2017-JUN-16 FSL version 7.5.934
MCAFEE FOUNDSTONE FSL UPDATE
To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.
NEW CHECKS
21915 - (MSPT-June2017) Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8528)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8528
Description A vulnerability is present in some versions of Microsoft Windows Uniscribe.
Observation Uniscribe is a set of services for rendering Unicode-encoded text in Microsoft Windows.
A vulnerability is present in some versions of Microsoft Windows Uniscribe. The flaw is due to improper handling of objects in memory. Successful exploitation could allow an attacker to execute remote code on the target system.
21918 - (MSPT-June2017) Windows Uniscribe Remote Code Execution (CVE-2017-0283)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0283
Description A vulnerability is present in some versions of Microsoft Windows Uniscribe.
Observation Uniscribe is a set of services for rendering Unicode-encoded text on Microsoft Windows.
A vulnerability is present in some versions of Microsoft Windows Uniscribe. The flaw is due to improper handling of objects in memory. Successful exploitation could allow an attacker to execute remote code on the target system.
21924 - (MSPT-June2017) Windows Graphics Remote Code Execution Vulnerability (CVE-2017-8527)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8527
Description A vulnerability is present in some versions of Microsoft Windows and Office products. Observation Microsoft Windows is a popular operating system.
A vulnerability is present in some versions of Microsoft Windows and Office products. The flaw lies in Windows Graphics component. Successful exploitation could allow an attacker to execute remote code on the target system.
185731 - Ubuntu Linux 16.04 USN-3312-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083, CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE- 2017-2596, CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889, CVE-2017-7895
Description The scan detected that the host is missing the following update: USN-3312-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003886.html
Ubuntu 16.04 linux-image-raspi2_4.4.0.1057.58 linux-image-4.4.0-79-powerpc64-smp_4.4.0-79.100 linux-image-4.4.0-79-lowlatency_4.4.0-79.100 linux-image-lowlatency_4.4.0.79.85 linux-image-powerpc-e500mc_4.4.0.79.85 linux-image-aws_4.4.0.1018.21 linux-image-4.4.0-1057-raspi2_4.4.0-1057.64 linux-image-4.4.0-79-generic_4.4.0-79.100 linux-image-generic_4.4.0.79.85 linux-image-4.4.0-79-powerpc-smp_4.4.0-79.100 linux-image-powerpc64-emb_4.4.0.79.85 linux-image-virtual_4.4.0.79.85 linux-image-4.4.0-1059-snapdragon_4.4.0-1059.63 linux-image-4.4.0-79-generic-lpae_4.4.0-79.100 linux-image-powerpc64-smp_4.4.0.79.85 linux-image-4.4.0-79-powerpc-e500mc_4.4.0-79.100 linux-image-powerpc-smp_4.4.0.79.85 linux-image-gke_4.4.0.1014.16 linux-image-4.4.0-1018-aws_4.4.0-1018.27 linux-image-snapdragon_4.4.0.1059.52 linux-image-4.4.0-1014-gke_4.4.0-1014.14 linux-image-generic-lpae_4.4.0.79.85
185735 - Ubuntu Linux 14.04 USN-3312-2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2016-7913, CVE-2016-7917, CVE-2016-8632, CVE-2016-9083, CVE-2016-9084, CVE-2016-9604, CVE-2017-0605, CVE- 2017-2596, CVE-2017-2671, CVE-2017-6001, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889, CVE-2017-7895
Description The scan detected that the host is missing the following update: USN-3312-2
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003887.html
Ubuntu 14.04 linux-image-4.4.0-79-powerpc-e500mc_4.4.0-79.100~14.04.1 linux-image-powerpc-e500mc-lts-xenial_4.4.0.79.64 linux-image-powerpc64-smp-lts-xenial_4.4.0.79.64 linux-image-lowlatency-lts-xenial_4.4.0.79.64 linux-image-generic-lpae-lts-xenial_4.4.0.79.64 linux-image-powerpc-smp-lts-xenial_4.4.0.79.64 linux-image-4.4.0-79-powerpc64-smp_4.4.0-79.100~14.04.1 linux-image-4.4.0-79-powerpc-smp_4.4.0-79.100~14.04.1 linux-image-powerpc64-emb-lts-xenial_4.4.0.79.64 linux-image-4.4.0-79-generic_4.4.0-79.100~14.04.1 linux-image-4.4.0-79-lowlatency_4.4.0-79.100~14.04.1 linux-image-4.4.0-79-generic-lpae_4.4.0-79.100~14.04.1 linux-image-generic-lts-xenial_4.4.0.79.64 linux-image-4.4.0-79-powerpc64-emb_4.4.0-79.100~14.04.1
185738 - Ubuntu Linux 17.04 USN-3314-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2016-9604, CVE-2017-0605, CVE-2017-2671, CVE-2017-7277, CVE-2017-7472, CVE-2017-7618, CVE-2017-7645, CVE- 2017-7889, CVE-2017-7895, CVE-2017-7979, CVE-2017-8063, CVE-2017-8064, CVE-2017-8067
Description The scan detected that the host is missing the following update: USN-3314-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003890.html
Ubuntu 17.04 linux-image-raspi2_4.10.0.1006.8 linux-image-lowlatency_4.10.0.22.24 linux-image-generic-lpae_4.10.0.22.24 linux-image-4.10.0-22-generic_4.10.0-22.24 linux-image-4.10.0-22-lowlatency_4.10.0-22.24 linux-image-4.10.0-22-generic-lpae_4.10.0-22.24 linux-image-generic_4.10.0.22.24 linux-image-4.10.0-1006-raspi2_4.10.0-1006.8
192188 - Fedora Linux 24 FEDORA-2017-f942f19ff4 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-9059
Description The scan detected that the host is missing the following update: FEDORA-2017-f942f19ff4
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 24 picocom-2.2-2.fc24
192220 - Fedora Linux 25 FEDORA-2017-ac7fc2fd8c Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-9059
Description The scan detected that the host is missing the following update: FEDORA-2017-ac7fc2fd8c
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 25 picocom-2.2-2.fc25
192230 - Fedora Linux 24 FEDORA-2017-6554692044 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077
Description The scan detected that the host is missing the following update: FEDORA-2017-6554692044
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 24 kernel-4.11.4-100.fc24
21958 - (MSPT-June2017) Win32k Elevation of Privilege Vulnerability (CVE-2017-8465)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8465
Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel- mode driver handles objects in memory. Successful exploitation could allow an attacker to execute processes with elevated privileges. Exploitation requires an attacker to gain access to the local system.
21960 - (MSPT-June2017) Windows Cursor Elevation Of Privilege Vulnerability (CVE-2017-8466)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8466
Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel- mode driver handles objects in memory. Successful exploitation could allow an attacker to execute processes with elevated privileges. Exploitation requires an attacker to gain access to the local system.
22005 - (MSPT-June2017) Microsoft Office Memory Corruption Vulnerability (CVE-2017-8507)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8507
Description A remote code execution vulnerability is present in some versions of Microsoft Office.
Observation Microsoft Office is a popular office suite.
A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how Microsoft Outlook parses e- mail messages. Successful exploitation could allow an attacker to execute remote code. Exploitation requires a user to open a maliciously crafted e-mail message. 178452 - Gentoo Linux GLSA-201706-15 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: High CVE: CVE-2015-2330, CVE-2015-7096, CVE-2015-7098, CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE- 2016-1727, CVE-2016-1728, CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016- 7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE- 2016-7652, CVE-2016-7654, CVE-2016-7656, CVE-2016-9642, CVE-2016-9643, CVE-2017-2350, CVE-2017-2354, CVE-2017-2355, CVE-2017-2356, CVE-2017-2362, CVE-2017-2363, CVE-2017-2364, CVE-2017-2365, CVE-2017-2366, CVE-2017-2367, CVE-2017- 2369, CVE-2017-2371, CVE-2017-2373, CVE-2017-2376, CVE-2017-2377, CVE-2017-2386, CVE-2017-2392, CVE-2017-2394, CVE- 2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2433, CVE-2017-2442, CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455, CVE-2017-2457, CVE-2017-2459, CVE-2017-2460, CVE-2017- 2464, CVE-2017-2465, CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471, CVE-2017-2475, CVE- 2017-2476, CVE-2017-2481, CVE-2017-2496, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017- 2531, CVE-2017-2536, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984
Description The scan detected that the host is missing the following update: GLSA-201706-15
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/201706-15
Affected packages: net-libs/webkit-gtk < 2.16.3
185732 - Ubuntu Linux 16.10 USN-3313-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2017-0605
Description The scan detected that the host is missing the following update: USN-3313-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003888.html
Ubuntu 16.10 linux-image-powerpc-e500mc_4.8.0.54.66 linux-image-4.8.0-54-powerpc64-emb_4.8.0-54.57 linux-image-generic_4.8.0.54.66 linux-image-lowlatency_4.8.0.54.66 linux-image-4.8.0-54-generic-lpae_4.8.0-54.57 linux-image-4.8.0-1038-raspi2_4.8.0-1038.41 linux-image-powerpc-smp_4.8.0.54.66 linux-image-4.8.0-54-powerpc-smp_4.8.0-54.57 linux-image-generic-lpae_4.8.0.54.66 linux-image-4.8.0-54-generic_4.8.0-54.57 linux-image-powerpc64-emb_4.8.0.54.66 linux-image-4.8.0-54-lowlatency_4.8.0-54.57 linux-image-4.8.0-54-powerpc-e500mc_4.8.0-54.57 linux-image-raspi2_4.8.0.1038.42
185736 - Ubuntu Linux 16.04 USN-3313-2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2017-0605
Description The scan detected that the host is missing the following update: USN-3313-2
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003889.html
Ubuntu 16.04 linux-image-4.8.0-54-generic_4.8.0-54.57~16.04.1 linux-image-generic-lpae-hwe-16.04_4.8.0.54.25 linux-image-lowlatency-hwe-16.04_4.8.0.54.25 linux-image-4.8.0-54-generic-lpae_4.8.0-54.57~16.04.1 linux-image-4.8.0-54-lowlatency_4.8.0-54.57~16.04.1 linux-image-generic-hwe-16.04_4.8.0.54.25
192223 - Fedora Linux 26 FEDORA-2017-a50319c820 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9078, CVE-2017-9079
Description The scan detected that the host is missing the following update: FEDORA-2017-a50319c820
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=4
Fedora Core 26 dropbear-2017.75-1.fc26
192224 - Fedora Linux 26 FEDORA-2017-a7161eb173 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-7692
Description The scan detected that the host is missing the following update: FEDORA-2017-a7161eb173
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=8
Fedora Core 26 squirrelmail-1.4.22-19.fc26
21975 - (MSPT-June2017) Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8543
Description A remote code execution vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A remote code execution vulnerability is present in some versions of Microsoft Windows. The flaw lies in Windows Search due to improper handling of objects in memory. Successful exploitation could allow an attacker to take control of the affected system.
21988 - (MSPT-June2017) Windows Remote Code Execution Vulnerability (CVE-2017-0294)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0294
Description An remote code execution vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An remote code execution vulnerability is present in some versions of Microsoft Windows. The flaw lies in how Microsoft Windows handles cabinet files. Successful exploitation could allow an attacker to execute remote arbitrary code. Exploitation requires the user to open a maliciously crafted cabinet file.
21904 - (MSPT-June2017) Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8513) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8513
Description A remote code execution vulnerability is present in some versions of Microsoft Office.
Observation Microsoft Office is a popular office suite.
A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how the product handles objects in memory. Successful exploitation could allow an attacker to execute remote code. Exploitation requires a user to open a maliciously crafted file.
21912 - (MSPT-June2017) Windows TDX Elevation of Privilege Vulnerability (CVE-2017-0296)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0296
Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw is due to failing to properly validate buffer length. Successful exploitation could allow an attacker to run processes in an elevated context. Exploitation requires an attacker to gain access to the local system.
21928 - (MSPT-June2017) Scripting Engine Memory Corruption Vulnerability (CVE-2017-8517)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8517
Description A memory corruption vulnerability is present in some versions of Microsoft Scripting Engine.
Observation Microsoft Scripting Engine is used by Internet browser developed by Microsoft.
A memory corruption vulnerability is present in some versions of Microsoft Scripting Engine. The flaw is due to improper handling of objects in memory. Successful exploitation could allow a remote attacker to execute arbitrary code in the context of the current user.
21929 - (MSPT-June2017) Internet Explorer Memory Corruption Vulnerability (CVE-2017-8519)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8519
Description A memory corruption vulnerability is present in some versions of Microsoft Internet Explorer.
Observation Internet Explorer is an Internet browser developed by Microsoft.
A memory corruption vulnerability is present in some versions of Microsoft Internet Explorer. The flaw is due to improper handling of objects in memory. Successful exploitation could allow a remote attacker to execute arbitrary code in the context of the current user.
21931 - (MSPT-June2017) Scripting Engine Memory Corruption Vulnerability (CVE-2017-8524)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8524
Description A memory corruption vulnerability is present in some versions of Microsoft Scripting Engine.
Observation Microsoft Scripting Engine is used by Internet browser developed by Microsoft.
A memory corruption vulnerability is present in some versions of Microsoft Scripting Engine. The flaw is due to improper handling of objects in memory. Successful exploitation could allow a remote attacker to execute arbitrary code in the context of the current user.
21932 - (MSPT-June2017) Internet Explorer Memory Corruption Vulnerability (CVE-2017-8547)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8547
Description A memory corruption vulnerability is present in some versions of Microsoft Internet Explorer.
Observation Internet Explorer is an Internet browser developed by Microsoft.
A memory corruption vulnerability is present in some versions of Microsoft Internet Explorer. The flaw is due to improper accessing objects in memory. Successful exploitation could allow a remote attacker to execute arbitrary code in the context of the current user.
21933 - (MSPT-June2017) Scripting Engine Memory Corruption Vulnerability (CVE-2017-8522)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8522
Description A memory corruption vulnerability is present in some versions of Microsoft Scripting Engine. Observation Microsoft Scripting Engine is used by Internet browser developed by Microsoft.
A memory corruption vulnerability is present in some versions of Microsoft Scripting Engine. The flaw is due to improper handling of objects in memory. Successful exploitation could allow a remote attacker to execute arbitrary code in the context of the current user.
21943 - (MSPT-June2017) Windows Kernel Elevation of Privileges Vulnerability (CVE-2017-0297)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0297
Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel handles objects in memory. Successful exploitation could allow an attacker to execute arbitrary code with elevated privileges. Exploitation requires an attacker to gain access to the local system.
21944 - (MSPT-June2017) Windows Kernel Elevation of Privileges Vulnerability (CVE-2017-8494)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8494
Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel handles objects in memory. Successful exploitation could allow an attacker to violate virtual trust levels. Exploitation requires an attacker to gain access to the local system.
21946 - (MSPT-June2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8548)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8548
Description A memory corruption vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10. A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw lies in the JavaScript engine in handling objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.
21950 - (MSPT-June2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8549)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8549
Description A memory corruption vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw lies in the JavaScript engine in handling objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.
21952 - (MSPT-May2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0223)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0223
Description A memory corruption vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw lies in the JavaScript engine in handling objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.
21955 - (MSPT-June2017) Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8496)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8496
Description A memory corruption vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw is due to improper access of objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.
21956 - (MSPT-June2017) Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8497)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-MAP-NOMATCH
Description A memory corruption vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw is due to improper access of objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.
21962 - (MSPT-June2017) Windows Virtual memory Denial of Service Vulnerability (CVE-2017-8515)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8515
Description A Denial of Service vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A Denial of Service vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows handles certain types of kernel mode requests. Successful exploitation could allow an attacker to cause a denial of service condition.
21963 - (MSPT-June2017) Windows COM Elevation of Privilege Vulnerability (CVE-2017-0298)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0298
Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in Helppane.exe. Successful exploitation could allow an attacker to execute arbitrary code in another user's session.
21964 - (MSPT-June2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8499) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8499
Description A memory corruption vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw lies in the JavaScript engine in handling objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.
21965 - (MSPT-June2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8520)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8520
Description A memory corruption vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw lies in the JavaScript engine in handling objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.
21966 - (MSPT-June2017) Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8521)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8521
Description A memory corruption vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
A memory corruption vulnerability is present in some versions of Microsoft Edge. The flaw lies in the JavaScript engine in handling objects in memory. Successful exploitation could allow an attacker to corrupt memory and execute code in the context of the current user by convincing the user to visit a malicious website.
21984 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8509)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8509
Description A remote code execution vulnerability is present in some versions of Microsoft Office.
Observation Microsoft Office is a popular office suite.
A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how the Microsoft Office handle objects in memory. Successful exploitation could allow an authenticated attacker to remotely execute arbitrary code. Exploitation requires the user to open a specially crafted file.
21985 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8511)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8511
Description A remote code execution vulnerability is present in some versions of Microsoft Office.
Observation Microsoft Office is a popular office suite.
A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how the Microsoft Office handle objects in memory. Successful exploitation could allow an authenticated attacker to remotely execute arbitrary code. Exploitation requires the user to open a specially crafted file.
21986 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8512)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8512
Description A remote code execution vulnerability is present in some versions of Microsoft Office.
Observation Microsoft Office is a popular office suite.
A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how the Microsoft Office handle objects in memory. Successful exploitation could allow an authenticated attacker to remotely execute arbitrary code. Exploitation requires the user to open a specially crafted file.
21989 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8509)
Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-8509 Description A remote code execution vulnerability is present in some versions of Microsoft Office.
Observation Microsoft Office is a popular office suite.
A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how the Microsoft Office handle objects in memory. Successful exploitation could allow an authenticated attacker to remotely execute arbitrary code. Exploitation requires the user to open a specially crafted file.
21990 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8511)
Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-8511
Description A remote code execution vulnerability is present in some versions of Microsoft Office.
Observation Microsoft Office is a popular office suite.
A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how the Microsoft Office handle objects in memory. Successful exploitation could allow an authenticated attacker to remotely execute arbitrary code. Exploitation requires the user to open a specially crafted file.
21998 - (MSPT-June2017) Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0291
Description A vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A vulnerability is present in some versions of Microsoft Windows. The flaw lies in how Windows parses PDF files. Successful exploitation could allow an attacker to execute arbitrary code in the context of current user on the target system.
22000 - (MSPT-June2017) Windows PDF Remote Code Execution Vulnerability (CVE-2017-0292)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0292
Description A vulnerability is present in some versions of Microsoft Windows and Microsoft Word.
Observation Windows is a popular operation system developed by Microsoft and Microsoft Word is a popular document and word processing software.
A vulnerability is present in some versions of Microsoft Windows and Microsoft Word. The flaw lies in how Windows and Microsoft Word parse PDF files. Successful exploitation could allow an attacker to execute arbitrary code in the context of current user on the target system.
22002 - (MSPT-June2017) LNK Remote Code Execution Vulnerability (CVE-2017-8464)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8464
Description A remote code execution vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A remote code execution vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Microsoft Office handles LNK files. Successful exploitation could allow an authenticated attacker to remotely execute arbitrary code. Exploitation requires the user to open a specially crafted LNK file.
22003 - (MSPT-June2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8510)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8510
Description A remote code execution vulnerability is present in some versions of Microsoft Office.
Observation Microsoft Office is a popular office suite.
A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw is due to an improper object handling in memory. Successful exploitation could allow an attacker to remotely execute arbitrary code.
22004 - (MSPT-June2017) Microsoft Office Remote Code Execution (CVE-2017-8506)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-8506
Description A remote code execution vulnerability is present in some versions of Microsoft Office.
Observation Microsoft Office is a popular office suite. A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how Microsoft Office validates input before loading DLL files. Successful exploitation could allow an attacker to execute remote code. Exploitation requires a user to open a maliciously crafted Office document.
130787 - Debian Linux 8.0 DSA-3875-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2017-9433
Description The scan detected that the host is missing the following update: DSA-3875-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3875
Debian 8.0 all libmwaw-tools_0.3.1-2+deb8u1 libmwaw-doc_0.3.1-2+deb8u1 libmwaw-0.3-3_0.3.1-2+deb8u1 libmwaw-dev_0.3.1-2+deb8u1
130788 - Debian Linux 8.0 DSA-3874-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2017-6430, CVE-2017-8366
Description The scan detected that the host is missing the following update: DSA-3874-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3874
Debian 8.0 all ettercap-text-only_1:0.8.1-3+deb8u1 ettercap-graphical_1:0.8.1-3+deb8u1 ettercap-common_1:0.8.1-3+deb8u1 ettercap-dbg_1:0.8.1-3+deb8u1
185733 - Ubuntu Linux 17.04 USN-3316-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2017-9148 Description The scan detected that the host is missing the following update: USN-3316-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003891.html
Ubuntu 17.04 freeradius_3.0.12+dfsg-4ubuntu1.1
185737 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3253-2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2013-7108, CVE-2013-7205, CVE-2014-1878, CVE-2016-9566
Description The scan detected that the host is missing the following update: USN-3253-2
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003892.html
Ubuntu 16.04 nagios3-cgi_3.5.1.dfsg-2.1ubuntu1.3 nagios3-core_3.5.1.dfsg-2.1ubuntu1.3
Ubuntu 14.04 nagios3-cgi_3.5.1-1ubuntu1.3 nagios3-core_3.5.1-1ubuntu1.3
Ubuntu 16.10 nagios3-cgi_3.5.1.dfsg-2.1ubuntu3.3 nagios3-core_3.5.1.dfsg-2.1ubuntu3.3
Ubuntu 17.04 nagios3-core_3.5.1.dfsg-2.1ubuntu5.2 nagios3-cgi_3.5.1.dfsg-2.1ubuntu5.2
192174 - Fedora Linux 24 FEDORA-2017-7e0ff7f73a Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-5645 Description The scan detected that the host is missing the following update: FEDORA-2017-7e0ff7f73a
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 24 log4j12-1.2.17-19.fc24
192177 - Fedora Linux 26 FEDORA-2017-f7849e04f4 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-8849
Description The scan detected that the host is missing the following update: FEDORA-2017-f7849e04f4
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=8
Fedora Core 26 smb4k-1.2.2-3.fc26
192182 - Fedora Linux 25 FEDORA-2017-60997f0d14 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9224, CVE-2017-9225, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229
Description The scan detected that the host is missing the following update: FEDORA-2017-60997f0d14
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 25 oniguruma-6.1.3-2.fc25 192183 - Fedora Linux 26 FEDORA-2017-7ee5c17024 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9148
Description The scan detected that the host is missing the following update: FEDORA-2017-7ee5c17024
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 freeradius-3.0.14-1.fc26
192184 - Fedora Linux 26 FEDORA-2017-b8358cda24 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-5645
Description The scan detected that the host is missing the following update: FEDORA-2017-b8358cda24
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 log4j12-1.2.17-19.fc26
192187 - Fedora Linux 26 FEDORA-2017-988ee3e365 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-8366
Description The scan detected that the host is missing the following update: FEDORA-2017-988ee3e365
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 26 ettercap-0.8.2-8.20170306git60aca9.fc26
192211 - Fedora Linux 26 FEDORA-2017-f986009363 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9432
Description The scan detected that the host is missing the following update: FEDORA-2017-f986009363
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 26 libstaroffice-0.0.3-3.fc26
192213 - Fedora Linux 25 FEDORA-2017-8348115acd Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-5645
Description The scan detected that the host is missing the following update: FEDORA-2017-8348115acd
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 25 log4j12-1.2.17-19.fc25
192227 - Fedora Linux 26 FEDORA-2017-ee01a2ced6 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9224, CVE-2017-9225, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229
Description The scan detected that the host is missing the following update: FEDORA-2017-ee01a2ced6
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 oniguruma-6.3.0-1.fc26
192228 - Fedora Linux 24 FEDORA-2017-e2d6d0067f Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229
Description The scan detected that the host is missing the following update: FEDORA-2017-e2d6d0067f
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 24 oniguruma-5.9.6-4.fc24
192231 - Fedora Linux 25 FEDORA-2017-e698bba980 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9148
Description The scan detected that the host is missing the following update: FEDORA-2017-e698bba980
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=8
Fedora Core 25 freeradius-3.0.14-1.fc25
192233 - Fedora Linux 26 FEDORA-2017-57e8f5ec61 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-8779
Description The scan detected that the host is missing the following update: FEDORA-2017-57e8f5ec61
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=7
Fedora Core 26 libtirpc-1.0.1-4.rc3.fc26
21891 - Apache Tomcat Vulnerability Prior To 8.5.15
Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2017-5664
Description A vulnerability is present in some versions of Apache Tomcat.
Observation Apache Tomcat is a container for the Java Servlet and Java Server Pages Web applications.
A vulnerability is present in some versions of Apache Tomcat. The flaw is due to improper error page mechanism. Successful exploitation could allow an attacker to bypass certain security restriction.
21905 - (MSPT-June2017) Microsoft SharePoint Reflective XSS Vulnerability (CVE-2017-8514)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8514
Description A cross-site scripting vulnerability is present in some versions of Microsoft SharePoint.
Observation Microsoft SharePoint is a web-based, collaborative platform that integrates with Microsoft Office products.
A cross-site scripting vulnerability is present in some versions of Microsoft SharePoint. The flaw is due to improper handling of a specially crafted request. Successful exploitation could allow an authenticated attacker to obtain sensitive information, take actions on the SharePoint site on behalf of the victim. Exploitation requires a user to click a specially crafted URL.
21913 - (MSPT-May2017) Win32k Elevation of Privilege Vulnerability (CVE-2017-8552)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8552
Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel- mode driver handles objects in memory. Successful exploitation could allow an attacker to execute arbitrary code with elevated privileges. Exploitation requires an attacker to gain access to the local system.
21914 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8488)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8488
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21934 - (MSPT-June2017) Microsoft Office Remote Code Execution (CVE-2017-0260)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0260
Description A remote code execution vulnerability is present in some versions of Microsoft Office.
Observation Office is a popular office suite of applications and platforms developed by Microsoft.
A remote code execution vulnerability is present in some versions of Microsoft Office. The flaw lies in how Office validates input before loading DLL files. Successful exploitation could allow an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires an attacker to convince user to open a specially crafted office document.
21968 - (MSPT-June2017) Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8530)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8530 Description A security feature bypass vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
A security feature bypass vulnerability is present in some versions of Microsoft Edge. The flaw is due to improper enforcing of same- origin policies. Successful exploitation could allow an attacker to access information from origins outside the current one.
21987 - (MSPT-June2017) Hypervisor Code Integrity Elevation of Privilege Vulnerability (CVE-2017-0193)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0193
Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in Windows Hyper-V. Successful exploitation could allow an authenticated attacker to obtain elevated privileges.
22006 - (MSPT-June2017) Microsoft Office Security Feature Bypass Vulnerability (CVE-2017-8508)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8508
Description A security bypass vulnerability is present in some versions of Microsoft Office.
Observation Microsoft Office is a popular office suite.
A security bypass vulnerability is present in some versions of Microsoft Office. The flaw lies in how this software parses file formats. Successful exploitation could allow an attacker to bypass security access restrictions.
145388 - SuSE SLES 11 SP4 SUSE-SU-2017:1557-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-9318, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050
Description The scan detected that the host is missing the following update: SUSE-SU-2017:1557-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2017-June/002940.html
SuSE SLES 11 SP4 i586 libxml2-python-2.7.6-0.69.3 libxml2-doc-2.7.6-0.69.1 libxml2-2.7.6-0.69.1 x86_64 libxml2-32bit-2.7.6-0.69.1 libxml2-python-2.7.6-0.69.3 libxml2-doc-2.7.6-0.69.1 libxml2-2.7.6-0.69.1
182371 - FreeBSD roundcube Arbitrary Password Resets (bce47c89-4d3f-11e7-8080-a4badb2f4699)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8114
Description The scan detected that the host is missing the following update: roundcube -- arbitrary password resets (bce47c89-4d3f-11e7-8080-a4badb2f4699)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/bce47c89-4d3f-11e7-8080-a4badb2f4699.html
Affected packages: roundcube < 1.2.5,1
192173 - Fedora Linux 24 FEDORA-2017-facd994774 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000367
Description The scan detected that the host is missing the following update: FEDORA-2017-facd994774
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=9 Fedora Core 24 sudo-1.8.20p2-1.fc24
192180 - Fedora Linux 26 FEDORA-2017-9e83b902f9 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-2496, CVE-2017-2510, CVE-2017-2539
Description The scan detected that the host is missing the following update: FEDORA-2017-9e83b902f9
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=4
Fedora Core 26 webkitgtk4-2.16.3-1.fc26
192190 - Fedora Linux 26 FEDORA-2017-d5cf1a55ce Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6891
Description The scan detected that the host is missing the following update: FEDORA-2017-d5cf1a55ce
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 mingw-libtasn1-4.12-1.fc26
192207 - Fedora Linux 26 FEDORA-2017-8b250ebe97 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000367
Description The scan detected that the host is missing the following update: FEDORA-2017-8b250ebe97 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 sudo-1.8.20p2-1.fc26
192208 - Fedora Linux 26 FEDORA-2017-1f3ee3bea6 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6949
Description The scan detected that the host is missing the following update: FEDORA-2017-1f3ee3bea6
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=8
Fedora Core 26 chicken-4.12.0-2.fc26
192215 - Fedora Linux 26 FEDORA-2017-5115baf0e6 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6891
Description The scan detected that the host is missing the following update: FEDORA-2017-5115baf0e6
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 libtasn1-4.12-1.fc26
21906 - (MSPT-June2017) Microsoft Outlook for Mac Spoofing Vulnerability (CVE-2017-8545)
Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Medium CVE: CVE-2017-8545
Description A spoofing vulnerability is present in some versions of Microsoft Outlook for Mac.
Observation Microsoft Office is a popular office suite.
A spoofing vulnerability is present in some versions of Microsoft Outlook for Mac. The flaw lies in how the product handles specific HTML tags. Successful exploitation could allow an attacker to gain access to the user's authentication information or login credentials. Exploitation requires a user to open a maliciously email.
21907 - (MSPT-June2017) Skype for Business Remote Code Execution Vulnerability (CVE-2017-8550)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8550
Description A remote code execution vulnerability is present in some versions of Microsoft Office products.
Observation Microsoft Office is a popular office suite and Skype for Business is an instant-messaging client.
A remote code execution vulnerability is present in some versions of Microsoft Office products. The flaw lies in how the product handles a message that contains specially crafted JavaScript content. Successful exploitation could allow an attacker to execute HTML and JavaScript content. Exploitation requires a user to open an instant message session.
21908 - (MSPT-June2017) Microsoft SharePoint XSS vulnerability (CVE-2017-8551)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8551
Description A cross-site scripting vulnerability is present in some versions of Microsoft SharePoint.
Observation Microsoft SharePoint is a web-based, collaborative platform that integrates with Microsoft Office products.
A cross-site scripting vulnerability is present in some versions of Microsoft SharePoint. The flaw is due to improper handling of a specially crafted request. Successful exploitation could allow an authenticated attacker to obtain sensitive information, take actions on the SharePoint site on behalf of the victim.
21916 - (MSPT-June2017) Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0285)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0285 Description An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe.
Observation Uniscribe is a set of services for rendering Unicode-encoded text in Microsoft Windows.
An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe. The flaw is due to improper handling of objects in memory. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.
21917 - (MSPT-June2017) Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0284)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0284
Description An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe.
Observation Uniscribe is a set of services for rendering Unicode-encoded text in Microsoft Windows.
An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe. The flaw is due to improper handling of objects in memory. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.
21919 - (MSPT-June2017) Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0282)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0282
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Microsoft Windows is a popular operating system.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in Windows Uniscribe component. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.
21920 - (MSPT-June2017) Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-8534)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8534
Description An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe.
Observation Uniscribe is a set of services for rendering Unicode-encoded text in Microsoft Windows. An information disclosure vulnerability is present in some versions of Microsoft Windows Uniscribe. The flaw is due to improper handling of objects in memory. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.
21921 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-0287)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0287
Description An information disclosure vulnerability is present in some versions of Microsoft Windows Graphics.
Observation Microsoft Windows is a popular operating system.
An information disclosure vulnerability is present in some versions of Microsoft Windows Graphics. The flaw is due to improper handling of objects in memory. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.
21922 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-0288)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0288
Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products.
Observation Microsoft Windows is a popular operating system.
An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products. The flaw lies in Windows Graphics component. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.
21923 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-0289)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0289
Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products.
Observation Microsoft Windows is a popular operating system.
An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products. The flaw lies in Windows Graphics component. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.
21925 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-8531) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8531
Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products.
Observation Microsoft Windows is a popular operating system.
An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products. The flaw lies in Windows Graphics component. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.
21926 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-8532)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8532
Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products.
Observation Microsoft Windows is a popular operating system.
An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products. The flaw lies in Windows Graphics component. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.
21927 - (MSPT-June2017) Windows Graphics Information Disclosure Vulnerability (CVE-2017-8533)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8533
Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products.
Observation Microsoft Windows is a popular operating system.
An information disclosure vulnerability is present in some versions of Microsoft Windows and Office products. The flaw lies in Windows Graphics component. Successful exploitation could allow an attacker to retrieve sensitive data from the target system.
21930 - (MSPT-June2017) Microsoft Browser Information Disclosure Vulnerability (CVE-2017-8529)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8529 Description An information disclosure vulnerability is present in some versions of Microsoft Browser.
Observation Microsoft Browser are Internet browser developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Browser. The flaw is due to improper handling of objects in memory. Successful exploitation could allow a remote attacker to retrieve sensitive data from the target system.
21957 - (MSPT-June2017) Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8498)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8498
Description An information disclosure vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
An information disclosure vulnerability is present in some versions of Microsoft Edge. The flaw is in the JavaScript XML DOM objects. Successful exploitation could allow an attacker to detect installed browser extensions.
21959 - (MSPT-June2017) Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8504)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8504
Description An information disclosure vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
An information disclosure vulnerability is present in some versions of Microsoft Edge. The flaw is due to incorrect handling of filtered response type in the Microsoft Edge Fetch API. Successful exploitation could allow an attacker to read the URL of a cross-origin request.
21961 - (MSPT-June2017) Win32k Elevation of Privilege Vulnerability (CVE-2017-8468)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8468
Description An elevation of privilege vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An elevation of privilege vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel- mode driver handles objects in memory. Successful exploitation could allow an attacker to execute processes with elevated privileges. Exploitation requires an attacker to gain access to the local system.
21967 - (MSPT-June2017) Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8523)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8523
Description A security feature bypass vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
A security feature bypass vulnerability is present in some versions of Microsoft Edge. The flaw is due to a failure in correctly applying Same Origin Policy for HTML elements present in other browser windows. Successful exploitation could allow an attacker to trick a user into loading a page with malicious content.
21969 - (MSPT-June2017) Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8555)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8555
Description A security feature bypass vulnerability is present in some versions of Microsoft Edge.
Observation Microsoft Edge is the new default web browser in Windows 10.
A security feature bypass vulnerability is present in some versions of Microsoft Edge. The flaw lies in Content Security Policy (CSP) due to a failure in properly validating certain specially crafted documents. Successful exploitation could allow an attacker to trick a user into loading a web page with malicious content.
21991 - (MSPT-June2017) Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2017-0173)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0173
Description A security bypass vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A security feature bypass vulnerability is present in some versions of Microsoft Windows. The flaw lies in Device Guard. Successful exploitation could allow an attacker to execute remote code into a powershell process to bypass the Device Guard Code Integrity policy. Exploitation requires an attacker to gain access to the local system.
21992 - (MSPT-June2017) Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2017-0215)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0215
Description A security feature bypass vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A security feature bypass vulnerability is present in some versions of Microsoft Windows. The flaw lies in Device Guard. Successful exploitation could allow an attacker to execute remote code into a powershell process to bypass the Device Guard Code Integrity policy. Exploitation requires an attacker to gain access to the local system.
21993 - (MSPT-June2017) Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2017-0216)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0216
Description A security feature bypass vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A security feature bypass vulnerability is present in some versions of Microsoft Windows. The flaw lies in Device Guard. Successful exploitation could allow an attacker to execute remote code into a powershell process to bypass the Device Guard Code Integrity policy. Exploitation requires an attacker to gain access to the local system.
21994 - (MSPT-June2017) Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2017-0218)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0218 Description A security feature bypass vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A security feature bypass vulnerability is present in some versions of Microsoft Windows. The flaw lies in Device Guard. Successful exploitation could allow an attacker to execute remote code into a powershell process to bypass the Device Guard Code Integrity policy. Exploitation requires an attacker to gain access to the local system.
21995 - (MSPT-June2017) Device Guard Code Integrity Policy Security Bypass Vulnerability (CVE-2017-0219)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0219
Description A security feature bypass vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A security feature bypass vulnerability is present in some versions of Microsoft Windows. The flaw lies in Device Guard. Successful exploitation could allow an attacker to execute remote code into a powershell process to bypass the Device Guard Code Integrity policy. Exploitation requires an attacker to gain access to the local system.
21997 - (MSPT-June2017) Windows Default Folder Tampering Vulnerability (CVE-2017-0295)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0295
Description A vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A vulnerability is present in some versions of Microsoft Windows. The flaw is due to incorrect permission settings on folders inside the DEFAULT folder structure. Successful exploitation could allow an authenticated attacker to modify files and folders of a user who logs in locally to the computer.
21999 - (MSPT-June2017) Windows PDF Information Disclosure Vulnerability (CVE-2017-8460)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8460
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how Windows parses PDF files. Successful exploitation could allow an attacker to read memory in the context of the current user.
22001 - (MSPT-June2017) Windows GDI Information Disclosure Vulnerability (CVE-2017-0286)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-0286
Description An information disclosure vulnerability is present in some versions of Microsoft Windows and Microsoft Word.
Observation Windows is a popular operation system developed by Microsoft and Microsoft Word is a popular document and word processing software.
An information disclosure vulnerability is present in some versions of Microsoft Windows and Microsoft Word. The flaw lies in Windows GDI component. Successful exploitation could allow an attacker to obtain sensitive information on the target system.
88869 - Slackware Linux 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 SSA:2017-158-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9468, CVE-2017-9469
Description The scan detected that the host is missing the following update: SSA:2017-158-01
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.541305
Slackware 14.0 x86_64 irssi-1.0.3-x86_64-1
Slackware 13.37 x86_64 irssi-0.8.21-x86_64-2
Slackware 14.1 x86_64 irssi-1.0.3-x86_64-1
Slackware 13.1 x86_64 irssi-0.8.21-x86_64-2
Slackware 14.2 x86_64 irssi-1.0.3-x86_64-1 i586 irssi-1.0.3-i586-1
Slackware 13.0 x86_64 irssi-0.8.21-x86_64-2
130791 - Debian Linux 8.0 DSA-3877-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-0376
Description The scan detected that the host is missing the following update: DSA-3877-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3877
Debian 8.0 all tor_0.2.5.14-1
145387 - SuSE SLES 12 SP2, SLED 12 SP2 SUSE-SU-2017:1538-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050
Description The scan detected that the host is missing the following update: SUSE-SU-2017:1538-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2017-June/002939.html
SuSE SLED 12 SP2 x86_64 python-libxml2-2.9.4-39.2 libxml2-2-32bit-2.9.4-39.2 python-libxml2-debuginfo-2.9.4-39.2 libxml2-2-2.9.4-39.2 libxml2-tools-debuginfo-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 python-libxml2-debugsource-2.9.4-39.2 libxml2-tools-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-2-debuginfo-32bit-2.9.4-39.2
SuSE SLES 12 SP2 noarch libxml2-doc-2.9.4-39.2 x86_64 python-libxml2-2.9.4-39.2 libxml2-tools-2.9.4-39.2 python-libxml2-debuginfo-2.9.4-39.2 libxml2-2-2.9.4-39.2 libxml2-tools-debuginfo-2.9.4-39.2 libxml2-debugsource-2.9.4-39.2 libxml2-2-32bit-2.9.4-39.2 python-libxml2-debugsource-2.9.4-39.2 libxml2-2-debuginfo-2.9.4-39.2 libxml2-2-debuginfo-32bit-2.9.4-39.2
182372 - FreeBSD irssi Remote DoS (165e8951-4be0-11e7-a539-0050569f7e80)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9468, CVE-2017-9469
Description The scan detected that the host is missing the following update: irssi -- remote DoS (165e8951-4be0-11e7-a539-0050569f7e80)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/165e8951-4be0-11e7-a539-0050569f7e80.html
Affected packages: irssi < 1.0.3
185730 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3317-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9468, CVE-2017-9469
Description The scan detected that the host is missing the following update: USN-3317-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003893.html
Ubuntu 16.04 irssi_0.8.19-1ubuntu1.4
Ubuntu 14.04 irssi_0.8.15-5ubuntu3.2
Ubuntu 16.10 irssi_0.8.19-1ubuntu2.2
Ubuntu 17.04 irssi_0.8.20-2ubuntu2.1
185734 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3318-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7507, CVE-2017-7869
Description The scan detected that the host is missing the following update: USN-3318-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-June/003894.html
Ubuntu 16.04 libgnutls30_3.4.10-4ubuntu1.3
Ubuntu 14.04 libgnutls26_2.12.23-12ubuntu2.8
Ubuntu 16.10 libgnutls30_3.5.3-5ubuntu1.2
Ubuntu 17.04 libgnutls30_3.5.6-4ubuntu4.1
192202 - Fedora Linux 24 FEDORA-2017-0a1b2d495a Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9217
Description The scan detected that the host is missing the following update: FEDORA-2017-0a1b2d495a
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 24 systemd-229-20.fc24
192212 - Fedora Linux 26 FEDORA-2017-0d5817efc0 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7484, CVE-2017-7485, CVE-2017-7486
Description The scan detected that the host is missing the following update: FEDORA-2017-0d5817efc0
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=8
Fedora Core 26 mingw-postgresql-9.6.3-1.fc26
192214 - Fedora Linux 26 FEDORA-2017-60775d65bb Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8921
Description The scan detected that the host is missing the following update: FEDORA-2017-60775d65bb
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=7
Fedora Core 26
FlightGear-2017.1.3-2.fc26
21909 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8483) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8483
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw is due to improper object initialization in memory. Successful exploitation could allow an authenticated attacker to obtain sensitive information.
21935 - (MSPT-June2017) GDI Information Disclosure Vulnerablity (CVE-2017-8553)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8553
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel handles objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21936 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8470)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8470
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initialize objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21937 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8471)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8471
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initialize objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21938 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8472)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8472
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initialize objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21939 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8473)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8473
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initialize objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21940 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8475)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8475 Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initialize objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21941 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8477)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8477
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initialize objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21942 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8484)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8484
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initialize objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21948 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8490)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8490
Description An information disclosure vulnerability is present in some versions of Microsoft Windows. Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21954 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8474)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8474
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21978 - (MSPT-June2017) Microsoft Windows Search Information Disclosure Vulnerability (CVE-2017-8544)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-8544
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in Windows Search due to improper handling of objects in memory. Successful exploitation could allow an attacker to obtain information to further compromise the target system.
130789 - Debian Linux 8.0 DSA-3878-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981
Description The scan detected that the host is missing the following update: DSA-3878-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3878
Debian 8.0 all libzzip-0-13_0.13.62-3+deb8u1 libzzip-dev_0.13.62-3+deb8u1 zziplib-bin_0.13.62-3+deb8u1
192179 - Fedora Linux 26 FEDORA-2017-b6959bc910 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365
Description The scan detected that the host is missing the following update: FEDORA-2017-b6959bc910
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 26 libsndfile-1.0.28-2.fc26
192189 - Fedora Linux 26 FEDORA-2017-086d989cce Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7511
Description The scan detected that the host is missing the following update: FEDORA-2017-086d989cce
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 poppler-0.52.0-2.fc26
192197 - Fedora Linux 25 FEDORA-2017-0ee7b8dd2a Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7511, CVE-2017-9083
Description The scan detected that the host is missing the following update: FEDORA-2017-0ee7b8dd2a
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=8
Fedora Core 25 mingw-poppler-0.45.0-2.fc25
192199 - Fedora Linux 24 FEDORA-2017-ed1c665a3f Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6508
Description The scan detected that the host is missing the following update: FEDORA-2017-ed1c665a3f
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 24 wget-1.18-2.fc24
192203 - Fedora Linux 26 FEDORA-2017-e8586a44c9 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7511, CVE-2017-9083
Description The scan detected that the host is missing the following update: FEDORA-2017-e8586a44c9
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 mingw-poppler-0.52.0-2.fc26 192206 - Fedora Linux 26 FEDORA-2017-38c3781b89 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6508
Description The scan detected that the host is missing the following update: FEDORA-2017-38c3781b89
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 wget-1.19.1-3.fc26
192209 - Fedora Linux 26 FEDORA-2017-e9936d561b Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-10369, CVE-2017-8933, CVE-2017-8934
Description The scan detected that the host is missing the following update: FEDORA-2017-e9936d561b
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=7
Fedora Core 26 pcmanfm-1.2.5-2.fc26 lxterminal-0.3.0-3.fc26 menu-cache-1.0.2-4.D20170514git56f6668459.fc26
192210 - Fedora Linux 25 FEDORA-2017-abbac6c64b Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365
Description The scan detected that the host is missing the following update: FEDORA-2017-abbac6c64b
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 25 libsndfile-1.0.28-2.fc25
192216 - Fedora Linux 26 FEDORA-2017-4e981a51e6 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6512
Description The scan detected that the host is missing the following update: FEDORA-2017-4e981a51e6
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 perl-File-Path-2.12-367.fc26
192217 - Fedora Linux 24 FEDORA-2017-eadc5f410e Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7511, CVE-2017-9083
Description The scan detected that the host is missing the following update: FEDORA-2017-eadc5f410e
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=9
Fedora Core 24 mingw-poppler-0.41.0-2.fc24
192225 - Fedora Linux 26 FEDORA-2017-03c5f27205 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9403, CVE-2017-9404 Description The scan detected that the host is missing the following update: FEDORA-2017-03c5f27205
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 mingw-libtiff-4.0.8-1.fc26
192229 - Fedora Linux 26 FEDORA-2017-1fe6f25af9 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7488
Description The scan detected that the host is missing the following update: FEDORA-2017-1fe6f25af9
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=7
Fedora Core 26 authconfig-7.0.1-1.fc26
21996 - (MSPT-June2017) Windows Security Feature Bypass Vulnerability (CVE-2017-8493)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8493
Description A security feature bypass vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
A security feature bypass vulnerability is present in some versions of Microsoft Windows. The flaw lies in enforcing case sensitivity for certain variable checks. Successful exploitation could allow an attacker to set variables that requires authentication.
130790 - Debian Linux 8.0 DSA-3876-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2017-9324
Description The scan detected that the host is missing the following update: DSA-3876-1
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3876
Debian 8.0 all otrs2_3.3.9-3+deb8u1
182369 - FreeBSD GnuTLS Denial Of Service Vulnerability (b33fb1e0-4c37-11e7-afeb-0011d823eebd)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: GnuTLS -- Denial of service vulnerability (b33fb1e0-4c37-11e7-afeb-0011d823eebd)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/b33fb1e0-4c37-11e7-afeb-0011d823eebd.html
Affected packages: gnutls < 3.5.13
182370 - FreeBSD mozilla Multiple Vulnerabilities (6cec1b0a-da15-467d-8691-1dea392d4c8d)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2017-5470, CVE-2017-5471, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE- 2017-7754, CVE-2017-7755, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7759, CVE-2017-7760, CVE-2017-7761, CVE-2017-7762, CVE-2017-7763, CVE-2017-7764, CVE-2017-7765, CVE-2017-7766, CVE-2017-7767, CVE-2017-7768, CVE-2017- 7778
Description The scan detected that the host is missing the following update: mozilla -- multiple vulnerabilities (6cec1b0a-da15-467d-8691-1dea392d4c8d)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/6cec1b0a-da15-467d-8691-1dea392d4c8d.html Affected packages: firefox < 54.0,1 seamonkey < 2.51 linux-seamonkey < 2.51 firefox-esr < 52.2.0,1 linux-firefox < 52.2.0,2 libxul < 52.2.0 thunderbird < 52.2.0 linux-thunderbird < 52.2.0
192176 - Fedora Linux 26 FEDORA-2017-f0d48eabe6 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7507
Description The scan detected that the host is missing the following update: FEDORA-2017-f0d48eabe6
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 26 gnutls-3.5.13-1.fc26
192178 - Fedora Linux 24 FEDORA-2017-6aff7475b7 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: FEDORA-2017-6aff7475b7
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 24 ansible-2.3.1.0-1.fc24
192181 - Fedora Linux 26 FEDORA-2017-59f85fef2c Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7650 Description The scan detected that the host is missing the following update: FEDORA-2017-59f85fef2c
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 26 mosquitto-1.4.12-1.fc26
192185 - Fedora Linux 24 FEDORA-2017-486a536b62 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7650
Description The scan detected that the host is missing the following update: FEDORA-2017-486a536b62
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 24 mosquitto-1.4.12-1.fc24
192186 - Fedora Linux 26 FEDORA-2017-d51eedb333 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: FEDORA-2017-d51eedb333
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 26 smb4k-1.2.3-1.fc26 192191 - Fedora Linux 26 FEDORA-2017-b9b66117bb Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-2295
Description The scan detected that the host is missing the following update: FEDORA-2017-b9b66117bb
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=4
Fedora Core 26 puppet-4.6.2-4.fc26
192192 - Fedora Linux 25 FEDORA-2017-f646217583 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7507
Description The scan detected that the host is missing the following update: FEDORA-2017-f646217583
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 25 gnutls-3.5.13-1.fc25
192193 - Fedora Linux 25 FEDORA-2017-87a64155eb Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7481
Description The scan detected that the host is missing the following update: FEDORA-2017-87a64155eb
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 25 ansible-2.3.1.0-1.fc25
192194 - Fedora Linux 26 FEDORA-2017-50b9370529 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: FEDORA-2017-50b9370529
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=8
Fedora Core 26 lynis-2.5.0-1.fc26
192195 - Fedora Linux 26 FEDORA-2017-fe7c3c9c30 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: FEDORA-2017-fe7c3c9c30
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=7
Fedora Core 26 wordpress-4.7.5-1.fc26
192196 - Fedora Linux 26 FEDORA-2017-e6deec5bd0 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-10376
Description The scan detected that the host is missing the following update: FEDORA-2017-e6deec5bd0
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 26 gajim-0.16.8-1.fc26
192200 - Fedora Linux 26 FEDORA-2017-38212d42d8 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: FEDORA-2017-38212d42d8
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=3
Fedora Core 26 dolphin-emu-5.0-14.fc26
192201 - Fedora Linux 26 FEDORA-2017-7936341c80 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7507
Description The scan detected that the host is missing the following update: FEDORA-2017-7936341c80
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 26 mingw-gnutls-3.5.13-1.fc26
192204 - Fedora Linux 26 FEDORA-2017-0343b2d324 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: FEDORA-2017-0343b2d324
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 26 libgcrypt-1.7.7-1.fc26
192218 - Fedora Linux 26 FEDORA-2017-811133dc2c Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-5057, CVE-2017-5058, CVE-2017-5059, CVE-2017-5060, CVE-2017-5061, CVE-2017-5062, CVE-2017-5063, CVE- 2017-5064, CVE-2017-5065, CVE-2017-5066, CVE-2017-5067, CVE-2017-5068, CVE-2017-5069
Description The scan detected that the host is missing the following update: FEDORA-2017-811133dc2c
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=7
Fedora Core 26 chromium-58.0.3029.110-2.fc26 chromium-native_client-58.0.3029.81-1.20170421gitc948e9b.fc26
192219 - Fedora Linux 24 FEDORA-2017-4de07172f4 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: FEDORA-2017-4de07172f4
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1 Fedora Core 24 postgresql-9.5.7-1.fc24
192221 - Fedora Linux 26 FEDORA-2017-edecdcb23e Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: FEDORA-2017-edecdcb23e
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=8
Fedora Core 26 deluge-1.3.15-1.fc26
192222 - Fedora Linux 25 FEDORA-2017-c2113aacd2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7650
Description The scan detected that the host is missing the following update: FEDORA-2017-c2113aacd2
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 25 mosquitto-1.4.12-1.fc25
192226 - Fedora Linux 26 FEDORA-2017-49c0ac5ce7 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7481
Description The scan detected that the host is missing the following update: FEDORA-2017-49c0ac5ce7 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 26 ansible-2.3.1.0-1.fc26
192232 - Fedora Linux 26 FEDORA-2017-283a7d7b7f Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: FEDORA-2017-283a7d7b7f
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=7
Fedora Core 26 rpcbind-0.2.4-7.rc1.fc26
192234 - Fedora Linux 26 FEDORA-2017-1f533a944e Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH
Description The scan detected that the host is missing the following update: FEDORA-2017-1f533a944e
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=7
Fedora Core 26
FlightCrew-0.9.1-7.fc26
21945 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-0299)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-0299
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel handles memory addresses. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21947 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-0300)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-0300
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel handles memory addresses. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21951 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8462)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8462
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel handles memory addresses. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21953 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8469)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8469 Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21970 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8476)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8476
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21971 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8478)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8478
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21972 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8479)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8479
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21973 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8480)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8480
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21974 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8481)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8481
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21976 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8482)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8482
Description An information disclosure vulnerability is present in some versions of Microsoft Windows. Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21977 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8485)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8485
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21980 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8489)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8489
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21981 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8491)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8491
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft. An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
21982 - (MSPT-June2017) Windows Kernel Information Disclosure Vulnerability (CVE-2017-8492)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8492
Description An information disclosure vulnerability is present in some versions of Microsoft Windows.
Observation Windows is a popular operation system developed by Microsoft.
An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initializes objects in memory. Successful exploitation could allow an authenticated attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.
160267 - CentOS 7 CESA-2017-1430 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7718, CVE-2017-7980
Description The scan detected that the host is missing the following update: CESA-2017-1430
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2017-June/022458.html
CentOS 7 x86_64 qemu-kvm-tools-1.5.3-126.el7_3.9 qemu-img-1.5.3-126.el7_3.9 qemu-kvm-1.5.3-126.el7_3.9 qemu-kvm-common-1.5.3-126.el7_3.9
163372 - Oracle Enterprise Linux ELSA-2017-1430 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7718, CVE-2017-7980
Description The scan detected that the host is missing the following update: ELSA-2017-1430 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2017-June/006980.html
OEL7 x86_64 qemu-kvm-tools-1.5.3-126.el7_3.9 qemu-img-1.5.3-126.el7_3.9 qemu-kvm-1.5.3-126.el7_3.9 qemu-kvm-common-1.5.3-126.el7_3.9
175187 - Scientific Linux Security ERRATA Important: qemu-kvm on SL7.x x86_64 (1706-1955)
Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Low CVE: CVE-2017-7718, CVE-2017-7980
Description The scan detected that the host is missing the following update: Security ERRATA Important: qemu-kvm on SL7.x x86_64 (1706-1955)
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://listserv.fnal.gov/scripts/wa.exe?A2=ind1706&L=scientific-linux-errata&F=&S=&P=1955
SL7 x86_64 qemu-kvm-tools-1.5.3-126.el7_3.9 qemu-img-1.5.3-126.el7_3.9 qemu-kvm-debuginfo-1.5.3-126.el7_3.9 qemu-kvm-1.5.3-126.el7_3.9 qemu-kvm-common-1.5.3-126.el7_3.9
192175 - Fedora Linux 25 FEDORA-2017-a3c7d077c7 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-10374
Description The scan detected that the host is missing the following update: FEDORA-2017-a3c7d077c7
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=1
Fedora Core 25 perltidy-20170521-1.fc25
192198 - Fedora Linux 24 FEDORA-2017-1f11501a9f Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-10374
Description The scan detected that the host is missing the following update: FEDORA-2017-1f11501a9f
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=2
Fedora Core 24 perltidy-20170521-1.fc24
192205 - Fedora Linux 26 FEDORA-2017-c76259ddea Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-10374
Description The scan detected that the host is missing the following update: FEDORA-2017-c76259ddea
Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/6/?count=200&page=6
Fedora Core 26 perltidy-20170521-1.fc26
ENHANCED CHECKS
The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 21632 - (VMSA-2017-0006) VMware Workstation Player Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905 Update Details Risk is updated
21644 - (VMSA-2017-0006) VMware Fusion Multiple Vulnerabilities
Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-4902, CVE-2017-4903, CVE-2017-4904, CVE-2017-4905
Update Details Risk is updated
21686 - (VMSA-2017-0008) VMware Workstation Player Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-4908, CVE-2017-4909, CVE-2017-4910, CVE-2017-4911, CVE-2017-4912, CVE-2017-4913
Update Details Risk is updated
21711 - (VMSA-2017-0008) VMware Horizon View Client Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-4908, CVE-2017-4909, CVE-2017-4910, CVE-2017-4911, CVE-2017-4912, CVE-2017-4913
Update Details Risk is updated
21713 - (VMSA-2017-0008) VMware Workstation Pro Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-4908, CVE-2017-4909, CVE-2017-4910, CVE-2017-4911, CVE-2017-4912, CVE-2017-4913
Update Details Risk is updated
21828 - Schneider Electric SoMachine HVAC Multiple Vulnerabilities
Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-7965, CVE-2017-7966
Update Details Risk is updated 130766 - Debian Linux 8.0 DSA-3848-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386
Update Details Risk is updated
130784 - Debian Linux 8.0 DSA-3870-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8295, CVE-2017-9061, CVE-2017-9062, CVE-2017-9063, CVE-2017-9064, CVE-2017-9065
Update Details FASLScript is updated
145367 - SuSE SLES 12 SP1, 12 SP2 SUSE-SU-2017:1357-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386
Update Details Risk is updated
170811 - Amazon Linux AMI ALAS-2017-842 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386
Update Details Risk is updated
178444 - Gentoo Linux GLSA-201706-04 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2017-8386
Update Details Risk is updated
185698 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3287-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386 Update Details Risk is updated
192096 - Fedora Linux 25 FEDORA-2017-f4319b6dfc Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386
Update Details Risk is updated
192114 - Fedora Linux 26 FEDORA-2017-7ea0e02914 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386
Update Details Risk is updated
192159 - Fedora Linux 24 FEDORA-2017-01a7989fc0 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8386
Update Details Risk is updated
141345 - Red Hat Enterprise Linux RHSA-2016-2602 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099
Update Details Risk is updated
163220 - Oracle Enterprise Linux ELSA-2016-2602 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099
Update Details Risk is updated
170690 - Amazon Linux AMI ALAS-2016-714 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099
Update Details Risk is updated
175055 - Scientific Linux Security ERRATA Low: mod_nss on SL7.x x86_64 (1612-4625)
Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2016-3099
Update Details Risk is updated
190558 - Fedora Linux 22 FEDORA-2016-85e9f2e3cd Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099
Update Details Risk is updated
190569 - Fedora Linux 23 FEDORA-2016-8b28358b72 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099
Update Details Risk is updated
190619 - Fedora Linux 24 FEDORA-2016-1eaaf1ed0f Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-3099
Update Details Risk is updated
191083 - Fedora Linux 23 FEDORA-2016-b1a36cccc8 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-4992
Update Details Risk is updated 191334 - Fedora Linux 24 FEDORA-2016-8660c7656f Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-5416
Update Details Risk is updated
191368 - Fedora Linux 25 FEDORA-2016-8f9d466bcc Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-5416
Update Details Risk is updated
190508 - Fedora Linux 24 FEDORA-2016-f75bd73891 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-3095
Update Details Risk is updated
190770 - Fedora Linux 24 FEDORA-2016-f9db2293a8 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2016-3111
Update Details Risk is updated
70014 - netbios-helpers.fasl3.inc
Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational CVE: CVE-MAP-NOMATCH
Update Details FASLScript is updated
HOW TO UPDATE
FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing. FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.
MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.
MCAFEE TECHNICAL SUPPORT
ServicePortal: https://mysupport.mcafee.com Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.html Non-US customers - Select your country from the list of Worldwide Offices.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.
Copyright 2017 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates