2020-AUG-10 FSL version 7.6.169

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.

NEW CHECKS

26857 - Google Chrome Multiple Vulnerabilities Prior To 84.0.4147.89

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-6510, CVE-2020-6511, CVE-2020-6512, CVE-2020-6513, CVE-2020-6514, CVE-2020-6515, CVE-2020-6516, CVE-2020-6517, CVE-2020-6518, CVE- 2020-6519, CVE-2020-6520, CVE-2020-6521, CVE-2020-6522, CVE-2020-6523, CVE-2020-6524, CVE-2020-6525, CVE-2020-6526, CVE-2020-6527, CVE-2020-6528, CVE-2020-6529, CVE-2020-6530, CVE-2020-6531, CVE-2020-6533, CVE-2020-6534, CVE-2020-6535, CVE-2020-6536

Description Multiple vulnerabilities are present in some versions of Google Chrome.

Observation Google Chrome is a popular web browser.

Multiple vulnerabilities are present in some versions of Google Chrome. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a buffer overflow, or remotely execute arbitrary code on the target system.

26868 - (APSB20-33) Adobe Creative Cloud Desktop Application Multiple Vulnerabilities Prior to 5.2

Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-9669, CVE-2020-9670, CVE-2020-9671, CVE-2020-9682

Description Multiple vulnerabilities are present in some versions of Adobe Creative Cloud Desktop Application.

Observation Adobe Creative Cloud Desktop Application is the desktop client used to access Adobe Creative Cloud.

Multiple vulnerabilities are present in some versions of Adobe Creative Cloud Desktop Application. The flaws lie in multiple components. Successful exploitation could allow an attacker to gain elevated privileges or execute arbitrary code.

26870 - Security Vulnerabilities Fixed In Thunderbird 78

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-12402, CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421, CVE-2020- 12422, CVE-2020-12423, CVE-2020-12424, CVE-2020-12425, CVE-2020-12426, CVE-2020-15648

Description Multiple vulnerabilities are present in some versions of Mozilla Thunderbird.

Observation Mozilla Thunderbird is an open-source email, newsgroup, news feed, and chat client.

Multiple vulnerabilities are present in some versions of Mozilla Thunderbird. The flaws lie in several components. Successful exploitation by a remote attacker could result in the execution of arbitrary code, disclosure of sensitive information, or cause a denial of service condition.

26867 - (VMSA-2020-0015) VMware Workstation Player Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE- 2020-3971

Description Multiple vulnerabilities are present in some versions of VMware Workstation Player.

Observation VMware Workstation is virtualization software.

Multiple vulnerabilities are present in some versions of the VMware Workstation Player. The flaws lie in multiple components. Successful exploitation could allow an attacker to execute arbitrary code, disclosure of sensitive information, and cause a denial of service condition in the targeted system.

26869 - Security Vulnerabilities Fixed In Firefox 78.0.2

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-15648

Description A vulnerability is present in some versions of Mozilla Firefox.

Observation Mozilla Firefox is a popular web browser.

A vulnerability is present in some versions of Mozilla Firefox. The flaw lies in X-Frame-Options header. Successful exploitation could allow an attacker to bypass the X- Frame-Options header and frame other Web sites.

26860 - Oracle MySQL Server Critical Patch Update July 2020

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14553, CVE-2020-14559, CVE-2020-14567, CVE-2020-14568, CVE-2020-14575, CVE-2020- 14576, CVE-2020-14586, CVE-2020-14591, CVE-2020-14597, CVE-2020-14614, CVE-2020-14619, CVE-2020-14620, CVE-2020-14623, CVE-2020-14624, CVE-2020- 14631, CVE-2020-14632, CVE-2020-14633, CVE-2020-14634, CVE-2020-14641, CVE-2020-14643, CVE-2020-14651, CVE-2020-14654, CVE-2020-14656, CVE-2020- 14663, CVE-2020-14678, CVE-2020-14680, CVE-2020-14697, CVE-2020-14702, CVE-2020-1967

Description Multiple vulnerabilities are present in some versions of Oracle MySQL Server.

Observation Oracle MySQL Server is a popular open source database.

Multiple vulnerabilities are present in some versions of Oracle MySQL Server. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a denial of service condition or an information disclosure or cause an unspecified impact on the target system.

26866 - WordPress Multiple Vulnerabilities Fixed In 5.4.2

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High CVE: CVE-MAP-NOMATCH

Description Multiple vulnerabilities are present in some versions of WordPress.

Observation WordPress is a popular blog application.

Multiple vulnerabilities are present in some versions of WordPress. The flaws lie in multiple components. Successful exploitation could allow an attacker to gain elevated privileges or perform cross-site scripting attacks.

149232 - SuSE 15.2 openSUSE-SU-2020:1108-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-10761, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13800

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1108-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-07/msg00189.html

SuSE Linux 15.2 x86_64 qemu-block-iscsi-debuginfo-4.2.1-lp152.9.3.1 qemu-vhost-user-gpu-4.2.1-lp152.9.3.1 qemu-guest-agent-debuginfo-4.2.1-lp152.9.3.1 qemu-tools-debuginfo-4.2.1-lp152.9.3.1 qemu-testsuite-4.2.1-lp152.9.3.1 qemu-block-nfs-debuginfo-4.2.1-lp152.9.3.1 qemu-block-ssh-4.2.1-lp152.9.3.1 qemu-lang-4.2.1-lp152.9.3.1 qemu-audio-alsa-debuginfo-4.2.1-lp152.9.3.1 qemu-extra-4.2.1-lp152.9.3.1 qemu-guest-agent-4.2.1-lp152.9.3.1 qemu-ui-spice-app-debuginfo-4.2.1-lp152.9.3.1 qemu-audio-sdl-debuginfo-4.2.1-lp152.9.3.1 qemu-ui-sdl-4.2.1-lp152.9.3.1 qemu-arm-4.2.1-lp152.9.3.1 qemu-x86-4.2.1-lp152.9.3.1 qemu-block-dmg-4.2.1-lp152.9.3.1 qemu-ui-curses-4.2.1-lp152.9.3.1 qemu-tools-4.2.1-lp152.9.3.1 qemu-block-gluster-4.2.1-lp152.9.3.1 qemu-ui-curses-debuginfo-4.2.1-lp152.9.3.1 qemu-ui-spice-app-4.2.1-lp152.9.3.1 qemu-ui-gtk-debuginfo-4.2.1-lp152.9.3.1 qemu-kvm-4.2.1-lp152.9.3.1 qemu-debugsource-4.2.1-lp152.9.3.1 qemu-audio-pa-debuginfo-4.2.1-lp152.9.3.1 qemu-linux-user-4.2.1-lp152.9.3.1 qemu-ppc-debuginfo-4.2.1-lp152.9.3.1 qemu-4.2.1-lp152.9.3.1 qemu-block-curl-4.2.1-lp152.9.3.1 qemu-debuginfo-4.2.1-lp152.9.3.1 qemu-linux-user-debugsource-4.2.1-lp152.9.3.1 qemu-s390-4.2.1-lp152.9.3.1 qemu-vhost-user-gpu-debuginfo-4.2.1-lp152.9.3.1 qemu-audio-pa-4.2.1-lp152.9.3.1 qemu-linux-user-debuginfo-4.2.1-lp152.9.3.1 qemu-audio-sdl-4.2.1-lp152.9.3.1 qemu-block-iscsi-4.2.1-lp152.9.3.1 qemu-x86-debuginfo-4.2.1-lp152.9.3.1 qemu-ksm-4.2.1-lp152.9.3.1 qemu-block-nfs-4.2.1-lp152.9.3.1 qemu-block-ssh-debuginfo-4.2.1-lp152.9.3.1 qemu-extra-debuginfo-4.2.1-lp152.9.3.1 qemu-ui-gtk-4.2.1-lp152.9.3.1 qemu-block-dmg-debuginfo-4.2.1-lp152.9.3.1 qemu-block-rbd-4.2.1-lp152.9.3.1 qemu-block-rbd-debuginfo-4.2.1-lp152.9.3.1 qemu-arm-debuginfo-4.2.1-lp152.9.3.1 qemu-s390-debuginfo-4.2.1-lp152.9.3.1 qemu-ppc-4.2.1-lp152.9.3.1 qemu-ui-sdl-debuginfo-4.2.1-lp152.9.3.1 qemu-block-gluster-debuginfo-4.2.1-lp152.9.3.1 qemu-block-curl-debuginfo-4.2.1-lp152.9.3.1 qemu-audio-alsa-4.2.1-lp152.9.3.1 noarch qemu-vgabios-1.12.1+-lp152.9.3.1 qemu-ipxe-1.0.0+-lp152.9.3.1 qemu-sgabios-8-lp152.9.3.1 qemu-microvm-4.2.1-lp152.9.3.1 qemu-seabios-1.12.1+-lp152.9.3.1

149233 - SuSE Linux 15.2 openSUSE-SU-2020:1111-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13934, CVE-2020-13935

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1111-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-07/msg00190.html

SuSE Linux 15.2 noarch tomcat-servlet-4_0-api-9.0.36-lp152.2.4.1 tomcat-javadoc-9.0.36-lp152.2.4.1 tomcat-webapps-9.0.36-lp152.2.4.1 tomcat-jsvc-9.0.36-lp152.2.4.1 tomcat-embed-9.0.36-lp152.2.4.1 tomcat-admin-webapps-9.0.36-lp152.2.4.1 tomcat-lib-9.0.36-lp152.2.4.1 tomcat-docs-webapp-9.0.36-lp152.2.4.1 tomcat-jsp-2_3-api-9.0.36-lp152.2.4.1 tomcat-9.0.36-lp152.2.4.1 tomcat-el-3_0-api-9.0.36-lp152.2.4.1

149234 - SuSE Linux 15.2 openSUSE-SU-2020:1128-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15503

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1128-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00006.html

SuSE Linux 15.2 x86_64 libraw-tools-0.18.9-lp152.5.3.1 libraw-debugsource-0.18.9-lp152.5.3.1 libraw16-debuginfo-0.18.9-lp152.5.3.1 libraw-tools-debuginfo-0.18.9-lp152.5.3.1 libraw16-0.18.9-lp152.5.3.1 libraw-debuginfo-0.18.9-lp152.5.3.1 libraw-devel-static-0.18.9-lp152.5.3.1 libraw-devel-0.18.9-lp152.5.3.1 i586 libraw-tools-0.18.9-lp152.5.3.1 libraw-debugsource-0.18.9-lp152.5.3.1 libraw16-debuginfo-0.18.9-lp152.5.3.1 libraw-tools-debuginfo-0.18.9-lp152.5.3.1 libraw16-0.18.9-lp152.5.3.1 libraw-debuginfo-0.18.9-lp152.5.3.1 libraw-devel-static-0.18.9-lp152.5.3.1 libraw-devel-0.18.9-lp152.5.3.1

149235 - SuSE SLES 12 SP5 SUSE-SU-2020:2078-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15706, CVE-2020-15707

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2078-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-July/007198.html

SuSE SLES 12 SP5 noarch grub2-x86_64-xen-2.02-12.31.1 grub2-snapper-plugin-2.02-12.31.1 grub2-systemd-sleep-plugin-2.02-12.31.1 x86_64 grub2-2.02-12.31.1 grub2-i386-pc-2.02-12.31.1 grub2-debugsource-2.02-12.31.1 grub2-x86_64-efi-2.02-12.31.1 grub2-debuginfo-2.02-12.31.1

149236 - SuSE Linux 15.1 openSUSE-SU-2020:1116-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15917

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1116-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-07/msg00195.html

SuSE Linux 15.1 x86_64 claws-mail-debuginfo-3.17.3-lp151.2.3.1 claws-mail-debugsource-3.17.3-lp151.2.3.1 claws-mail-3.17.3-lp151.2.3.1 claws-mail-devel-3.17.3-lp151.2.3.1 noarch claws-mail-lang-3.17.3-lp151.2.3.1

149237 - SuSE SLES 12 SP5 SUSE-SU-2020:2117-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-14344

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2117-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-August/007222.html

SuSE SLES 12 SP5 noarch libX11-data-1.6.2-12.8.1 x86_64 libxcb-xf86dri0-debuginfo-1.10-4.5.1 libxcb-randr0-debuginfo-1.10-4.5.1 libX11-xcb1-32bit-1.6.2-12.8.1 libxcb-xfixes0-32bit-1.10-4.5.1 libxcb-present0-debuginfo-1.10-4.5.1 libX11-6-debuginfo-1.6.2-12.8.1 libxcb-glx0-1.10-4.5.1 libxcb-render0-debuginfo-32bit-1.10-4.5.1 libxcb-dri3-0-debuginfo-1.10-4.5.1 libxcb-dri3-0-1.10-4.5.1 libxcb-sync1-32bit-1.10-4.5.1 libxcb-shm0-1.10-4.5.1 libxcb-randr0-1.10-4.5.1 libX11-xcb1-1.6.2-12.8.1 libxcb-xfixes0-debuginfo-1.10-4.5.1 libxcb-sync1-1.10-4.5.1 libX11-xcb1-debuginfo-32bit-1.6.2-12.8.1 libxcb-render0-32bit-1.10-4.5.1 libX11-6-debuginfo-32bit-1.6.2-12.8.1 libxcb-present0-debuginfo-32bit-1.10-4.5.1 libxcb-xv0-1.10-4.5.1 libxcb-sync1-debuginfo-1.10-4.5.1 libxcb-shm0-32bit-1.10-4.5.1 libxcb-dri2-0-debuginfo-32bit-1.10-4.5.1 libxcb-dri2-0-32bit-1.10-4.5.1 libxcb-xfixes0-1.10-4.5.1 libX11-6-1.6.2-12.8.1 libxcb-glx0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-32bit-1.10-4.5.1 libxcb-xinerama0-1.10-4.5.1 libX11-xcb1-debuginfo-1.6.2-12.8.1 libxcb-debugsource-1.10-4.5.1 libxcb-render0-1.10-4.5.1 libxcb-shape0-debuginfo-1.10-4.5.1 libX11-debugsource-1.6.2-12.8.1 libxcb-dri2-0-debuginfo-1.10-4.5.1 libxcb-glx0-32bit-1.10-4.5.1 libxcb-xkb1-1.10-4.5.1 libxcb-xkb1-32bit-1.10-4.5.1 libxcb-shape0-1.10-4.5.1 libxcb-dri3-0-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-32bit-1.10-4.5.1 libxcb1-debuginfo-32bit-1.10-4.5.1 libxcb-xkb1-debuginfo-1.10-4.5.1 libxcb-glx0-debuginfo-32bit-1.10-4.5.1 libxcb-present0-1.10-4.5.1 libxcb-xinerama0-debuginfo-1.10-4.5.1 libxcb-xf86dri0-1.10-4.5.1 libxcb-present0-32bit-1.10-4.5.1 libxcb1-32bit-1.10-4.5.1 libxcb-render0-debuginfo-1.10-4.5.1 libxcb-shm0-debuginfo-1.10-4.5.1 libxcb1-debuginfo-1.10-4.5.1 libxcb-xv0-debuginfo-1.10-4.5.1 libxcb-dri3-0-debuginfo-32bit-1.10-4.5.1 libxcb1-1.10-4.5.1 libxcb-dri2-0-1.10-4.5.1 libxcb-xfixes0-debuginfo-32bit-1.10-4.5.1 libX11-6-32bit-1.6.2-12.8.1 libxcb-sync1-debuginfo-32bit-1.10-4.5.1

149238 - SuSE Linux 15.1 openSUSE-SU-2020:1141-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13867

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1141-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00019.html

SuSE Linux 15.1 noarch python2-targetcli-fb-2.1.49-lp151.2.10.1 python3-targetcli-fb-2.1.49-lp151.2.10.1 targetcli-fb-common-2.1.49-lp151.2.10.1 149239 - SuSE Linux 15.1 openSUSE-SU-2020:1142-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15900

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1142-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00021.html

SuSE Linux 15.1 x86_64 ghostscript-x11-debuginfo-9.52-lp151.3.15.1 ghostscript-debugsource-9.52-lp151.3.15.1 ghostscript-debuginfo-9.52-lp151.3.15.1 ghostscript-mini-debugsource-9.52-lp151.3.15.1 ghostscript-devel-9.52-lp151.3.15.1 ghostscript-9.52-lp151.3.15.1 ghostscript-mini-devel-9.52-lp151.3.15.1 ghostscript-mini-9.52-lp151.3.15.1 ghostscript-mini-debuginfo-9.52-lp151.3.15.1 ghostscript-x11-9.52-lp151.3.15.1 i586 ghostscript-x11-debuginfo-9.52-lp151.3.15.1 ghostscript-debugsource-9.52-lp151.3.15.1 ghostscript-debuginfo-9.52-lp151.3.15.1 ghostscript-mini-debugsource-9.52-lp151.3.15.1 ghostscript-devel-9.52-lp151.3.15.1 ghostscript-9.52-lp151.3.15.1 ghostscript-mini-devel-9.52-lp151.3.15.1 ghostscript-mini-9.52-lp151.3.15.1 ghostscript-mini-debuginfo-9.52-lp151.3.15.1 ghostscript-x11-9.52-lp151.3.15.1

149240 - SuSE Linux 15.2 openSUSE-SU-2020:1139-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15917

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1139-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00017.html

SuSE Linux 15.2 x86_64 claws-mail-devel-3.17.6-lp152.3.3.1 claws-mail-3.17.6-lp152.3.3.1 claws-mail-debuginfo-3.17.6-lp152.3.3.1 claws-mail-debugsource-3.17.6-lp152.3.3.1 noarch claws-mail-lang-3.17.6-lp152.3.3.1

149241 - SuSE Linux 15.1 openSUSE-SU-2020:1147-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15655, CVE-2020-15656, CVE-2020-15657, CVE-2020-15658, CVE-2020-15659, CVE-2020- 6463, CVE-2020-6514

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1147-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00026.html

SuSE Linux 15.1 x86_64 MozillaFirefox-buildsymbols-78.1.0-lp151.2.61.1 MozillaFirefox-translations-other-78.1.0-lp151.2.61.1 MozillaFirefox-debuginfo-78.1.0-lp151.2.61.1 MozillaFirefox-branding-upstream-78.1.0-lp151.2.61.1 MozillaFirefox-translations-common-78.1.0-lp151.2.61.1 MozillaFirefox-78.1.0-lp151.2.61.1 MozillaFirefox-devel-78.1.0-lp151.2.61.1 MozillaFirefox-debugsource-78.1.0-lp151.2.61.1

149242 - SuSE SLES 12 SP5 SUSE-SU-2020:2100-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15652, CVE-2020-15653, CVE-2020-15654, CVE-2020-15655, CVE-2020-15656, CVE-2020-15657, CVE-2020-15658, CVE-2020-15659, CVE-2020- 6463, CVE-2020-6514

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2100-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-July/007206.html

SuSE SLES 12 SP5 x86_64 MozillaFirefox-debugsource-78.1.0-112.8.1 MozillaFirefox-78.1.0-112.8.1 MozillaFirefox-devel-78.1.0-112.8.1 MozillaFirefox-debuginfo-78.1.0-112.8.1 MozillaFirefox-translations-common-78.1.0-112.8.1

149243 - SuSE Linux 15.2 openSUSE-SU-2020:1146-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15900

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1146-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00024.html

SuSE Linux 15.2 x86_64 ghostscript-debugsource-9.52-lp152.2.4.1 ghostscript-mini-9.52-lp152.2.4.1 ghostscript-mini-debuginfo-9.52-lp152.2.4.1 ghostscript-x11-debuginfo-9.52-lp152.2.4.1 ghostscript-mini-debugsource-9.52-lp152.2.4.1 ghostscript-9.52-lp152.2.4.1 ghostscript-x11-9.52-lp152.2.4.1 ghostscript-devel-9.52-lp152.2.4.1 ghostscript-debuginfo-9.52-lp152.2.4.1 ghostscript-mini-devel-9.52-lp152.2.4.1 i586 ghostscript-debugsource-9.52-lp152.2.4.1 ghostscript-mini-9.52-lp152.2.4.1 ghostscript-mini-debuginfo-9.52-lp152.2.4.1 ghostscript-x11-debuginfo-9.52-lp152.2.4.1 ghostscript-mini-debugsource-9.52-lp152.2.4.1 ghostscript-9.52-lp152.2.4.1 ghostscript-x11-9.52-lp152.2.4.1 ghostscript-devel-9.52-lp152.2.4.1 ghostscript-debuginfo-9.52-lp152.2.4.1 ghostscript-mini-devel-9.52-lp152.2.4.1

149244 - SuSE SLES 12 SP5, SLED 12 SP5 SUSE-SU-2020:2122-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-16746, CVE-2019-20908, CVE-2020-0305, CVE-2020-10135, CVE-2020-10769, CVE-2020-10773, CVE-2020-10781, CVE-2020-12771, CVE-2020- 12888, CVE-2020-14331, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2122-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-August/007225.html

SuSE SLED 12 SP5 x86_64 kernel-default-debugsource-4.12.14-122.29.1 kernel-default-extra-debuginfo-4.12.14-122.29.1 kernel-default-extra-4.12.14-122.29.1 kernel-default-debuginfo-4.12.14-122.29.1

SuSE SLES 12 SP5 noarch kernel-source-4.12.14-122.29.1 kernel-devel-4.12.14-122.29.1 kernel-macros-4.12.14-122.29.1 x86_64 kernel-default-base-debuginfo-4.12.14-122.29.1 kernel-default-devel-4.12.14-122.29.1 kernel-default-base-4.12.14-122.29.1 kernel-default-devel-debuginfo-4.12.14-122.29.1 kernel-syms-4.12.14-122.29.1 kernel-default-debugsource-4.12.14-122.29.1 kernel-default-4.12.14-122.29.1 kernel-default-debuginfo-4.12.14-122.29.1

149245 - SuSE Linux 15.1 openSUSE-SU-2020:1121-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-10730

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1121-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00001.html

SuSE Linux 15.1 x86_64 python3-ldb-devel-1.4.6-lp151.2.3.1 ldb-debugsource-1.4.6-lp151.2.3.1 python-ldb-devel-1.4.6-lp151.2.3.1 python3-ldb-32bit-debuginfo-1.4.6-lp151.2.3.1 python3-ldb-debuginfo-1.4.6-lp151.2.3.1 libldb-devel-1.4.6-lp151.2.3.1 libldb1-1.4.6-lp151.2.3.1 libldb1-debuginfo-1.4.6-lp151.2.3.1 python-ldb-1.4.6-lp151.2.3.1 python-ldb-debuginfo-1.4.6-lp151.2.3.1 python3-ldb-1.4.6-lp151.2.3.1 libldb1-32bit-1.4.6-lp151.2.3.1 python-ldb-32bit-debuginfo-1.4.6-lp151.2.3.1 ldb-tools-1.4.6-lp151.2.3.1 python3-ldb-32bit-1.4.6-lp151.2.3.1 libldb1-32bit-debuginfo-1.4.6-lp151.2.3.1 ldb-tools-debuginfo-1.4.6-lp151.2.3.1 python-ldb-32bit-1.4.6-lp151.2.3.1 i586 python-ldb-debuginfo-1.4.6-lp151.2.3.1 ldb-tools-debuginfo-1.4.6-lp151.2.3.1 libldb-devel-1.4.6-lp151.2.3.1 libldb1-1.4.6-lp151.2.3.1 ldb-debugsource-1.4.6-lp151.2.3.1 python-ldb-1.4.6-lp151.2.3.1 ldb-tools-1.4.6-lp151.2.3.1 python-ldb-devel-1.4.6-lp151.2.3.1 python3-ldb-devel-1.4.6-lp151.2.3.1 python3-ldb-1.4.6-lp151.2.3.1 python3-ldb-debuginfo-1.4.6-lp151.2.3.1 libldb1-debuginfo-1.4.6-lp151.2.3.1

149246 - SuSE SLED 15 SP2 SUSE-SU-2020:2105-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-19462, CVE-2019-20810, CVE-2019-20812, CVE-2020-0305, CVE-2020-10135, CVE-2020-10711, CVE-2020-10732, CVE-2020-10751, CVE-2020- 10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10773, CVE-2020-10781, CVE-2020-12656, CVE-2020-12769, CVE-2020-12771, CVE-2020-12888, CVE-2020- 13143, CVE-2020-13974, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2105-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-August/007215.html http://lists.suse.com/pipermail/sle-security-updates/2020-August/007213.html

SuSE SLED 15 SP2 x86_64 kernel-default-debugsource-5.3.18-24.9.1 kernel-default-debuginfo-5.3.18-24.9.1 kernel-default-extra-5.3.18-24.9.1 kernel-default-extra-debuginfo-5.3.18-24.9.1

149247 - SuSE SLED 15 SP2 SUSE-SU-2020:2068-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-11017, CVE-2020-11018, CVE-2020-11019, CVE-2020-11038, CVE-2020-11039, CVE-2020-11040, CVE-2020-11041, CVE-2020-11043, CVE-2020- 11085, CVE-2020-11086, CVE-2020-11087, CVE-2020-11088, CVE-2020-11089, CVE-2020-11095, CVE-2020-11096, CVE-2020-11097, CVE-2020-11098, CVE-2020- 11099, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523, CVE-2020-11524, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396, CVE-2020-13397, CVE-2020- 13398, CVE-2020-4030, CVE-2020-4031, CVE-2020-4032, CVE-2020-4033

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2068-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-July/007190.html

SuSE SLED 15 SP2 x86_64 freerdp-devel-2.1.2-15.7.1 freerdp-debuginfo-2.1.2-15.7.1 libwinpr2-2.1.2-15.7.1 libfreerdp2-debuginfo-2.1.2-15.7.1 winpr2-devel-2.1.2-15.7.1 libwinpr2-debuginfo-2.1.2-15.7.1 libfreerdp2-2.1.2-15.7.1 freerdp-debugsource-2.1.2-15.7.1 freerdp-2.1.2-15.7.1

149248 - SuSE SLES 12 SP5 SUSE-SU-2020:2097-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-15900

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2097-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-July/007204.html

SuSE SLES 12 SP5 x86_64 ghostscript-debugsource-9.52-23.39.1 ghostscript-9.52-23.39.1 ghostscript-x11-debuginfo-9.52-23.39.1 ghostscript-x11-9.52-23.39.1 ghostscript-debuginfo-9.52-23.39.1

149249 - SuSE Linux 15.2 openSUSE-SU-2020:1144-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13867

Description The scan detected that the host is missing the following update: openSUSE-SU-2020:1144-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2020-08/msg00022.html

SuSE Linux 15.2 noarch python3-targetcli-fb-2.1.52-lp152.2.3.1 python2-targetcli-fb-2.1.52-lp152.2.3.1 targetcli-fb-common-2.1.52-lp152.2.3.1

149250 - SuSE SLED 15 SP1 SUSE-SU-2020:2107-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-16746, CVE-2019-20810, CVE-2019-20908, CVE-2020-0305, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-10769, CVE-2020- 10773, CVE-2020-10781, CVE-2020-12771, CVE-2020-12888, CVE-2020-13974, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2107-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-August/007216.html http://lists.suse.com/pipermail/sle-security-updates/2020-August/007212.html

SuSE SLED 15 SP1 x86_64 kernel-default-extra-4.12.14-197.48.1 kernel-default-debuginfo-4.12.14-197.48.1 kernel-default-debugsource-4.12.14-197.48.1 kernel-default-extra-debuginfo-4.12.14-197.48.1

149251 - SuSE SLES 12 SP5 SUSE-SU-2020:2119-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2019-16746, CVE-2019-20908, CVE-2020-0305, CVE-2020-10135, CVE-2020-10769, CVE-2020-10773, CVE-2020-10781, CVE-2020-12771, CVE-2020- 12888, CVE-2020-14331, CVE-2020-14416, CVE-2020-15393, CVE-2020-15780

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2119-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-August/007218.html

SuSE SLES 12 SP5 x86_64 kernel-azure-base-4.12.14-16.22.1 kernel-syms-azure-4.12.14-16.22.1 kernel-azure-base-debuginfo-4.12.14-16.22.1 kernel-azure-devel-4.12.14-16.22.1 kernel-azure-debugsource-4.12.14-16.22.1 kernel-azure-4.12.14-16.22.1 kernel-azure-debuginfo-4.12.14-16.22.1 noarch kernel-devel-azure-4.12.14-16.22.1 kernel-source-azure-4.12.14-16.22.1

149252 - SuSE SLES 12 SP5 SUSE-SU-2020:2069-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2020-13753, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850

Description The scan detected that the host is missing the following update: SUSE-SU-2020:2069-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2020-July/007191.html

SuSE SLES 12 SP5 noarch libwebkit2gtk3-lang-2.28.3-2.56.1 x86_64 webkit2gtk3-debugsource-2.28.3-2.56.1 typelib-1_0-WebKit2-4_0-2.28.3-2.56.1 typelib-1_0-JavaScriptCore-4_0-2.28.3-2.56.1 libwebkit2gtk-4_0-37-debuginfo-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-debuginfo-2.28.3-2.56.1 typelib-1_0-WebKit2WebExtension-4_0-2.28.3-2.56.1 libwebkit2gtk-4_0-37-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.28.3-2.56.1 webkit2gtk-4_0-injected-bundles-2.28.3-2.56.1 libjavascriptcoregtk-4_0-18-2.28.3-2.56.1

160761 - CentOS 7 CESA-2020-3220 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2019-19527, CVE-2020-10757, CVE-2020-12653, CVE-2020-12654

Description The scan detected that the host is missing the following update: CESA-2020-3220

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-July/035780.html

CentOS 7 x86_64 kernel-debug-devel-3.10.0-1127.18.2.el7 python-perf-3.10.0-1127.18.2.el7 kernel-headers-3.10.0-1127.18.2.el7 kernel-debug-3.10.0-1127.18.2.el7 kernel-tools-libs-3.10.0-1127.18.2.el7 kernel-tools-3.10.0-1127.18.2.el7 perf-3.10.0-1127.18.2.el7 bpftool-3.10.0-1127.18.2.el7 kernel-3.10.0-1127.18.2.el7 kernel-tools-libs-devel-3.10.0-1127.18.2.el7 kernel-devel-3.10.0-1127.18.2.el7 noarch kernel-doc-3.10.0-1127.18.2.el7 kernel-abi-whitelists-3.10.0-1127.18.2.el7

160762 - CentOS 7 CESA-2018-3140 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2015-9381, CVE-2015-9382, CVE-2017-18267, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-12910, CVE-2018-13988

Description The scan detected that the host is missing the following update: CESA-2018-3140

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-July/035782.html

CentOS 7 x86_64 fwupdate-libs-12-6.el7.centos fwupdate-12-6.el7.centos fwupdate-devel-12-6.el7.centos fwupdate-efi-12-6.el7.centos

164297 - Oracle Enterprise Linux ELSA-2020-5782 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707

Description The scan detected that the host is missing the following update: ELSA-2020-5782

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010163.html

OEL7 x86_64 grub2-efi-x64-modules-2.02-0.81.0.3.el7 grub2-tools-2.02-0.81.0.3.el7 grub2-efi-x64-2.02-0.81.0.3.el7 grub2-2.02-0.81.0.3.el7 grub2-efi-x64-cdboot-2.02-0.81.0.3.el7 grub2-pc-modules-2.02-0.81.0.3.el7 grub2-common-2.02-0.81.0.3.el7 grub2-pc-2.02-0.81.0.3.el7 grub2-efi-ia32-modules-2.02-0.81.0.3.el7 grub2-tools-extra-2.02-0.81.0.3.el7 grub2-efi-ia32-cdboot-2.02-0.81.0.3.el7 grub2-tools-minimal-2.02-0.81.0.3.el7 grub2-efi-ia32-2.02-0.81.0.3.el7

164298 - Oracle Enterprise Linux ELSA-2020-3284 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-13692

Description The scan detected that the host is missing the following update: ELSA-2020-3284

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-August/010194.html

OEL6 x86_64 postgresql-jdbc-8.4.704-4.el6_10 i386 postgresql-jdbc-8.4.704-4.el6_10

164301 - Oracle Enterprise Linux ELSA-2020-5791 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2019-20908

Description The scan detected that the host is missing the following update: ELSA-2020-5791

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010165.html

OEL7 x86_64 kernel-uek-devel-4.14.35-1902.304.6.3.el7uek kernel-uek-debug-4.14.35-1902.304.6.3.el7uek kernel-uek-debug-devel-4.14.35-1902.304.6.3.el7uek kernel-uek-tools-4.14.35-1902.304.6.3.el7uek kernel-uek-doc-4.14.35-1902.304.6.3.el7uek kernel-uek-4.14.35-1902.304.6.3.el7uek

164302 - Oracle Enterprise Linux ELSA-2020-3241 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514

Description The scan detected that the host is missing the following update: ELSA-2020-3241

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010186.html

OEL8 x86_64 firefox-68.11.0-1.0.1.el8_2

164303 - Oracle Enterprise Linux ELSA-2020-3281 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-18922

Description The scan detected that the host is missing the following update: ELSA-2020-3281 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-August/010193.html

OEL7 x86_64 libvncserver-0.9.9-14.el7_8.1 libvncserver-devel-0.9.9-14.el7_8.1

164304 - Oracle Enterprise Linux ELSA-2020-3185 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-11538, CVE-2020-5313

Description The scan detected that the host is missing the following update: ELSA-2020-3185

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010173.html

OEL8 x86_64 python3-pillow-5.1.1-12.el8_2

164305 - Oracle Enterprise Linux ELSA-2020-5786 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707

Description The scan detected that the host is missing the following update: ELSA-2020-5786

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010174.html

OEL8 x86_64 grub2-tools-minimal-2.02-82.0.2.el8_2.1 grub2-efi-x64-2.02-82.0.2.el8_2.1 grub2-efi-x64-modules-2.02-82.0.2.el8_2.1 grub2-pc-2.02-82.0.2.el8_2.1 grub2-efi-ia32-cdboot-2.02-82.0.2.el8_2.1 grub2-common-2.02-82.0.2.el8_2.1 grub2-tools-extra-2.02-82.0.2.el8_2.1 grub2-efi-ia32-modules-2.02-82.0.2.el8_2.1 grub2-pc-modules-2.02-82.0.2.el8_2.1 grub2-efi-ia32-2.02-82.0.2.el8_2.1 grub2-tools-2.02-82.0.2.el8_2.1 grub2-efi-x64-cdboot-2.02-82.0.2.el8_2.1 grub2-efi-aa64-modules-2.02-82.0.2.el8_2.1 grub2-tools-efi-2.02-82.0.2.el8_2.1

164306 - Oracle Enterprise Linux ELSA-2020-3233 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514

Description The scan detected that the host is missing the following update: ELSA-2020-3233

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010191.html

OEL6 x86_64 firefox-68.11.0-1.0.1.el6_10 i386 firefox-68.11.0-1.0.1.el6_10

164307 - Oracle Enterprise Linux ELSA-2020-3253 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514

Description The scan detected that the host is missing the following update: ELSA-2020-3253

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010188.html

OEL7 x86_64 firefox-68.11.0-1.0.1.el7_8

164308 - Oracle Enterprise Linux ELSA-2020-5792 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-15780

Description The scan detected that the host is missing the following update: ELSA-2020-5792

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010167.html http://oss.oracle.com/pipermail/el-errata/2020-July/010171.html http://oss.oracle.com/pipermail/el-errata/2020-July/010175.html

OEL7 x86_64 kernel-uek-5.4.17-2011.4.6.el8uek kernel-uek-devel-5.4.17-2011.4.6.el8uek kernel-uek-debug-5.4.17-2011.4.6.el7uek kernel-uek-5.4.17-2011.4.6.el7uek kernel-uek-debug-5.4.17-2011.4.6.el8uek kernel-uek-tools-5.4.17-2011.4.6.el7uek kernel-uek-devel-5.4.17-2011.4.6.el7uek kernel-uek-debug-devel-5.4.17-2011.4.6.el7uek kernel-uek-debug-devel-5.4.17-2011.4.6.el8uek kernel-uek-doc-5.4.17-2011.4.6.el7uek kernel-uek-doc-5.4.17-2011.4.6.el8uek

164309 - Oracle Enterprise Linux ELSA-2020-3220 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2019-19527, CVE-2020-10713, CVE-2020-10757, CVE-2020-12653, CVE-2020-12654

Description The scan detected that the host is missing the following update: ELSA-2020-3220

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010184.html

OEL7 x86_64 kernel-tools-libs-3.10.0-1127.18.2.el7 bpftool-3.10.0-1127.18.2.el7 perf-3.10.0-1127.18.2.el7 kernel-tools-3.10.0-1127.18.2.el7 python-perf-3.10.0-1127.18.2.el7 kernel-doc-3.10.0-1127.18.2.el7 kernel-tools-libs-devel-3.10.0-1127.18.2.el7 kernel-debug-devel-3.10.0-1127.18.2.el7 kernel-devel-3.10.0-1127.18.2.el7 kernel-debug-3.10.0-1127.18.2.el7 kernel-abi-whitelists-3.10.0-1127.18.2.el7 kernel-3.10.0-1127.18.2.el7 kernel-headers-3.10.0-1127.18.2.el7 164310 - Oracle Enterprise Linux ELSA-2020-3176 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-13692

Description The scan detected that the host is missing the following update: ELSA-2020-3176

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010172.html

OEL8 x86_64 postgresql-jdbc-javadoc-42.2.3-3.el8_2 postgresql-jdbc-42.2.3-3.el8_2

164311 - Oracle Enterprise Linux ELSA-2020-3285 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-13692

Description The scan detected that the host is missing the following update: ELSA-2020-3285

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-August/010195.html

OEL7 x86_64 postgresql-jdbc-javadoc-9.2.1002-8.el7_8 postgresql-jdbc-9.2.1002-8.el7_8

171257 - Amazon Linux AMI ALAS-2020-1413 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-11008, CVE-2020-5260

Description The scan detected that the host is missing the following update: ALAS-2020-1413

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1413.html

Amazon Linux AMI i686 git-2.18.4-2.71.amzn1 git-debuginfo-2.18.4-2.71.amzn1 git-core-2.18.4-2.71.amzn1 git-svn-2.18.4-2.71.amzn1 git-instaweb-2.18.4-2.71.amzn1 git-daemon-2.18.4-2.71.amzn1 git-subtree-2.18.4-2.71.amzn1 noarch gitweb-2.18.4-2.71.amzn1 git-core-doc-2.18.4-2.71.amzn1 git-bzr-2.18.4-2.71.amzn1 emacs-git-el-2.18.4-2.71.amzn1 git-hg-2.18.4-2.71.amzn1 git-cvs-2.18.4-2.71.amzn1 perl-Git-SVN-2.18.4-2.71.amzn1 git-email-2.18.4-2.71.amzn1 git-p4-2.18.4-2.71.amzn1 git-all-2.18.4-2.71.amzn1 emacs-git-2.18.4-2.71.amzn1 perl-Git-2.18.4-2.71.amzn1 x86_64 git-2.18.4-2.71.amzn1 git-debuginfo-2.18.4-2.71.amzn1 git-core-2.18.4-2.71.amzn1 git-svn-2.18.4-2.71.amzn1 git-instaweb-2.18.4-2.71.amzn1 git-daemon-2.18.4-2.71.amzn1 git-subtree-2.18.4-2.71.amzn1

171258 - Amazon Linux AMI ALAS-2020-1408 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2019-9824, CVE-2020-7039, CVE-2020-8608

Description The scan detected that the host is missing the following update: ALAS-2020-1408

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1408.html

Amazon Linux AMI x86_64 qemu-kvm-1.5.3-156.19.amzn1 qemu-kvm-common-1.5.3-156.19.amzn1 qemu-kvm-tools-1.5.3-156.19.amzn1 qemu-kvm-debuginfo-1.5.3-156.19.amzn1 qemu-img-1.5.3-156.19.amzn1

171259 - Amazon Linux AMI ALAS-2020-1404 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-11080

Description The scan detected that the host is missing the following update: ALAS-2020-1404

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1404.html

Amazon Linux AMI x86_64 libnghttp2-1.33.0-1.1.6.amzn1 nghttp2-1.33.0-1.1.6.amzn1 nghttp2-debuginfo-1.33.0-1.1.6.amzn1 libnghttp2-devel-1.33.0-1.1.6.amzn1 i686 libnghttp2-1.33.0-1.1.6.amzn1 nghttp2-1.33.0-1.1.6.amzn1 nghttp2-debuginfo-1.33.0-1.1.6.amzn1 libnghttp2-devel-1.33.0-1.1.6.amzn1

171264 - Amazon Linux AMI ALAS-2020-1409 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2020-13934, CVE-2020-13935

Description The scan detected that the host is missing the following update: ALAS-2020-1409

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1409.html

Amazon Linux AMI noarch tomcat8-webapps-8.5.57-1.85.amzn1 tomcat8-jsp-2.3-api-8.5.57-1.85.amzn1 tomcat8-lib-8.5.57-1.85.amzn1 tomcat8-javadoc-8.5.57-1.85.amzn1 tomcat8-admin-webapps-8.5.57-1.85.amzn1 tomcat8-docs-webapp-8.5.57-1.85.amzn1 tomcat8-log4j-8.5.57-1.85.amzn1 tomcat8-el-3.0-api-8.5.57-1.85.amzn1 tomcat8-servlet-3.1-api-8.5.57-1.85.amzn1 tomcat8-8.5.57-1.85.amzn1 26852 - Joomla Inconsistent default textfilter settings Vulnerability (20200602)

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2020-13763

Description A vulnerability is present in some versions of Joomla! CMS.

Observation Joomla! CMS is an open-source content management system.

A vulnerability is present in some versions of Joomla! CMS. The flaw lies in the textfilter settings. Successful exploitation could allow access to user groups for unauthorized modifications to the target system.

26854 - Cisco NX-OS Software Unexpected IP In IP Packet Processing Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Medium CVE: CVE-2020-10136

Description A vulnerability is present in some versions of Cisco NX-OS Software.

Observation Cisco NX-OS Software is the used in Cisco Nexus devices.

A vulnerability is present in some versions of Cisco NX-OS Software. The flaw lies in network stack . Successful exploitation could allow an attacker to cause a denial of service condition on affected device.

26859 - Apache Tomcat Vulnerability Prior To 7.0.105

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2020-13935

Description A vulnerability is present in some versions of Apache Tomcat.

Observation Apache Tomcat is an open-source software implementation of the Java Servlet and JavaServer Pages technologies.

A vulnerability is present in some versions of Apache Tomcat. The flaw is due to invalid payload length in a WebSocket frame. Successful exploitation could allow an attacker to cause a denial of service condition.

160760 - CentOS 7 CESA-2020-3217 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707

Description The scan detected that the host is missing the following update: CESA-2020-3217

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2020-July/035781.html http://lists.centos.org/pipermail/centos-announce/2020-July/035784.html http://lists.centos.org/pipermail/centos-announce/2020-July/035783.html

CentOS 7 x86_64 grub2-efi-ia32-cdboot-2.02-0.86.el7.centos grub2-efi-x64-cdboot-2.02-0.86.el7.centos mokutil-15-7.el7_9 shim-x64-15-7.el7_9 grub2-tools-minimal-2.02-0.86.el7.centos grub2-tools-extra-2.02-0.86.el7.centos shim-unsigned-x64-15-7.el7_9 shim-ia32-15-7.el7_9 grub2-tools-2.02-0.86.el7.centos shim-unsigned-ia32-15-7.el7_9 grub2-efi-ia32-2.02-0.86.el7.centos grub2-2.02-0.86.el7.centos grub2-efi-x64-2.02-0.86.el7.centos grub2-pc-2.02-0.86.el7.centos noarch grub2-efi-x64-modules-2.02-0.86.el7.centos grub2-common-2.02-0.86.el7.centos grub2-pc-modules-2.02-0.86.el7.centos grub2-efi-ia32-modules-2.02-0.86.el7.centos grub2-i386-modules-2.02-0.86.el7.centos

164299 - Oracle Enterprise Linux ELSA-2020-3218 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2019-20908, CVE-2020-10713, CVE-2020-15780

Description The scan detected that the host is missing the following update: ELSA-2020-3218

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2020-July/010187.html

OEL8 x86_64 perf-4.18.0-193.14.3.el8_2 kernel-modules-4.18.0-193.14.3.el8_2 kernel-abi-whitelists-4.18.0-193.14.3.el8_2 kernel-modules-extra-4.18.0-193.14.3.el8_2 kernel-debug-devel-4.18.0-193.14.3.el8_2 kernel-tools-libs-devel-4.18.0-193.14.3.el8_2 kernel-headers-4.18.0-193.14.3.el8_2 kernel-tools-libs-4.18.0-193.14.3.el8_2 kernel-debug-modules-extra-4.18.0-193.14.3.el8_2 kernel-debug-modules-4.18.0-193.14.3.el8_2 kernel-devel-4.18.0-193.14.3.el8_2 kernel-cross-headers-4.18.0-193.14.3.el8_2 bpftool-4.18.0-193.14.3.el8_2 kernel-doc-4.18.0-193.14.3.el8_2 python3-perf-4.18.0-193.14.3.el8_2 kernel-debug-4.18.0-193.14.3.el8_2 kernel-tools-4.18.0-193.14.3.el8_2 kernel-4.18.0-193.14.3.el8_2 kernel-core-4.18.0-193.14.3.el8_2 kernel-debug-core-4.18.0-193.14.3.el8_2

171255 - Amazon Linux AMI ALAS-2020-1407 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-8492

Description The scan detected that the host is missing the following update: ALAS-2020-1407

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1407.html

Amazon Linux AMI x86_64 python35-debuginfo-3.5.7-1.26.amzn1 python27-devel-2.7.18-1.138.amzn1 python36-devel-3.6.11-1.17.amzn1 python36-test-3.6.11-1.17.amzn1 python35-libs-3.5.7-1.26.amzn1 python27-debuginfo-2.7.18-1.138.amzn1 python36-debug-3.6.11-1.17.amzn1 python34-tools-3.4.10-1.50.amzn1 python27-test-2.7.18-1.138.amzn1 python36-3.6.11-1.17.amzn1 python35-tools-3.5.7-1.26.amzn1 python27-2.7.18-1.138.amzn1 python36-libs-3.6.11-1.17.amzn1 python27-tools-2.7.18-1.138.amzn1 python34-debuginfo-3.4.10-1.50.amzn1 python34-devel-3.4.10-1.50.amzn1 python34-libs-3.4.10-1.50.amzn1 python36-tools-3.6.11-1.17.amzn1 python36-debuginfo-3.6.11-1.17.amzn1 python34-3.4.10-1.50.amzn1 python27-libs-2.7.18-1.138.amzn1 python35-devel-3.5.7-1.26.amzn1 python35-test-3.5.7-1.26.amzn1 python34-test-3.4.10-1.50.amzn1 python35-3.5.7-1.26.amzn1 i686 python35-libs-3.5.7-1.26.amzn1 python27-devel-2.7.18-1.138.amzn1 python35-debuginfo-3.5.7-1.26.amzn1 python27-debuginfo-2.7.18-1.138.amzn1 python36-test-3.6.11-1.17.amzn1 python36-devel-3.6.11-1.17.amzn1 python34-tools-3.4.10-1.50.amzn1 python27-test-2.7.18-1.138.amzn1 python36-3.6.11-1.17.amzn1 python35-tools-3.5.7-1.26.amzn1 python27-2.7.18-1.138.amzn1 python36-libs-3.6.11-1.17.amzn1 python27-tools-2.7.18-1.138.amzn1 python34-debuginfo-3.4.10-1.50.amzn1 python34-devel-3.4.10-1.50.amzn1 python34-libs-3.4.10-1.50.amzn1 python36-tools-3.6.11-1.17.amzn1 python36-debuginfo-3.6.11-1.17.amzn1 python34-3.4.10-1.50.amzn1 python27-libs-2.7.18-1.138.amzn1 python35-devel-3.5.7-1.26.amzn1 python36-debug-3.6.11-1.17.amzn1 python35-test-3.5.7-1.26.amzn1 python34-test-3.4.10-1.50.amzn1 python35-3.5.7-1.26.amzn1

171256 - Amazon Linux AMI ALAS-2020-1403 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-2760, CVE-2020-2763, CVE-2020-2765, CVE-2020-2780, CVE-2020-2804, CVE-2020-2812, CVE-2020-2814

Description The scan detected that the host is missing the following update: ALAS-2020-1403

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1403.html

Amazon Linux AMI x86_64 mysql57-embedded-devel-5.7.30-1.15.amzn1 mysql57-server-5.7.30-1.15.amzn1 mysql57-devel-5.7.30-1.15.amzn1 mysql57-common-5.7.30-1.15.amzn1 mysql57-test-5.7.30-1.15.amzn1 mysql57-5.7.30-1.15.amzn1 mysql57-embedded-5.7.30-1.15.amzn1 mysql57-libs-5.7.30-1.15.amzn1 mysql57-errmsg-5.7.30-1.15.amzn1 mysql57-debuginfo-5.7.30-1.15.amzn1 i686 mysql57-embedded-devel-5.7.30-1.15.amzn1 mysql57-server-5.7.30-1.15.amzn1 mysql57-devel-5.7.30-1.15.amzn1 mysql57-common-5.7.30-1.15.amzn1 mysql57-test-5.7.30-1.15.amzn1 mysql57-5.7.30-1.15.amzn1 mysql57-embedded-5.7.30-1.15.amzn1 mysql57-libs-5.7.30-1.15.amzn1 mysql57-errmsg-5.7.30-1.15.amzn1 mysql57-debuginfo-5.7.30-1.15.amzn1

171260 - Amazon Linux AMI ALAS-2020-1410 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-11810

Description The scan detected that the host is missing the following update: ALAS-2020-1410

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1410.html

Amazon Linux AMI x86_64 openvpn-2.4.9-1.23.amzn1 openvpn-debuginfo-2.4.9-1.23.amzn1 openvpn-devel-2.4.9-1.23.amzn1 i686 openvpn-2.4.9-1.23.amzn1 openvpn-debuginfo-2.4.9-1.23.amzn1 openvpn-devel-2.4.9-1.23.amzn1

171261 - Amazon Linux AMI ALAS-2020-1406 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-8492

Description The scan detected that the host is missing the following update: ALAS-2020-1406

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1406.html

Amazon Linux AMI x86_64 python26-test-2.6.9-2.90.amzn1 python26-tools-2.6.9-2.90.amzn1 python26-devel-2.6.9-2.90.amzn1 python26-2.6.9-2.90.amzn1 python26-libs-2.6.9-2.90.amzn1 python26-debuginfo-2.6.9-2.90.amzn1 i686 python26-tools-2.6.9-2.90.amzn1 python26-libs-2.6.9-2.90.amzn1 python26-test-2.6.9-2.90.amzn1 python26-devel-2.6.9-2.90.amzn1 python26-2.6.9-2.90.amzn1 python26-debuginfo-2.6.9-2.90.amzn1

171262 - Amazon Linux AMI ALAS-2020-1402 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-2763, CVE-2020-2780, CVE-2020-2804, CVE-2020-2812, CVE-2020-2814

Description The scan detected that the host is missing the following update: ALAS-2020-1402

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1402.html

Amazon Linux AMI x86_64 mysql56-common-5.6.49-1.37.amzn1 mysql56-devel-5.6.49-1.37.amzn1 mysql56-test-5.6.49-1.37.amzn1 mysql56-libs-5.6.49-1.37.amzn1 mysql56-server-5.6.49-1.37.amzn1 mysql56-embedded-devel-5.6.49-1.37.amzn1 mysql56-5.6.49-1.37.amzn1 mysql56-bench-5.6.49-1.37.amzn1 mysql56-embedded-5.6.49-1.37.amzn1 mysql56-debuginfo-5.6.49-1.37.amzn1 mysql56-errmsg-5.6.49-1.37.amzn1 i686 mysql56-common-5.6.49-1.37.amzn1 mysql56-devel-5.6.49-1.37.amzn1 mysql56-test-5.6.49-1.37.amzn1 mysql56-libs-5.6.49-1.37.amzn1 mysql56-server-5.6.49-1.37.amzn1 mysql56-embedded-devel-5.6.49-1.37.amzn1 mysql56-5.6.49-1.37.amzn1 mysql56-bench-5.6.49-1.37.amzn1 mysql56-embedded-5.6.49-1.37.amzn1 mysql56-debuginfo-5.6.49-1.37.amzn1 mysql56-errmsg-5.6.49-1.37.amzn1

171265 - Amazon Linux AMI ALAS-2020-1411 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2020-8177

Description The scan detected that the host is missing the following update: ALAS-2020-1411 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1411.html

Amazon Linux AMI x86_64 libcurl-7.61.1-12.94.amzn1 curl-7.61.1-12.94.amzn1 libcurl-devel-7.61.1-12.94.amzn1 curl-debuginfo-7.61.1-12.94.amzn1 i686 curl-debuginfo-7.61.1-12.94.amzn1 curl-7.61.1-12.94.amzn1 libcurl-devel-7.61.1-12.94.amzn1 libcurl-7.61.1-12.94.amzn1

178941 - GLSA-202007-59 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-59

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-59

Affected packages: www-client/chromium < 84.0.4147.105 www-client/google-chrome < 84.0.4147.105

178942 - Gentoo Linux GLSA-202007-53 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-53

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-53

Affected packages: net-misc/dropbear < 2020.80

178943 - Gentoo Linux GLSA-202007-63 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-63

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-63

Affected packages: net-analyzer/snmptt < 1.4.1

178944 - Gentoo Linux GLSA-202007-54 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-54

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-54

Affected packages: net-misc/rsync < 3.2.0

178945 - Gentoo Linux GLSA-202007-64 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-64

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-64

Affected packages: mail-client/thunderbird < 68.11.0 mail-client/thunderbird-bin < 68.11.0

178946 - Gentoo Linux GLSA-202007-61 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-61

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-61

Affected packages: net-libs/webkit-gtk < 2.28.4

178947 - Gentoo Linux GLSA-202007-60 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-60

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-60

Affected packages: www-client/firefox < 68.11.0 www-client/firefox-bin < 68.11.0

178948 - Gentoo Linux GLSA-202007-55 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-55

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-55

Affected packages: net-libs/libetpan < 1.9.4-r1

178949 - Gentoo Linux GLSA-202007-52 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-52

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-52

Affected packages: dev-lang/mujs < 1.0.6

178950 - Gentoo Linux GLSA-202007-62 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-62

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-62

Affected packages: dev-python/pycrypto <= 2.6.1-r2

178951 - Gentoo Linux GLSA-202007-65 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-65

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-65

Affected packages: media-libs/libsndfile < 1.0.29_pre2

178952 - Gentoo Linux GLSA-202007-58 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-58

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-58

Affected packages: media-video/ffmpeg < 4.2.4

178953 - Gentoo Linux GLSA-202007-56 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-56

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-56

Affected packages: mail-client/claws-mail < 3.17.6

178954 - Gentoo Linux GLSA-202007-57 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-202007-57

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/202007-57

Affected packages: mail-client/mutt < 1.14.4 mail-client/neomutt < 20200619

26853 - Oracle Java SE Critical Patch Update July 2020

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14581, CVE-2020-14583, CVE-2020- 14593, CVE-2020-14621, CVE-2020-14664

Description Multiple vulnerabilities are present in some versions of Oracle Java SE.

Observation Oracle Java SE is used to run Java applications.

Multiple vulnerabilities are present in some versions of Oracle Java SE. The flaws lie in multiple components. Successful exploitation could allow an attacker to affect integrity, availability, and confidentiality of the target system.

26855 - Joomla XSS in modules heading tag option Vulnerability (20200601)

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2020-13761

Description A vulnerability is present in some versions of Joomla! CMS.

Observation Joomla! CMS is an open-source content management system.

A vulnerability is present in some versions of Joomla! CMS. The flaw is due to the lack of input validation in the heading tag option of the "Articles -Newsflash" and "Articles - Categories" modules. Successful exploitation could allow an attacker to conduct cross-site scripting attacks on the target.

26863 - Joomla CSRF In Com_installer Ajax_install Endpoint Vulnerability (20200701)

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description A vulnerability is present in some versions of Joomla!.

Observation Joomla! is a content management system.

A vulnerability is present in some versions of Joomla!. The flaw lies in ajax_install endpoint com_installer. Successful exploitation could allow an attacker to conduct cross- site request forgery attacks.

26864 - (APSB20-43) Vulnerability In Adobe ColdFusion

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2020-9672, CVE-2020-9673

Description Multiple vulnerabilities are present in some versions of Adobe ColdFusion.

Observation Adobe ColdFusion is a web application development platform.

Multiple vulnerabilities are present in some versions of Adobe ColdFusion. The flaws lies in different components. Successful exploitation could allow a local attacker to gain administrator privileges.

131638 - Linux 10.0 DSA-4739-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925

Description The scan detected that the host is missing the following update: DSA-4739-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4739

Debian 10.0 all gir1.2-javascriptcoregtk-4.0_2.28.4-1~deb10u1 gir1.2-webkit2-4.0_2.28.4-1~deb10u1 libjavascriptcoregtk-4.0-dev_2.28.4-1~deb10u1 webkit2gtk-driver_2.28.4-1~deb10u1 libwebkit2gtk-4.0-dev_2.28.4-1~deb10u1 libjavascriptcoregtk-4.0-18_2.28.4-1~deb10u1 libwebkit2gtk-4.0-37_2.28.4-1~deb10u1 libwebkit2gtk-4.0-doc_2.28.4-1~deb10u1 libjavascriptcoregtk-4.0-bin_2.28.4-1~deb10u1 libwebkit2gtk-4.0-37-gtk2_2.28.4-1~deb10u1

131639 - Debian Linux 10.0 DSA-4737-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-4044

Description The scan detected that the host is missing the following update: DSA-4737-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4737

Debian 10.0 all xrdp_0.9.9-1+deb10u1

131640 - Debian Linux 10.0 DSA-4740-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514

Description The scan detected that the host is missing the following update: DSA-4740-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4740

Debian 10.0 all thunderbird_1:68.11.0-1~deb10u1

131641 - Debian Linux 10.0 DSA-4736-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514

Description The scan detected that the host is missing the following update: DSA-4736-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4736

Debian 10.0 all firefox-esr_68.11.0esr-1~deb10u1

131642 - Debian Linux 10.0 DSA-4735-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15706, CVE-2020-15707

Description The scan detected that the host is missing the following update: DSA-4735-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4735

Debian 10.0 all grub2_2.02+dfsg1-20+deb10u1

131643 - Debian Linux 10.0 DSA-4738-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2020-16116

Description The scan detected that the host is missing the following update: DSA-4738-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2020/dsa-4738

Debian 10.0 all ark_4:18.08.3-1+deb10u1

171263 - Amazon Linux AMI ALAS-2020-1412 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Low CVE: CVE-2016-10245

Description The scan detected that the host is missing the following update: ALAS-2020-1412

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2020-1412.html

Amazon Linux AMI x86_64 doxygen-latex-1.8.5-4.14.amzn1 doxygen-1.8.5-4.14.amzn1 doxygen-debuginfo-1.8.5-4.14.amzn1 i686 doxygen-latex-1.8.5-4.14.amzn1 doxygen-1.8.5-4.14.amzn1 doxygen-debuginfo-1.8.5-4.14.amzn1

183364 - FreeBSD libsndfile Out-of-bounds Read Memory Access (086c96cd-d0cb-11ea-b922-5404a68ad561)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: libsndfile -- out-of-bounds read memory access (086c96cd-d0cb-11ea-b922-5404a68ad561)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/086c96cd-d0cb-11ea-b922-5404a68ad561.html

Affected packages: libsndfile < 1.0.29.p.20200620

183365 - FreeBSD ark Directory Traversal (d1ef1138-d273-11ea-a757-e0d55e2a8bf9)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-16116

Description The scan detected that the host is missing the following update: ark -- directory traversal (d1ef1138-d273-11ea-a757-e0d55e2a8bf9)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/d1ef1138-d273-11ea-a757-e0d55e2a8bf9.html

Affected packages: ark < 20.04.2_1 ark == 20.04.3

183366 - FreeBSD Python Multiple Vulnerabilities (7d7221ee-d334-11ea-bc50-080027846a02)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-15801

Description The scan detected that the host is missing the following update: Python -- multiple vulnerabilities (7d7221ee-d334-11ea-bc50-080027846a02)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/7d7221ee-d334-11ea-bc50-080027846a02.html

Affected packages: python38 < 3.8.5

183367 - FreeBSD libX11 Heap Corruption In The X Input Method Client In LibX11 (6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-14344

Description The scan detected that the host is missing the following update: libX11 -- Heap corruption in the X input method client in libX11 (6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/6faa7feb-d3fa-11ea-9aba-0c9d925bbbc0.html

Affected packages: libX11 < 1.6.9_3,1 183368 - FreeBSD typo3 Multiple Vulnerabilities (eab964f8-d632-11ea-9172-4c72b94353b5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-15098, CVE-2020-15099

Description The scan detected that the host is missing the following update: typo3 -- multiple vulnerabilities (eab964f8-d632-11ea-9172-4c72b94353b5)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/eab964f8-d632-11ea-9172-4c72b94353b5.html

Affected packages: typo3-9-php72 < 9.5.20 typo3-9-php73 < 9.5.20 typo3-9-php74 < 9.5.20 typo3-10-php72 < 10.4.6 typo3-10-php73 < 10.4.6 typo3-10-php74 < 10.4.6

183369 - FreeBSD FreeBSD Potential Memory Corruption In USB Network Device Drivers (9eb01384-d793-11ea-88f8-901b0ef719ab)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-7459

Description The scan detected that the host is missing the following update: FreeBSD -- Potential memory corruption in USB network device drivers (9eb01384-d793-11ea-88f8-901b0ef719ab)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/9eb01384-d793-11ea-88f8-901b0ef719ab.html

Affected packages: 12.1 <= FreeBSD-kernel < 12.1_8 11.4 <= FreeBSD-kernel < 11.4_2 11.3 <= FreeBSD-kernel < 11.3_12

183370 - FreeBSD FreeBSD Sendmsg (2) privilege escalation (8db74c04-d794-11ea-88f8-901b0ef719ab)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-7460

Description The scan detected that the host is missing the following update: FreeBSD -- sendmsg(2) privilege escalation (8db74c04-d794-11ea-88f8-901b0ef719ab)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/8db74c04-d794-11ea-88f8-901b0ef719ab.html

Affected packages: 12.1 <= FreeBSD-kernel < 12.1_8 11.4 <= FreeBSD-kernel < 11.4_2 11.3 <= FreeBSD-kernel < 11.3_12

183371 - FreeBSD chromium Multiple Vulnerabilities (9a447f78-d0f8-11ea-9837-e09467587c17)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-6532, CVE-2020-6537, CVE-2020-6538, CVE-2020-6539, CVE-2020-6540, CVE-2020-6541

Description The scan detected that the host is missing the following update: chromium -- multiple vulnerabilities (9a447f78-d0f8-11ea-9837-e09467587c17)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/9a447f78-d0f8-11ea-9837-e09467587c17.html

Affected packages: chromium < 84.0.4147.105 183372 - FreeBSD xorg-server Pixel Data Uninitialized Memory Information Disclosure (3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-14347

Description The scan detected that the host is missing the following update: xorg-server -- Pixel Data Uninitialized Memory Information Disclosure (3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/3c7ba82a-d3fb-11ea-9aba-0c9d925bbbc0.html

Affected packages: xorg-server < 1.20.8_3,1 xephyr < 1.20.8_3,1 xorg-vfbserver < 1.20.8_3,1 xorg-nestserver < 1.20.8_3,1 xwayland < 1.20.8_3,1 xorg-dmx < 1.20.8_3,1

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 160511 - CentOS 7 CESA-2018-3140 Update Is Not Installed - 1

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-2017-18267, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-12910, CVE-2018-13988

Update Details Name is updated

26564 - Oracle Database Server Critical Patch Update April 2020

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2016-10251, CVE-2016-7103, CVE-2019-17563, CVE-2019-2853, CVE-2020-2514, CVE-2020-2734, CVE-2020-2735, CVE-2020-2737

Update Details Risk is updated

183319 - FreeBSD Several Security Issues In Sqlite3 (c4ac9c79-ab37-11ea-8b5e-b42e99a1b9c3)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2020-11655, CVE-2020-13434, CVE-2020-13435, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632

Update Details FASLScript is updated

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.com Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.html Non-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2020 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates