptcoregtk-4.0-dev_2.28.4-1~deb10u1 webkit2gtk-driver_2.28.4-1~deb10u1 libwebkit2gtk-4.0-dev_2.28.4-1~deb10u1 libjavascriptcoregtk-4.0-18_2.28.4-1~deb10u1 libwebkit2gtk-4.0-37_2.28.4-1~deb10u1 libwebkit2gtk-4.0-doc_2.28.4-1~deb10u1 libjavascriptcoregtk-4.0-bin_2.28.4-1~deb10u1 libwebkit2gtk-4.0-37-gtk2_2.28.4-1~deb10u1
131639 - Debian Linux 10.0 DSA-4737-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-4044
Description The scan detected that the host is missing the following update: DSA-4737-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4737
Debian 10.0 all xrdp_0.9.9-1+deb10u1
131640 - Debian Linux 10.0 DSA-4740-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
Description The scan detected that the host is missing the following update: DSA-4740-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4740
Debian 10.0 all thunderbird_1:68.11.0-1~deb10u1
131641 - Debian Linux 10.0 DSA-4736-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514
Description The scan detected that the host is missing the following update: DSA-4736-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4736
Debian 10.0 all firefox-esr_68.11.0esr-1~deb10u1
131642 - Debian Linux 10.0 DSA-4735-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15706, CVE-2020-15707
Description The scan detected that the host is missing the following update: DSA-4735-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4735
Debian 10.0 all grub2_2.02+dfsg1-20+deb10u1
131643 - Debian Linux 10.0 DSA-4738-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-16116
Description The scan detected that the host is missing the following update: DSA-4738-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4738
Debian 10.0 all ark_4:18.08.3-1+deb10u1
171263 - Amazon Linux AMI ALAS-2020-1412 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Low CVE: CVE-2016-10245
Description The scan detected that the host is missing the following update: ALAS-2020-1412
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1412.html
Amazon Linux AMI x86_64 doxygen-latex-1.8.5-4.14.amzn1 doxygen-1.8.5-4.14.amzn1 doxygen-debuginfo-1.8.5-4.14.amzn1 i686 doxygen-latex-1.8.5-4.14.amzn1 doxygen-1.8.5-4.14.amzn1 doxygen-debuginfo-1.8.5-4.14.amzn1
183364 - FreeBSD libsndfile Out-of-bounds Read Memory Access (086c96cd-d0cb-11ea-b922-5404a68ad561)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: libsndfile -- out-of-bounds read memory access (086c96cd-d0cb-11ea-b922-5404a68ad561)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/086c96cd-d0cb-11ea-b922-5404a68ad561.html
Affected packages: libsndfile < 1.0.29.p.20200620
183365 - FreeBSD ark Directory Traversal (d1ef1138-d273-11ea-a757-e0d55e2a8bf9)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-16116
Description The scan detected that the host is missing the following update: ark -- directory traversal (d1ef1138-d273-11ea-a757-e0d55e2a8bf9)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/d1ef1138-d273-11ea-a757-e0d55e2a8bf9.html
Affected packages: ark < 20.04.2_1 ark == 20.04.3
183366 - FreeBSD Python Multiple Vulnerabilities (7d7221ee-d334-11ea-bc50-080027846a02)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-15801
Description The scan detected that the host is missing the following update: Python -- multiple vulnerabilities (7d7221ee-d334-11ea-bc50-080027846a02)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/7d7221ee-d334-11ea-bc50-080027846a02.html
Affected packages: python38 < 3.8.5
183367 - FreeBSD libX11 Heap Corruption In The X Input Method Client In LibX11 (6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-14344
Description The scan detected that the host is missing the following update: libX11 -- Heap corruption in the X input method client in libX11 (6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0.html
Affected packages: libX11 < 1.6.9_3,1 183368 - FreeBSD typo3 Multiple Vulnerabilities (eab964f8-d632-11ea-9172-4c72b94353b5)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-15098, CVE-2020-15099
Description The scan detected that the host is missing the following update: typo3 -- multiple vulnerabilities (eab964f8-d632-11ea-9172-4c72b94353b5)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/eab964f8-d632-11ea-9172-4c72b94353b5.html
Affected packages: typo3-9-php72 < 9.5.20 typo3-9-php73 < 9.5.20 typo3-9-php74 < 9.5.20 typo3-10-php72 < 10.4.6 typo3-10-php73 < 10.4.6 typo3-10-php74 < 10.4.6
183369 - FreeBSD FreeBSD Potential Memory Corruption In USB Network Device Drivers (9eb01384-d793-11ea-88f8-901b0ef719ab)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-7459
Description The scan detected that the host is missing the following update: FreeBSD -- Potential memory corruption in USB network device drivers (9eb01384-d793-11ea-88f8-901b0ef719ab)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/9eb01384-d793-11ea-88f8-901b0ef719ab.html
Affected packages: 12.1 <= FreeBSD-kernel < 12.1_8 11.4 <= FreeBSD-kernel < 11.4_2 11.3 <= FreeBSD-kernel < 11.3_12
183370 - FreeBSD FreeBSD Sendmsg (2) privilege escalation (8db74c04-d794-11ea-88f8-901b0ef719ab)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-7460
Description The scan detected that the host is missing the following update: FreeBSD -- sendmsg(2) privilege escalation (8db74c04-d794-11ea-88f8-901b0ef719ab)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/8db74c04-d794-11ea-88f8-901b0ef719ab.html
Affected packages: 12.1 <= FreeBSD-kernel < 12.1_8 11.4 <= FreeBSD-kernel < 11.4_2 11.3 <= FreeBSD-kernel < 11.3_12
183371 - FreeBSD chromium Multiple Vulnerabilities (9a447f78-d0f8-11ea-9837-e09467587c17)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-6532, CVE-2020-6537, CVE-2020-6538, CVE-2020-6539, CVE-2020-6540, CVE-2020-6541
Description The scan detected that the host is missing the following update: chromium -- multiple vulnerabilities (9a447f78-d0f8-11ea-9837-e09467587c17)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/9a447f78-d0f8-11ea-9837-e09467587c17.html
Affected packages: chromium < 84.0.4147.105 183372 - FreeBSD xorg-server Pixel Data Uninitialized Memory Information Disclosure (3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-14347
Description The scan detected that the host is missing the following update: xorg-server -- Pixel Data Uninitialized Memory Information Disclosure (3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0.html
Affected packages: xorg-server < 1.20.8_3,1 xephyr < 1.20.8_3,1 xorg-vfbserver < 1.20.8_3,1 xorg-nestserver < 1.20.8_3,1 xwayland < 1.20.8_3,1 xorg-dmx < 1.20.8_3,1
ENHANCED CHECKS
The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 160511 - CentOS 7 CESA-2018-3140 Update Is Not Installed - 1
Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2017-18267, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-12910, CVE-2018-13988
Update Details Name is updated
26564 - Oracle Database Server Critical Patch Update April 2020
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2016-10251, CVE-2016-7103, CVE-2019-17563, CVE-2019-2853, CVE-2020-2514, CVE-2020-2734, CVE-2020-2735, CVE-2020-2737
Update Details Risk is updated
183319 - FreeBSD Several Security Issues In Sqlite3 (c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-11655, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632
Update Details FASLScript is updated
HOW TO UPDATE
FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing.
FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.
MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.
MCAFEE TECHNICAL SUPPORT
ServicePortal: https://mysupport.mcafee.com Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.html Non-US customers - Select your country from the list of Worldwide Offices.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.
Copyright 2020 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates