2017-JUL-27 FSL version 7.5.946

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.

NEW CHECKS

22152 - (JSA10802) Juniper Junos Insufficient Authentication Security Bypass Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-10601

Description A security-bypass vulnerability is present in some versions of Juniper Junos OS.

Observation Juniper Junos OS is an operating system used in Juniper devices.

A security-bypass vulnerability is present in some versions of Juniper Junos OS. The flaw lies in the Juniper Junos OS. Successful exploitation could allow a remote attacker to bypass authentication and gain access on the target system.

22161 - (JSA10791) Juniper Junos SRX Hardcoded Credentials Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-2343

Description An information disclosure vulnerability is present in some versions of Juniper Junos OS.

Observation Juniper Junos OS is an operating system used in Juniper devices.

An information disclosure vulnerability is present in some versions of Juniper Junos OS. The flaw lies in the UserFW services authentication API. Successful exploitation could allow an unauthenticated, remote attacker to gain access to sensitive information.

141631 - RHSA-2017-1798 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-7895

Description The scan detected that the host is missing the following update: RHSA-2017-1798

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.redhat.com/archives/rhsa-announce/2017-July/msg00023.html

RHEL6_6S x86_64 kernel-debuginfo-common-x86_64-2.6.32-504.62.1.el6 python-perf-2.6.32-504.62.1.el6 kernel-2.6.32-504.62.1.el6 perf-debuginfo-2.6.32-504.62.1.el6 kernel-headers-2.6.32-504.62.1.el6 perf-2.6.32-504.62.1.el6 kernel-debug-2.6.32-504.62.1.el6 kernel-debuginfo-2.6.32-504.62.1.el6 kernel-devel-2.6.32-504.62.1.el6 kernel-debug-devel-2.6.32-504.62.1.el6 kernel-debug-debuginfo-2.6.32-504.62.1.el6 python-perf-debuginfo-2.6.32-504.62.1.el6 noarch kernel-doc-2.6.32-504.62.1.el6 kernel-firmware-2.6.32-504.62.1.el6 kernel-abi-whitelists-2.6.32-504.62.1.el6

178479 - GLSA-201707-15 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: High CVE: CVE-2017-3075, CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3080, CVE-2017-3081, CVE- 2017-3082, CVE-2017-3083, CVE-2017-3084, CVE-2017-3099, CVE-2017-3100

Description The scan detected that the host is missing the following update: GLSA-201707-15

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/201707-15

Affected packages: www-plugins/adobe-flash < 26.0.0.137

185788 - Linux 16.10 USN-3359-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2014-9900, CVE-2016-9755, CVE-2017-1000380, CVE-2017-5551, CVE-2017-5576, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017-9150, CVE-2017-9605

Description The scan detected that the host is missing the following update: USN-3359-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003953.html

Ubuntu 16.10 linux-image-powerpc-smp_4.8.0.59.72 linux-image-raspi2_4.8.0.1043.47 linux-image-lowlatency_4.8.0.59.72 linux-image-generic-lpae_4.8.0.59.72 linux-image-4.8.0-1043-raspi2_4.8.0-1043.47 linux-image-4.8.0-59-powerpc-e500mc_4.8.0-59.64 linux-image-generic_4.8.0.59.72 linux-image-powerpc64-emb_4.8.0.59.72 linux-image-4.8.0-59-generic-lpae_4.8.0-59.64 linux-image-4.8.0-59-generic_4.8.0-59.64 linux-image-powerpc-e500mc_4.8.0.59.72 linux-image-4.8.0-59-powerpc-smp_4.8.0-59.64 linux-image-4.8.0-59-powerpc64-emb_4.8.0-59.64 linux-image-4.8.0-59-lowlatency_4.8.0-59.64

185792 - Ubuntu Linux 14.04 USN-3360-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2014-9900, CVE-2015-8944, CVE-2015-8955, CVE-2015-8962, CVE-2015-8963, CVE-2015-8964, CVE-2015-8966, CVE- 2015-8967, CVE-2016-10088, CVE-2017-1000380, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017- 9605

Description The scan detected that the host is missing the following update: USN-3360-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003955.html

Ubuntu 14.04 linux-image-powerpc-smp_3.13.0.125.135 linux-image-powerpc-e500_3.13.0.125.135 linux-image-generic-lpae_3.13.0.125.135 linux-image-3.13.0-125-powerpc-e500_3.13.0-125.174 linux-image-3.13.0-125-powerpc64-smp_3.13.0-125.174 linux-image-3.13.0-125-powerpc64-emb_3.13.0-125.174 linux-image-powerpc-e500mc_3.13.0.125.135 linux-image-generic_3.13.0.125.135 linux-image-3.13.0-125-generic_3.13.0-125.174 linux-image-powerpc64-emb_3.13.0.125.135 linux-image-3.13.0-125-powerpc-smp_3.13.0-125.174 linux-image-3.13.0-125-lowlatency_3.13.0-125.174 linux-image-lowlatency_3.13.0.125.135 linux-image-3.13.0-125-generic-lpae_3.13.0-125.174 linux-image-powerpc64-smp_3.13.0.125.135 linux-image-3.13.0-125-powerpc-e500mc_3.13.0-125.174

185796 - Ubuntu Linux 16.04 USN-3361-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2015-1350, CVE-2016-10208, CVE-2016-8405, CVE-2016-8636, CVE-2016-9083, CVE-2016-9084, CVE-2016-9191, CVE-2016-9604, CVE-2016-9755, CVE-2017-2583, CVE-2017-2584, CVE-2017-2596, CVE-2017-2618, CVE-2017-2671, CVE-2017- 5546, CVE-2017-5549, CVE-2017-5550, CVE-2017-5551, CVE-2017-5576, CVE-2017-5669, CVE-2017-5897, CVE-2017-5970, CVE- 2017-6001, CVE-2017-6214, CVE-2017-6345, CVE-2017-6346, CVE-2017-6347, CVE-2017-6348, CVE-2017-7187, CVE-2017-7261, CVE-2017-7273, CVE-2017-7472, CVE-2017-7616, CVE-2017-7618, CVE-2017-7645, CVE-2017-7889, CVE-2017-7895, CVE-2017- 8924, CVE-2017-8925, CVE-2017-9150

Description The scan detected that the host is missing the following update: USN-3361-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003956.html

Ubuntu 16.04 linux-image-generic-lpae-hwe-16.04_4.10.0.27.30 linux-image-4.10.0-27-generic_4.10.0-27.30~16.04.2 linux-image-generic-hwe-16.04_4.10.0.27.30 linux-image-4.10.0-27-lowlatency_4.10.0-27.30~16.04.2 linux-image-lowlatency-hwe-16.04_4.10.0.27.30 linux-image-4.10.0-27-generic-lpae_4.10.0-27.30~16.04.2

185800 - Ubuntu Linux 12.04 USN-3360-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2014-9900, CVE-2015-8944, CVE-2015-8955, CVE-2015-8962, CVE-2015-8963, CVE-2015-8964, CVE-2015-8966, CVE- 2015-8967, CVE-2016-10088, CVE-2017-1000380, CVE-2017-7346, CVE-2017-7895, CVE-2017-8924, CVE-2017-8925, CVE-2017- 9074, CVE-2017-9605

Description The scan detected that the host is missing the following update: USN-3360-2

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003957.html

Ubuntu 12.04 linux-image-generic-lts-trusty_3.13.0.125.116 linux-image-generic-lpae-lts-trusty_3.13.0.125.116 linux-image-3.13.0-125-generic_3.13.0-125.174~precise1 linux-image-3.13.0-125-generic-lpae_3.13.0-125.174~precise1 192402 - Fedora Linux 25 FEDORA-2017-98548b066b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-11176

Description The scan detected that the host is missing the following update: FEDORA-2017-98548b066b

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 25 kernel-4.11.11-200.fc25

192409 - Fedora Linux 26 FEDORA-2017-deb70b495e Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-11176

Description The scan detected that the host is missing the following update: FEDORA-2017-deb70b495e

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 26 kernel-4.11.11-300.fc26

22123 - Cisco IOS SNMP Remote Code Execution Vulnerability (CSCve66601)

Category: SSH Module -> NonIntrusive -> Cisco IOS Patches and Hotfixes Risk Level: High CVE: CVE-2017-6740

Description A vulnerability is present in some versions of Cisco IOS.

Observation Cisco IOS is an operating system used in Cisco devices.

A vulnerability is present in some versions of Cisco IOS. The flaw lies in the SNMP component. Successful exploitation could allow an attacker to remotely execute arbitrary code or cause a denial of service condition.

22153 - (JSA10801) Juniper Junos SRX Command Injection Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-2349

Description A command injection vulnerability is present in some versions of Juniper JunOS.

Observation Juniper JunOS is an operating system used in Juniper devices.

A command injection vulnerability is present in some versions of Juniper JunOS. The flaw lies in the Juniper Junos on SRX Series IDP feature. Successful exploitation could allow a remote authenticated user to gain elevated privileges.

22175 - (JSA10793) Juniper Junos Snmpd Daemon Denial of Service Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-2345

Description A vulnerability is present in some versions of Juniper Junos OS.

Observation Juniper Junos OS is an operating system used in Juniper devices.

A vulnerability is present in some versions of Juniper Junos OS. The flaw lies in the SNMP daemon. Successful exploitation could allow a remote attacker to execute arbitrary code or cause a denial of service.

141632 - Red Hat Enterprise Linux RHSA-2017-1791 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017- 10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017- 10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017- 10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243

Description The scan detected that the host is missing the following update: RHSA-2017-1791

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.redhat.com/archives/rhsa-announce/2017-July/msg00019.html

RHEL7D x86_64 java-1.7.0-oracle-jdbc-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-src-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-plugin-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-javafx-1.7.0.151-1jpp.1.el7_3

RHEL7S x86_64 java-1.7.0-oracle-jdbc-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-src-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-plugin-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-javafx-1.7.0.151-1jpp.1.el7_3

RHEL7WS x86_64 java-1.7.0-oracle-jdbc-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-src-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-devel-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-plugin-1.7.0.151-1jpp.1.el7_3 java-1.7.0-oracle-javafx-1.7.0.151-1jpp.1.el7_3

141633 - Red Hat Enterprise Linux RHSA-2017-1792 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017- 10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017- 10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243

Description The scan detected that the host is missing the following update: RHSA-2017-1792

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.redhat.com/archives/rhsa-announce/2017-July/msg00018.html

RHEL7D x86_64 java-1.6.0-sun-demo-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-plugin-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-devel-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-jdbc-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-src-1.6.0.161-1jpp.3.el7_3

RHEL7S x86_64 java-1.6.0-sun-demo-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-plugin-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-devel-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-jdbc-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-src-1.6.0.161-1jpp.3.el7_3

RHEL7WS x86_64 java-1.6.0-sun-demo-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-plugin-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-devel-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-jdbc-1.6.0.161-1jpp.3.el7_3 java-1.6.0-sun-src-1.6.0.161-1jpp.3.el7_3

141634 - Red Hat Enterprise Linux RHSA-2017-1790 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017- 10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017- 10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017- 10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243

Description The scan detected that the host is missing the following update: RHSA-2017-1790

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.redhat.com/archives/rhsa-announce/2017-July/msg00020.html

RHEL7D x86_64 java-1.8.0-oracle-src-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-plugin-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-devel-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-jdbc-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-javafx-1.8.0.141-1jpp.1.el7_3

RHEL7S x86_64 java-1.8.0-oracle-src-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-plugin-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-devel-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-jdbc-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-javafx-1.8.0.141-1jpp.1.el7_3

RHEL7WS x86_64 java-1.8.0-oracle-src-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-plugin-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-devel-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-jdbc-1.8.0.141-1jpp.1.el7_3 java-1.8.0-oracle-javafx-1.8.0.141-1jpp.1.el7_3 141635 - Red Hat Enterprise Linux RHSA-2017-1789 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017- 10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017- 10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017- 10198

Description The scan detected that the host is missing the following update: RHSA-2017-1789

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.redhat.com/archives/rhsa-announce/2017-July/msg00021.html

RHEL7S noarch java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-zip-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-1.8.0.141-1.b16.el7_3 x86_64 java-1.8.0-openjdk-accessibility-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debuginfo-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-accessibility-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3

RHEL6S i386 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debuginfo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9 noarch java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9 x86_64 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debuginfo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9

RHEL6WS x86_64 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debuginfo-1.8.0.141-2.b16.el6_9 i386 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debuginfo-1.8.0.141-2.b16.el6_9

RHEL7D x86_64 java-1.8.0-openjdk-accessibility-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debuginfo-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-accessibility-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3 noarch java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-zip-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-1.8.0.141-1.b16.el7_3

RHEL6D i386 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debuginfo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9 noarch java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9 x86_64 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debuginfo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9

RHEL7WS x86_64 java-1.8.0-openjdk-accessibility-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debuginfo-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-accessibility-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3 noarch java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-zip-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-1.8.0.141-1.b16.el7_3

160286 - CentOS 6, 7 CESA-2017-1789 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: CESA-2017-1789

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2017-July/022508.html http://lists.centos.org/pipermail/centos-announce/2017-July/022509.html CentOS 7 i686 java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3 noarch java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-zip-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-1.8.0.141-1.b16.el7_3 x86_64 java-1.8.0-openjdk-src-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-accessibility-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-accessibility-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3

CentOS 6 i686 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9 noarch java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9 x86_64 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9

163395 - Oracle Enterprise Linux ELSA-2017-1789 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017- 10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017- 10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017- 10198

Description The scan detected that the host is missing the following update: ELSA-2017-1789

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2017-July/007060.html http://oss.oracle.com/pipermail/el-errata/2017-July/007062.html

OEL7 x86_64 java-1.8.0-openjdk-accessibility-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-zip-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-accessibility-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3

OEL6 x86_64 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9 i386 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9

170837 - Amazon Linux AMI ALAS-2017-860 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017- 10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017- 10116, CVE-2017-10135, CVE-2017-10193, CVE-2017-10198

Description The scan detected that the host is missing the following update: ALAS-2017-860

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2017-860.html

Amazon Linux AMI i686 java-1.8.0-openjdk-demo-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-debuginfo-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-src-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-devel-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-headless-1.8.0.141-1.b16.32.amzn1 noarch java-1.8.0-openjdk-javadoc-zip-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-javadoc-1.8.0.141-1.b16.32.amzn1 x86_64 java-1.8.0-openjdk-demo-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-debuginfo-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-src-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-devel-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-1.8.0.141-1.b16.32.amzn1 java-1.8.0-openjdk-headless-1.8.0.141-1.b16.32.amzn1

175205 - Security ERRATA Critical: java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (1707-10218)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: High CVE: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017- 10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017- 10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017- 10198

Description The scan detected that the host is missing the following update: Security ERRATA Critical: java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (1707-10218)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://listserv.fnal.gov/scripts/wa.exe?A2=ind1707&L=scientific-linux-errata&F=&S=&P=10218

SL7 x86_64 java-1.8.0-openjdk-accessibility-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debuginfo-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-devel-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-headless-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-accessibility-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-src-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-demo-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-1.8.0.141-1.b16.el7_3 noarch java-1.8.0-openjdk-javadoc-zip-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-zip-1.8.0.141-1.b16.el7_3 java-1.8.0-openjdk-javadoc-1.8.0.141-1.b16.el7_3

SL6 i386 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debuginfo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9 noarch java-1.8.0-openjdk-javadoc-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-javadoc-debug-1.8.0.141-2.b16.el6_9 x86_64 java-1.8.0-openjdk-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-src-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-debuginfo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-demo-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-devel-debug-1.8.0.141-2.b16.el6_9 java-1.8.0-openjdk-headless-debug-1.8.0.141-2.b16.el6_9

182400 - FreeBSD webkit2-gtk3 Multiple Vulnabilities (0f66b901-715c-11e7-ad1f-bcaec565249c)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: High CVE: CVE-2017-7006, CVE-2017-7011, CVE-2017-7012, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE- 2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7059, CVE-2017- 7061, CVE-2017-7064

Description The scan detected that the host is missing the following update: webkit2-gtk3 -- multiple vulnabilities (0f66b901-715c-11e7-ad1f-bcaec565249c)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/0f66b901-715c-11e7-ad1f-bcaec565249c.html

Affected packages: webkit2-gtk3 < 2.16.6

22170 - (JSA10789) Juniper Junos SRX Denial Of Service Vulnerabilities

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-10605, CVE-2017-2314

Description Multiple vulnerabilities are present in some versions of Juniper Junos OS.

Observation Juniper Junos OS is an operating system used in Juniper devices.

Multiple vulnerabilities are present in some versions of Juniper Junos OS. The flaws are related with a bad filtering of maliciously crafted DHCP packets. Successful exploitation could allow an attacker to cause a denial of service condition.

22151 - Apache HTTP Server Multiple Vulnerabilities Prior To 2.2.34

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-3167, CVE-2017-3169, CVE-2017-7668, CVE-2017-7679, CVE-2017-9788

Description Multiple vulnerabilities are present in some versions of Apache HTTP Server.

Observation Apache HTTP Server is an open source web server.

Multiple vulnerabilities are present in some versions of Apache HTTP Server. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause denial of service, obtain sensitive information, or bypass security measures.

22164 - Novell Sentinel Vulnerability Prior To 8.0.1.1 Build 3611

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2016-1000031

Description A vulnerability is present in some versions of Novell Sentinel.

Observation Sentinel is a security information and event management (SIEM) tool.

A vulnerability is present in some versions of Novell Sentinel. The flaw is due to improper handling of object sent to Apache Commons File Upload. Successful exploitation could allow an attacker to obtain sensitive information, cause a denial of service or execute arbitrary code.

22169 - (JSA10790) Juniper Junos SRX MACsec Security Bypass Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-2342

Description A vulnerability is present in some versions of Juniper Junos OS.

Observation Juniper Junos OS is an operating system used in Juniper devices.

A vulnerability is present in some versions of Juniper Junos OS. The flaw lies in the Media Access Control Security component. Successful exploitation could allow an attacker that uses malicious crafted links to bypass security access restrictions on the target system.

22172 - Wireshark Multiple Vulnerabilities Prior To 2.2.8

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-11406, CVE-2017-11407, CVE-2017-11408

Description Multiple vulnerabilities are present in some versions of Wireshark.

Observation Wireshark is a tool that is used to analyze the network protocol and traffic.

Multiple vulnerabilities are present in some versions of Wireshark. The flaws lie in multiple dissectors. Successful exploitation could allow an attacker to cause a denial of service condition.

22178 - Oracle MySQL Enterprise Monitor Critical Patch Update July 2017 (CVE-2016-4436)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-4436

Description A vulnerability is present in some versions of Oracle MySQL Enterprise Monitor.

Observation Oracle MySQL Enterprise Monitor enables monitoring of multiple Oracle MySQL instances.

A vulnerability is present in some versions of Oracle MySQL Enterprise Monitor. The flaw lies in Apache Struts. Successful exploitation could allow an attacker to bypass certain security restrictions and perform unspecified attack.

22180 - Oracle MySQL Enterprise Monitor Critical Patch Update July 2017 (CVE-2017-5651)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-5651

Description A vulnerability is present in some versions of Oracle MySQL Enterprise Monitor.

Observation Oracle MySQL Enterprise Monitor enables monitoring of multiple Oracle MySQL instances.

A vulnerability is present in some versions of Oracle MySQL Enterprise Monitor. The flaw lies in Apache Tomcat. Successful exploitation could allow an attacker to obtain sensitive information, or perform unspecified attack.

130823 - Linux 8.0, 9.0 DSA-3914-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2017-10928, CVE-2017-11141, CVE-2017-11170, CVE-2017-11188, CVE-2017-11352, CVE-2017-11360, CVE-2017- 11447, CVE-2017-11448, CVE-2017-11449, CVE-2017-11450, CVE-2017-11478, CVE-2017-9439, CVE-2017-9440, CVE-2017-9501

Description The scan detected that the host is missing the following update: DSA-3914-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3914

Debian 8.0 all imagemagick_8:6.8.9.9-5+deb8u10

Debian 9.0 all imagemagick_8:6.9.7.4+dfsg-11+deb9u1 141636 - Red Hat Enterprise Linux RHSA-2017-1793 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE- 2017-7778

Description The scan detected that the host is missing the following update: RHSA-2017-1793

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.redhat.com/archives/rhsa-announce/2017-July/msg00022.html

RHEL7D x86_64 graphite2-1.3.10-1.el7_3 graphite2-devel-1.3.10-1.el7_3 graphite2-debuginfo-1.3.10-1.el7_3

RHEL7S x86_64 graphite2-1.3.10-1.el7_3 graphite2-devel-1.3.10-1.el7_3 graphite2-debuginfo-1.3.10-1.el7_3

RHEL7WS x86_64 graphite2-1.3.10-1.el7_3 graphite2-devel-1.3.10-1.el7_3 graphite2-debuginfo-1.3.10-1.el7_3

145457 - SuSE SLES 11 SP4 SUSE-SU-2017:1938-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-1338

Description The scan detected that the host is missing the following update: SUSE-SU-2017:1938-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2017-July/003060.html

SuSE SLES 11 SP4 i586 apport-gtk-0.114-12.8.3.1 apport-0.114-12.8.3.1 apport-crashdb-sle-0.114-0.8.3.1 x86_64 apport-gtk-0.114-12.8.3.1 apport-0.114-12.8.3.1 apport-crashdb-sle-0.114-0.8.3.1

160284 - CentOS 7 CESA-2017-1793 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: CESA-2017-1793

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2017-July/022510.html

CentOS 7 x86_64 graphite2-1.3.10-1.el7_3 graphite2-devel-1.3.10-1.el7_3 i686 graphite2-1.3.10-1.el7_3 graphite2-devel-1.3.10-1.el7_3

160285 - CentOS 6 CESA-2017-1759 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: High CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: CESA-2017-1759

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.centos.org/pipermail/centos-announce/2017-July/022507.html

CentOS 6 x86_64 freeradius-krb5-2.2.6-7.el6_9 freeradius-ldap-2.2.6-7.el6_9 freeradius-python-2.2.6-7.el6_9 freeradius-postgresql-2.2.6-7.el6_9 freeradius-perl-2.2.6-7.el6_9 freeradius-unixODBC-2.2.6-7.el6_9 freeradius-2.2.6-7.el6_9 freeradius-utils-2.2.6-7.el6_9 freeradius-mysql-2.2.6-7.el6_9 i686 freeradius-krb5-2.2.6-7.el6_9 freeradius-ldap-2.2.6-7.el6_9 freeradius-python-2.2.6-7.el6_9 freeradius-postgresql-2.2.6-7.el6_9 freeradius-perl-2.2.6-7.el6_9 freeradius-unixODBC-2.2.6-7.el6_9 freeradius-2.2.6-7.el6_9 freeradius-utils-2.2.6-7.el6_9 freeradius-mysql-2.2.6-7.el6_9

163394 - Oracle Enterprise Linux ELSA-2017-1793 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE- 2017-7778

Description The scan detected that the host is missing the following update: ELSA-2017-1793

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/el-errata/2017-July/007061.html

OEL7 x86_64 graphite2-1.3.10-1.el7_3 graphite2-devel-1.3.10-1.el7_3

170835 - Amazon Linux AMI ALAS-2017-858 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-3142, CVE-2017-3143

Description The scan detected that the host is missing the following update: ALAS-2017-858

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2017-858.html

Amazon Linux AMI x86_64 bind-chroot-9.8.2-0.62.rc1.56.amzn1 bind-9.8.2-0.62.rc1.56.amzn1 bind-devel-9.8.2-0.62.rc1.56.amzn1 bind-sdb-9.8.2-0.62.rc1.56.amzn1 bind-libs-9.8.2-0.62.rc1.56.amzn1 bind-utils-9.8.2-0.62.rc1.56.amzn1 bind-debuginfo-9.8.2-0.62.rc1.56.amzn1 i686 bind-chroot-9.8.2-0.62.rc1.56.amzn1 bind-9.8.2-0.62.rc1.56.amzn1 bind-devel-9.8.2-0.62.rc1.56.amzn1 bind-sdb-9.8.2-0.62.rc1.56.amzn1 bind-libs-9.8.2-0.62.rc1.56.amzn1 bind-utils-9.8.2-0.62.rc1.56.amzn1 bind-debuginfo-9.8.2-0.62.rc1.56.amzn1

170838 - Amazon Linux AMI ALAS-2017-861 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: High CVE: CVE-2017-9450

Description The scan detected that the host is missing the following update: ALAS-2017-861

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2017-861.html

Amazon Linux AMI noarch aws-cfn-bootstrap-1.4-19.10.amzn1

175204 - Scientific Linux Security ERRATA Important: graphite2 on SL7.x x86_64 (1707-10939)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: High CVE: CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE- 2017-7778

Description The scan detected that the host is missing the following update: Security ERRATA Important: graphite2 on SL7.x x86_64 (1707-10939)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://listserv.fnal.gov/scripts/wa.exe?A2=ind1707&L=scientific-linux-errata&F=&S=&P=10939

SL7 x86_64 graphite2-1.3.10-1.el7_3 graphite2-devel-1.3.10-1.el7_3 graphite2-debuginfo-1.3.10-1.el7_3

185778 - Ubuntu Linux 14.04, 16.04, 17.04 USN-3365-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2009-5147, CVE-2015-1855, CVE-2015-7551, CVE-2015-9096, CVE-2016-2337, CVE-2016-2339, CVE-2016-7798

Description The scan detected that the host is missing the following update: USN-3365-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003966.html

Ubuntu 16.04 ruby2.3_2.3.1-2~16.04.2 libruby2.3_2.3.1-2~16.04.2

Ubuntu 14.04 ruby1.9.1_1.9.3.484-2ubuntu1.3 libruby1.9.1_1.9.3.484-2ubuntu1.3 libruby2.0_2.0.0.484-1ubuntu2.4 ruby2.0_2.0.0.484-1ubuntu2.4

Ubuntu 17.04 libruby2.3_2.3.3-1ubuntu0.1 ruby2.3_2.3.3-1ubuntu0.1

185786 - Ubuntu Linux 14.04, 16.04, 17.04 USN-3363-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2017-10928, CVE-2017-11141, CVE-2017-11170, CVE-2017-11188, CVE-2017-11352, CVE-2017-11360, CVE-2017- 11447, CVE-2017-11448, CVE-2017-11449, CVE-2017-11450, CVE-2017-11478, CVE-2017-9261, CVE-2017-9262, CVE-2017-9405, CVE-2017-9407, CVE-2017-9409, CVE-2017-9439, CVE-2017-9440, CVE-2017-9501

Description The scan detected that the host is missing the following update: USN-3363-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003960.html

Ubuntu 16.04 imagemagick-6.q16_6.8.9.9-7ubuntu5.8 imagemagick_6.8.9.9-7ubuntu5.8 libmagickcore-6.q16-2_6.8.9.9-7ubuntu5.8

Ubuntu 14.04 imagemagick_6.7.7.10-6ubuntu3.8 libmagickcore5_6.7.7.10-6ubuntu3.8

Ubuntu 17.04 imagemagick_6.9.7.4+dfsg-3ubuntu1.2 imagemagick-6.q16_6.9.7.4+dfsg-3ubuntu1.2 libmagickcore-6.q16-3_6.9.7.4+dfsg-3ubuntu1.2

185795 - Ubuntu Linux 12.04 USN-3212-3 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2015-7554, CVE-2015-8668, CVE-2016-10092, CVE-2016-3623, CVE-2016-3624, CVE-2016-3632, CVE-2016-3990, CVE-2016-3991, CVE-2016-5321, CVE-2016-5322, CVE-2016-8331, CVE-2016-9453, CVE-2016-9533, CVE-2016-9534, CVE-2016- 9536, CVE-2016-9537

Description The scan detected that the host is missing the following update: USN-3212-3

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003947.html

Ubuntu 12.04 libtiff-tools_3.9.5-2ubuntu1.10 libtiff4_3.9.5-2ubuntu1.10

192401 - Fedora Linux 26 FEDORA-2017-3d5354d30f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-10672

Description The scan detected that the host is missing the following update: FEDORA-2017-3d5354d30f

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 26 perl-XML-LibXML-2.0129-2.fc26 192413 - Fedora Linux 26 FEDORA-2017-114e1abf9d Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-10965, CVE-2017-10966

Description The scan detected that the host is missing the following update: FEDORA-2017-114e1abf9d

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=3

Fedora Core 26 irssi-1.0.4-1.fc26

192418 - Fedora Linux 25 FEDORA-2017-2d8a1226d1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-9433

Description The scan detected that the host is missing the following update: FEDORA-2017-2d8a1226d1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 25 libmwaw-0.3.12-1.fc25

192419 - Fedora Linux 25 FEDORA-2017-f941184db1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-9603, CVE-2017-10806, CVE-2017-7377, CVE-2017-7718, CVE-2017-7980, CVE-2017-8112, CVE-2017-8309, CVE-2017-8379, CVE-2017-8380, CVE-2017-9060, CVE-2017-9310, CVE-2017-9330, CVE-2017-9374

Description The scan detected that the host is missing the following update: FEDORA-2017-f941184db1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 25 qemu-2.7.1-7.fc25

192427 - Fedora Linux 25 FEDORA-2017-efdd962fee Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-6542

Description The scan detected that the host is missing the following update: FEDORA-2017-efdd962fee

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=3

Fedora Core 25 putty-0.70-1.fc25

192434 - Fedora Linux 25 FEDORA-2017-534f300508 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-10672

Description The scan detected that the host is missing the following update: FEDORA-2017-534f300508

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 25 perl-XML-LibXML-2.0129-2.fc25

192440 - Fedora Linux 24 FEDORA-2017-790ff602a6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-10672 Description The scan detected that the host is missing the following update: FEDORA-2017-790ff602a6

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 24 perl-XML-LibXML-2.0128-2.fc24

22128 - IBM AIX NTP Multiple Vulnerabilities (ntp_advisory9)

Category: SSH Module -> NonIntrusive -> AIX Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6451, CVE-2017-6458, CVE-2017-6462, CVE-2017-6464

Description Multiple vulnerabilities are present in some versions of IBM AIX.

Observation IBM AIX is a Unix-like operating system.

Multiple vulnerabilities are present in some versions of IBM AIX. The flaws lie in NTP. Successful exploitation could allow an attacker to bypass security restrictions or cause a denial of service condition.

22157 - (JSA10792) Juniper Junos Buffer Overflow Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Medium CVE: CVE-2017-2344

Description A vulnerability is present in some versions of Juniper Junos OS.

Observation Juniper Junos OS is an operating system used in Juniper devices.

A vulnerability is present in some versions of Juniper Junos OS. The flaw lies in an internal sockets library. Successful exploitation could allow a malicious user to cause a denial of service or to execute arbitrary code leading to elevation of privileges.

22166 - (JSA10805) Juniper Junos CLI Local Privilege Escalation Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Medium CVE: CVE-2017-10603

Description A vulnerability is present in some versions of Juniper Junos OS. Observation Juniper JunOS is an operating system used in Juniper devices.

A vulnerability is present in some versions of Juniper Junos OS. The flaw lies in the Juniper Junos OS CLI. Successful exploitation could allow a local authenticated user with limited privileges to escalate privileges and run arbitrary commands as the root user.

130825 - Debian Linux 8.0, 9.0 DSA-3917-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11110

Description The scan detected that the host is missing the following update: DSA-3917-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3917

Debian 8.0 all catdoc_0.94.4-1.1+deb8u1

Debian 9.0 all catdoc_1:0.94.3~git20160113.dbc9ec6+dfsg-1+deb9u1

185780 - Ubuntu Linux 12.04 USN-3357-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-3302, CVE-2017-3305, CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3453, CVE-2017-3456, CVE- 2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3600, CVE-2017-3635, CVE-2017-3636, CVE-2017-3641, CVE-2017-3648, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653

Description The scan detected that the host is missing the following update: USN-3357-2

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003962.html

Ubuntu 12.04 mysql-server-5.5_5.5.57-0ubuntu0.12.04.1

185783 - Ubuntu Linux 14.04, 16.04, 17.04 USN-3362-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-10971, CVE-2017-10972, CVE-2017-2624

Description The scan detected that the host is missing the following update: USN-3362-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003959.html

Ubuntu 16.04 xserver-xorg-core_1.18.4-0ubuntu0.3 xserver-xorg-core-hwe-16.04_1.18.4-1ubuntu6.1~16.04.2

Ubuntu 14.04 xserver-xorg-core_1.15.1-0ubuntu2.9 xserver-xorg-core-lts-xenial_1.18.3-1ubuntu2.3~trusty2

Ubuntu 17.04 xserver-xorg-core_1.19.3-1ubuntu1.1

185790 - Ubuntu Linux 12.04 USN-3353-4 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11103

Description The scan detected that the host is missing the following update: USN-3353-4

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003961.html

Ubuntu 12.04

CVE-2017-11103_----- libsmbclient_3.6.25-0ubuntu0.12.04.12

185791 - Ubuntu Linux 12.04 USN-3353-3 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11103

Description The scan detected that the host is missing the following update: USN-3353-3

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003958.html

Ubuntu 12.04 libkrb5-26-heimdal_1.6~git20120311.dfsg.1-2ubuntu0.2 CVE-2017-11103_-----

185797 - Ubuntu Linux 12.04 USN-3309-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-6891

Description The scan detected that the host is missing the following update: USN-3309-2

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003945.html

Ubuntu 12.04 libtasn1-3_2.10-1ubuntu1.6 CVE-2017-6891_-----

192400 - Fedora Linux 26 FEDORA-2017-2afe501b36 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11103

Description The scan detected that the host is missing the following update: FEDORA-2017-2afe501b36

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 26 heimdal-7.4.0-1.fc26 192405 - Fedora Linux 24 FEDORA-2017-37f68e3534 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-2538

Description The scan detected that the host is missing the following update: FEDORA-2017-37f68e3534

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 24 webkitgtk4-2.16.5-1.fc24

192408 - Fedora Linux 25 FEDORA-2017-cf1a42722d Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11464

Description The scan detected that the host is missing the following update: FEDORA-2017-cf1a42722d

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 25 librsvg2-2.40.18-1.fc25

192421 - Fedora Linux 24 FEDORA-2017-941058c1f1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11464

Description The scan detected that the host is missing the following update: FEDORA-2017-941058c1f1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 24 librsvg2-2.40.18-1.fc24

192423 - Fedora Linux 26 FEDORA-2017-0446b53fd8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11403

Description The scan detected that the host is missing the following update: FEDORA-2017-0446b53fd8

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 26

GraphicsMagick-1.3.26-3.fc26

192424 - Fedora Linux 25 FEDORA-2017-c22a8af4e9 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11173

Description The scan detected that the host is missing the following update: FEDORA-2017-c22a8af4e9

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 25 rubygem-rack-cors-0.4.1-1.fc25

192426 - Fedora Linux 25 FEDORA-2017-6c52e2d731 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11403

Description The scan detected that the host is missing the following update: FEDORA-2017-6c52e2d731

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 25

GraphicsMagick-1.3.26-3.fc25

192429 - Fedora Linux 24 FEDORA-2017-758fafed81 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11403

Description The scan detected that the host is missing the following update: FEDORA-2017-758fafed81

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 24

GraphicsMagick-1.3.26-3.fc24

192438 - Fedora Linux 24 FEDORA-2017-98bed96d12 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-5078, CVE-2016-5133, CVE-2016-5147, CVE-2016-5153, CVE-2016-5155, CVE-2016-5161, CVE-2016-5166, CVE- 2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5181, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5192, CVE-2016-5198, CVE-2016-5205, CVE-2016-5207, CVE-2016-5208, CVE-2016-5214, CVE-2016-5215, CVE-2016- 5221, CVE-2016-5222, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, CVE-2017-5006, CVE- 2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5012, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5019, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, CVE-2017-5029, CVE-2017- 5033, CVE-2017-5037, CVE-2017-5044, CVE-2017-5046, CVE-2017-5047, CVE-2017-5048, CVE-2017-5049, CVE-2017-5050, CVE- 2017-5051, CVE-2017-5059, CVE-2017-5061, CVE-2017-5062, CVE-2017-5065, CVE-2017-5067, CVE-2017-5069, CVE-2017-5070, CVE-2017-5071, CVE-2017-5075, CVE-2017-5076, CVE-2017-5083, CVE-2017-5089

Description The scan detected that the host is missing the following update: FEDORA-2017-98bed96d12

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2 Fedora Core 24 qt5-qtwebengine-5.6.3-0.1.20170712gitee719ad313e564.fc24

192439 - Fedora Linux 25 FEDORA-2017-5d6a9e0c9c Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11103

Description The scan detected that the host is missing the following update: FEDORA-2017-5d6a9e0c9c

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 25 heimdal-7.4.0-1.fc25

192441 - Fedora Linux 26 FEDORA-2017-cf36278519 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11464

Description The scan detected that the host is missing the following update: FEDORA-2017-cf36278519

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 26 librsvg2-2.40.18-1.fc26

22148 - IBM WebSphere MQ Denial Of Service Vulnerability (swg22003856)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-1285

Description A denial of service vulnerability is present in some versions of IBM WebSphere MQ. Observation IBM WebSphere MQ is a popular cross platform messaging system.

A denial of service vulnerability is present in some versions of IBM WebSphere MQ. The flaw is due to improper message handling. Successful exploitation could allow an attacker to cause a denial of service condition.

22162 - (JSA10806) Juniper Junos SRX Cluster Configuration Synch Failures Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Medium CVE: CVE-2017-10604

Description A vulnerability is present in some versions of Juniper JunOS.

Observation Juniper JunOS is an operating system used in Juniper devices.

A vulnerability is present in some versions of Juniper JunOS. The flaw is due to improper handling of cluster sync or failover operation. Successful exploitation could allow an attacker to cause a denial of service condition.

22179 - Oracle MySQL Enterprise Monitor Critical Patch Update July 2017 (CVE-2017-5647)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-5647

Description A vulnerability is present in some versions of Oracle MySQL Enterprise Monitor.

Observation Oracle MySQL Enterprise Monitor enables monitoring of multiple Oracle MySQL instances.

A vulnerability is present in some versions of Oracle MySQL Enterprise Monitor. The flaw lies in Apache Tomcat. Successful exploitation could allow an attacker to obtain sensitive information, or perform unspecified attack.

88891 - Slackware Linux 13.37, 14.0, 14.1, 14.2 SSA:2017-205-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11108

Description The scan detected that the host is missing the following update: SSA:2017-205-01

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.468869 Slackware 14.0 x86_64 tcpdump-4.9.1-x86_64-1

Slackware 14.2 x86_64 tcpdump-4.9.1-x86_64-1 i586 tcpdump-4.9.1-i586-1

Slackware 14.1 x86_64 tcpdump-4.9.1-x86_64-1

Slackware 13.37 x86_64 tcpdump-4.9.1-x86_64-1

130826 - Debian Linux 9.0 DSA-3915-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000026

Description The scan detected that the host is missing the following update: DSA-3915-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3915

Debian 9.0 all ruby-mixlib-archive_0.2.0-1+deb9u1

145454 - SuSE SLES 12 SP2, SLED 12 SP2 SUSE-SU-2017:1898-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9445

Description The scan detected that the host is missing the following update: SUSE-SU-2017:1898-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2017-July/003039.html

SuSE SLED 12 SP2 x86_64 dracut-debugsource-044.1-109.8.3 systemd-228-150.7.1 dracut-debuginfo-044.1-109.8.3 libudev1-32bit-228-150.7.1 libudev1-debuginfo-228-150.7.1 libsystemd0-debuginfo-228-150.7.1 systemd-debuginfo-228-150.7.1 systemd-debugsource-228-150.7.1 libudev1-debuginfo-32bit-228-150.7.1 libsystemd0-debuginfo-32bit-228-150.7.1 libsystemd0-228-150.7.1 systemd-debuginfo-32bit-228-150.7.1 libudev1-228-150.7.1 systemd-32bit-228-150.7.1 udev-debuginfo-228-150.7.1 systemd-sysvinit-228-150.7.1 udev-228-150.7.1 dracut-044.1-109.8.3 libsystemd0-32bit-228-150.7.1 noarch systemd-bash-completion-228-150.7.1

SuSE SLES 12 SP2 noarch systemd-bash-completion-228-150.7.1 x86_64 dracut-fips-044.1-109.8.3 dracut-debugsource-044.1-109.8.3 systemd-sysvinit-228-150.7.1 libudev1-debuginfo-228-150.7.1 dracut-debuginfo-044.1-109.8.3 libudev1-32bit-228-150.7.1 systemd-debuginfo-228-150.7.1 libsystemd0-debuginfo-32bit-228-150.7.1 libsystemd0-debuginfo-228-150.7.1 systemd-debugsource-228-150.7.1 libudev1-debuginfo-32bit-228-150.7.1 systemd-228-150.7.1 libsystemd0-228-150.7.1 systemd-debuginfo-32bit-228-150.7.1 libudev1-228-150.7.1 systemd-32bit-228-150.7.1 udev-debuginfo-228-150.7.1 udev-228-150.7.1 dracut-044.1-109.8.3 libsystemd0-32bit-228-150.7.1

145455 - SuSE SLES 12 SP2, SLED 12 SP2 SUSE-SU-2017:1916-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-9262, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE- 2016-9394, CVE-2017-1000050

Description The scan detected that the host is missing the following update: SUSE-SU-2017:1916-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2017-July/003054.html

SuSE SLED 12 SP2 x86_64 libjasper1-32bit-1.900.14-195.3.1 libjasper1-debuginfo-32bit-1.900.14-195.3.1 libjasper1-1.900.14-195.3.1 libjasper1-debuginfo-1.900.14-195.3.1 jasper-debugsource-1.900.14-195.3.1 jasper-debuginfo-1.900.14-195.3.1

SuSE SLES 12 SP2 x86_64 libjasper1-32bit-1.900.14-195.3.1 libjasper1-debuginfo-32bit-1.900.14-195.3.1 libjasper1-1.900.14-195.3.1 libjasper1-debuginfo-1.900.14-195.3.1 jasper-debugsource-1.900.14-195.3.1 jasper-debuginfo-1.900.14-195.3.1

145456 - SuSE SLES 11 SP4 SUSE-SU-2017:1901-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-9262, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE- 2016-9394, CVE-2017-1000050

Description The scan detected that the host is missing the following update: SUSE-SU-2017:1901-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2017-July/003040.html

SuSE SLES 11 SP4 i586 libjasper-1.900.14-134.33.3.1 x86_64 libjasper-32bit-1.900.14-134.33.3.1 libjasper-1.900.14-134.33.3.1

170836 - Amazon Linux AMI ALAS-2017-859 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000381 Description The scan detected that the host is missing the following update: ALAS-2017-859

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://alas.aws.amazon.com/ALAS-2017-859.html

Amazon Linux AMI x86_64 c-ares-devel-1.13.0-1.5.amzn1 c-ares-1.13.0-1.5.amzn1 c-ares-debuginfo-1.13.0-1.5.amzn1 i686 c-ares-devel-1.13.0-1.5.amzn1 c-ares-1.13.0-1.5.amzn1 c-ares-debuginfo-1.13.0-1.5.amzn1

182397 - FreeBSD collectd5 Denial Of Service By Sending A Signed Network Packet To A Server Which Is Not Set Up To Check Signatures (08a2

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7401

Description The scan detected that the host is missing the following update: collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures (08a2df48-6c6a- 11e7-9b01-2047478f2f70)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/08a2df48-6c6a-11e7-9b01-2047478f2f70.html

Affected packages: collectd5 < 5.7.2

182398 - FreeBSD gsoap Remote Code Execution Via Via Overflow (8745c67e-7dd1-4165-96e2-fcf9da2dc5b5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9765

Description The scan detected that the host is missing the following update: gsoap -- remote code execution via via overflow (8745c67e-7dd1-4165-96e2-fcf9da2dc5b5)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/8745c67e-7dd1-4165-96e2-fcf9da2dc5b5.html

Affected packages: gsoap < 2.8.47

182403 - FreeBSD strongswan Insufficient Input Validation In Gmp Plugin (e6ccaf8a-6c63-11e7-9b01-2047478f2f70)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9022

Description The scan detected that the host is missing the following update: strongswan -- Insufficient Input Validation in gmp Plugin (e6ccaf8a-6c63-11e7-9b01-2047478f2f70)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/e6ccaf8a-6c63-11e7-9b01-2047478f2f70.html

Affected packages: 4.4.0 <= strongswan <= 5.5.2

185794 - Ubuntu Linux 12.04 USN-3274-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-7867, CVE-2017-7868

Description The scan detected that the host is missing the following update: USN-3274-2

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003942.html

Ubuntu 12.04 libicu48_4.8.1.1-3ubuntu0.8

192410 - Fedora Linux 26 FEDORA-2017-7c1621d2e8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000381

Description The scan detected that the host is missing the following update: FEDORA-2017-7c1621d2e8

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 26 nodejs-6.11.1-1.fc26

192417 - Fedora Linux 24 FEDORA-2017-aa44293a53 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000381

Description The scan detected that the host is missing the following update: FEDORA-2017-aa44293a53

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 24 nodejs-4.8.4-6.fc24

192442 - Fedora Linux 25 FEDORA-2017-81522ac6d8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000381

Description The scan detected that the host is missing the following update: FEDORA-2017-81522ac6d8

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 25 nodejs-6.11.1-1.fc25

22149 - IBM WebSphere MQ Information Disclosure Vulnerability (swg22003853)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-1337

Description An information disclosure vulnerability is present in some versions of IBM WebSphere MQ.

Observation IBM WebSphere MQ is a messaging solution.

An information disclosure vulnerability is present in some versions of IBM WebSphere MQ. The flaw is due to improper handling of credentials. Successful exploitation could allow an attacker to obtain sensitive information.

22168 - IBM WebSphere MQ Denial Of Service Vulnerability (swg22003510)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2017-1236

Description A denial of service vulnerability is present in some versions of IBM WebSphere MQ.

Observation IBM WebSphere MQ is a popular cross platform messaging system.

A denial of service vulnerability is present in some versions of IBM WebSphere MQ. The flaw is due to improper validation of saved channel status inquiry. Successful exploitation could allow an attacker to cause a denial of service condition.

182402 - FreeBSD strongswan Denial-of-service Vulnerability In The X509 Plugin (c7e8e955-6c61-11e7-9b01-2047478f2f70)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9023

Description The scan detected that the host is missing the following update: strongswan -- Denial-of-service vulnerability in the x509 plugin (c7e8e955-6c61-11e7-9b01-2047478f2f70)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/c7e8e955-6c61-11e7-9b01-2047478f2f70.html

Affected packages: strongswan <= 5.5.3

185781 - Ubuntu Linux 14.04 USN-3364-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9150, CVE-2017-9605 Description The scan detected that the host is missing the following update: USN-3364-2

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003965.html

Ubuntu 14.04 linux-image-powerpc-smp-lts-xenial_4.4.0.87.72 linux-image-4.4.0-87-powerpc64-smp_4.4.0-87.110~14.04.1 linux-image-4.4.0-87-lowlatency_4.4.0-87.110~14.04.1 linux-image-generic-lpae-lts-xenial_4.4.0.87.72 linux-image-powerpc-e500mc-lts-xenial_4.4.0.87.72 linux-image-4.4.0-87-powerpc64-emb_4.4.0-87.110~14.04.1 linux-image-lowlatency-lts-xenial_4.4.0.87.72 linux-image-powerpc64-emb-lts-xenial_4.4.0.87.72 linux-image-4.4.0-87-generic_4.4.0-87.110~14.04.1 linux-image-4.4.0-87-powerpc-e500mc_4.4.0-87.110~14.04.1 linux-image-4.4.0-87-powerpc-smp_4.4.0-87.110~14.04.1 linux-image-generic-lts-xenial_4.4.0.87.72 linux-image-4.4.0-87-generic-lpae_4.4.0-87.110~14.04.1 linux-image-powerpc64-smp-lts-xenial_4.4.0.87.72

185785 - Ubuntu Linux 16.04 USN-3364-3 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9150, CVE-2017-9605

Description The scan detected that the host is missing the following update: USN-3364-3

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003967.html

Ubuntu 16.04 linux-image-4.4.0-1026-aws_4.4.0-1026.35 linux-image-aws_4.4.0.1026.29 linux-image-gke_4.4.0.1022.24 linux-image-4.4.0-1022-gke_4.4.0-1022.22

185793 - Ubuntu Linux 17.04 USN-3358-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2014-9900, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9605 Description The scan detected that the host is missing the following update: USN-3358-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003952.html

Ubuntu 17.04 linux-image-generic-lpae_4.10.0.28.29 linux-image-4.10.0-28-generic_4.10.0-28.32 linux-image-raspi2_4.10.0.1011.13 linux-image-4.10.0-1011-raspi2_4.10.0-1011.14 linux-image-4.10.0-28-lowlatency_4.10.0-28.32 linux-image-generic_4.10.0.28.29 linux-image-4.10.0-28-generic-lpae_4.10.0-28.32 linux-image-lowlatency_4.10.0.28.29

185798 - Ubuntu Linux 12.04 USN-3307-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9287

Description The scan detected that the host is missing the following update: USN-3307-2

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003946.html

Ubuntu 12.04 slapd_2.4.28-1.1ubuntu4.8 CVE-2017-9287_-----

185799 - Ubuntu Linux 16.04 USN-3364-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2014-9900, CVE-2015-8944, CVE-2017-1000380, CVE-2017-7346, CVE-2017-9150, CVE-2017-9605

Description The scan detected that the host is missing the following update: USN-3364-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003964.html

Ubuntu 16.04 linux-image-4.4.0-87-powerpc64-emb_4.4.0-87.110 linux-image-powerpc-smp_4.4.0.87.93 linux-image-4.4.0-87-powerpc-smp_4.4.0-87.110 linux-image-4.4.0-87-lowlatency_4.4.0-87.110 linux-image-4.4.0-87-powerpc-e500mc_4.4.0-87.110 linux-image-4.4.0-1065-raspi2_4.4.0-1065.73 linux-image-snapdragon_4.4.0.1067.60 linux-image-generic_4.4.0.87.93 linux-image-4.4.0-87-generic-lpae_4.4.0-87.110 linux-image-4.4.0-87-generic_4.4.0-87.110 linux-image-powerpc64-emb_4.4.0.87.93 linux-image-4.4.0-1067-snapdragon_4.4.0-1067.72 linux-image-4.4.0-87-powerpc64-smp_4.4.0-87.110 linux-image-generic-lpae_4.4.0.87.93 linux-image-lowlatency_4.4.0.87.93 linux-image-raspi2_4.4.0.1065.66 linux-image-powerpc64-smp_4.4.0.87.93 linux-image-powerpc-e500mc_4.4.0.87.93

192404 - Fedora Linux 24 FEDORA-2017-1a8bebaab4 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11107

Description The scan detected that the host is missing the following update: FEDORA-2017-1a8bebaab4

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 24 phpldapadmin-1.2.3-10.fc24

192407 - Fedora Linux 26 FEDORA-2017-d3d38a53f9 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11104

Description The scan detected that the host is missing the following update: FEDORA-2017-d3d38a53f9

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=3

Fedora Core 26 knot-2.4.5-1.fc26

192412 - Fedora Linux 26 FEDORA-2017-05888dd4fe Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11107

Description The scan detected that the host is missing the following update: FEDORA-2017-05888dd4fe

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 26 phpldapadmin-1.2.3-10.fc26

192435 - Fedora Linux 25 FEDORA-2017-346836a623 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11107

Description The scan detected that the host is missing the following update: FEDORA-2017-346836a623

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 25 phpldapadmin-1.2.3-10.fc25

22147 - (SB10201) McAfee Web Gateway NTPD Denial Of Service Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Low CVE: CVE-2016-9042 Description A vulnerability is present in some versions of McAfee Web Gateway.

Observation McAfee Web Gateway is a web based security control system designed to prevent web application attacks.

A vulnerability is present in some versions of McAfee Web Gateway. The flaw lies in the Network Time Protocol Daemon (NTPD). Successful exploitation could allow an attacker to cause a denial of service condition.

88890 - Slackware Linux 14.2 SSA:2017-202-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: SSA:2017-202-01

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.415362

Slackware 14.2 x86_64 seamonkey-2.48-x86_64-1 seamonkey-solibs-2.48-x86_64-1 i586 seamonkey-solibs-2.48-i586-1 seamonkey-2.48-i586-1

130824 - Debian Linux 8.0, 9.0 DSA-3916-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2017-1000083

Description The scan detected that the host is missing the following update: DSA-3916-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3916

Debian 8.0 all atril_1.8.1+dfsg1-4+deb8u1

Debian 9.0 all atril_1.16.1-2+deb9u1

130827 - Debian Linux 9.0 DSA-3906-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2017-2666, CVE-2017-2670

Description The scan detected that the host is missing the following update: DSA-3906-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2017/dsa-3906

Debian 9.0 all libundertow-java-doc_1.4.8-1+deb9u1 libundertow-java_1.4.8-1+deb9u1

182399 - FreeBSD MySQL Multiple Vulnerabilities (cda2f3c2-6c8b-11e7-867f-b499baebfeaf)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2017-3529, CVE-2017-3633, CVE-2017-3634, CVE-2017-3635, CVE-2017-3636, CVE-2017-3637, CVE-2017-3638, CVE- 2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3642, CVE-2017-3643, CVE-2017-3644, CVE-2017-3645, CVE-2017-3646, CVE-2017-3647, CVE-2017-3648, CVE-2017-3649, CVE-2017-3650, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653

Description The scan detected that the host is missing the following update: MySQL -- multiple vulnerabilities (cda2f3c2-6c8b-11e7-867f-b499baebfeaf)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/cda2f3c2-6c8b-11e7-867f-b499baebfeaf.html

Affected packages: mariadb55-server < 5.5.57 mariadb100-server < 10.0.31 mariadb101-server < 10.1.23 mariadb102-server < 10.2.6 mysql55-server < 5.5.57 mysql56-server < 5.6.37 mysql57-server < 5.7.19 percona55-server < 5.5.57 percona56-server < 5.6.37 percona57-server < 5.7.19

182401 - FreeBSD GitLab Various Security Issues (92f4191a-6d25-11e7-93f7-d43d7e971a1b) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2017-11438

Description The scan detected that the host is missing the following update: GitLab -- Various security issues (92f4191a-6d25-11e7-93f7-d43d7e971a1b)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/92f4191a-6d25-11e7-93f7-d43d7e971a1b.html

Affected packages: 8.0.0 <= gitlab <= 8.17.6 9.0.0 <= gitlab <= 9.0.10 9.1.0 <= gitlab <= 9.1.7 9.2.0 <= gitlab <= 9.2.7 9.3.0 <= gitlab <= 9.4.7

185779 - Ubuntu Linux 14.04, 16.04, 17.04 USN-3355-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7506

Description The scan detected that the host is missing the following update: USN-3355-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003948.html

Ubuntu 16.04 libspice-server1_0.12.6-4ubuntu0.3

Ubuntu 14.04 libspice-server1_0.12.4-0nocelt2ubuntu1.5

Ubuntu 17.04 libspice-server1_0.12.8-2ubuntu1.1

185782 - Ubuntu Linux 12.04 USN-3347-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7526 Description The scan detected that the host is missing the following update: USN-3347-2

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003941.html

Ubuntu 12.04 libgcrypt11_1.5.0-3ubuntu0.7 CVE-2017-7526_-----

185784 - Ubuntu Linux 14.04, 16.04, 17.04 USN-3357-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Low CVE: CVE-2017-3529, CVE-2017-3633, CVE-2017-3634, CVE-2017-3635, CVE-2017-3636, CVE-2017-3637, CVE-2017-3638, CVE- 2017-3639, CVE-2017-3640, CVE-2017-3641, CVE-2017-3642, CVE-2017-3643, CVE-2017-3644, CVE-2017-3645, CVE-2017-3647, CVE-2017-3648, CVE-2017-3649, CVE-2017-3650, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653

Description The scan detected that the host is missing the following update: USN-3357-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003951.html

Ubuntu 16.04 mysql-server-5.7_5.7.19-0ubuntu0.16.04.1

Ubuntu 14.04 mysql-server-5.5_5.5.57-0ubuntu0.14.04.1

Ubuntu 17.04 mysql-server-5.7_5.7.19-0ubuntu0.17.04.1

185787 - Ubuntu Linux 12.04 USN-3356-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Low CVE: CVE-2017-9233

Description The scan detected that the host is missing the following update: USN-3356-2 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003950.html

Ubuntu 12.04 lib64expat1_2.0.1-7.2ubuntu1.5 CVE-2017-9233_----- libexpat1_2.0.1-7.2ubuntu1.5

185789 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3356-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Low CVE: CVE-2017-9233

Description The scan detected that the host is missing the following update: USN-3356-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.ubuntu.com/archives/ubuntu-security-announce/2017-July/003949.html

Ubuntu 16.04 lib64expat1_2.1.0-7ubuntu0.16.04.3 libexpat1_2.1.0-7ubuntu0.16.04.3

Ubuntu 14.04 libexpat1_2.1.0-4ubuntu1.4 lib64expat1_2.1.0-4ubuntu1.4

Ubuntu 16.10 lib64expat1_2.2.0-1ubuntu0.1 libexpat1_2.2.0-1ubuntu0.1

Ubuntu 17.04 libexpat1_2.2.0-2ubuntu0.1 lib64expat1_2.2.0-2ubuntu0.1

192403 - Fedora Linux 25 FEDORA-2017-b0a2770a9b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-b0a2770a9b

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 25 knot-2.4.5-1.fc25

192406 - Fedora Linux 24 FEDORA-2017-605557de96 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-605557de96

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 24 java-1.8.0-openjdk-1.8.0.141-1.b16.fc24

192411 - Fedora Linux 26 FEDORA-2017-e6aaef4475 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-e6aaef4475

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=3

Fedora Core 26 knot-resolver-1.3.1-1.fc26

192414 - Fedora Linux 24 FEDORA-2017-bd6aa662fc Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-bd6aa662fc

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 24 knot-2.4.5-1.fc24

192415 - Fedora Linux 24 FEDORA-2017-944e86b623 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-11328

Description The scan detected that the host is missing the following update: FEDORA-2017-944e86b623

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 24 yara-3.6.3-1.fc24

192416 - Fedora Linux 26 FEDORA-2017-e5b36383f4 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-e5b36383f4

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 26 krb5-1.15.1-17.fc26

192420 - Fedora Linux 24 FEDORA-2017-61689edaf4 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7506

Description The scan detected that the host is missing the following update: FEDORA-2017-61689edaf4

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 24 spice-0.12.8-3.fc24

192422 - Fedora Linux 25 FEDORA-2017-1d46019681 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-11328

Description The scan detected that the host is missing the following update: FEDORA-2017-1d46019681

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 25 yara-3.6.3-1.fc25

192425 - Fedora Linux 25 FEDORA-2017-8e9d9771c4 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-11368

Description The scan detected that the host is missing the following update: FEDORA-2017-8e9d9771c4

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 25 krb5-1.14.4-8.fc25

192428 - Fedora Linux 25 FEDORA-2017-cc0b92f6c1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-cc0b92f6c1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 25 glpi-9.1.5-1.fc25

192430 - Fedora Linux 26 FEDORA-2017-088b16a69a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-11328

Description The scan detected that the host is missing the following update: FEDORA-2017-088b16a69a

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 26 yara-3.6.3-1.fc26

192431 - Fedora Linux 26 FEDORA-2017-704c201dbb Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH Description The scan detected that the host is missing the following update: FEDORA-2017-704c201dbb

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 26 subversion-1.9.6-2.fc26

192432 - Fedora Linux 24 FEDORA-2017-71c47e1e82 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2017-11368

Description The scan detected that the host is missing the following update: FEDORA-2017-71c47e1e82

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=1

Fedora Core 24 krb5-1.14.4-5.fc24

192433 - Fedora Linux 26 FEDORA-2017-a40590256c Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-a40590256c

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 26 glpi-9.1.5-1.fc26 192436 - Fedora Linux 24 FEDORA-2017-081fc9ad77 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-081fc9ad77

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 24 knot-resolver-1.3.1-1.fc24

192437 - Fedora Linux 25 FEDORA-2017-92643d70b7 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2017-92643d70b7

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2017/7/?count=200&page=2

Fedora Core 25 knot-resolver-1.3.1-1.fc25

22167 - IBM WebSphere MQ Information Disclosure Vulnerability (swg22003851)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-1284

Description An information disclosure vulnerability is present in some versions of IBM WebSphere MQ.

Observation IBM WebSphere MQ is a messaging solution.

An information disclosure vulnerability is present in some versions of IBM WebSphere MQ. The flaw is due to that WebSphere MQ incorrectly grants a local user the ability to run or enable trace. Successful exploitation could allow an attacker to obtain sensitive information.

22171 - IBM WebSphere MQ Java Runtime Vulnerability (swg22001630)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2016-3485

Description A vulnerability is present in some versions of IBM WebSphere MQ.

Observation IBM WebSphere MQ is a popular cross platform messaging system.

A vulnerability is present in some versions of IBM WebSphere MQ. The flaw is related to the Java-based networking component. Successful exploitation could allow an attacker to affect integrity of the target system.

22176 - (MSPT-June2017) Win32k Information Disclosure Vulnerability (CVE-2017-8554)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2017-8554

Description An information disclosure vulnerability is present in some versions of Microsoft Windows.

Observation Windows is a popular operation system developed by Microsoft.

An information disclosure vulnerability is present in some versions of Microsoft Windows. The flaw lies in how the Windows kernel initialize objects in memory. Successful exploitation could allow an attacker to obtain restricted information. Exploitation requires an attacker to execute a specially crafted application.

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 22137 - Kaspersky Anti-Virus File Server Multiple Vulnerabilities

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2017-9810, CVE-2017-9811, CVE-2017-9812, CVE-2017-9813

Update Details Risk is updated

33152 - 119758-41 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: High CVE: CVE-2007-0452, CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2007-4138, CVE-2007-4572, CVE-2007-5398, CVE- 2007-6015, CVE-2008-4314, CVE-2010-2063, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013- 4496, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493

Update Details Name is updated Description is updated Observation is updated Recommendation is updated FASLScript is updated

33154 - Oracle Solaris 119757-41 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: High CVE: CVE-2007-0452, CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2007-4138, CVE-2007-4572, CVE-2007-5398, CVE- 2007-6015, CVE-2008-4314, CVE-2010-2063, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013- 4496, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493

Update Details Name is updated Description is updated Observation is updated Recommendation is updated FASLScript is updated

21805 - (MSPT-May2017) Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0281)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2017-0281

Update Details FASLScript is updated

88881 - Slackware Linux 14.0, 14.1, 14.2 SSA:2017-190-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: High CVE: CVE-2017-10965, CVE-2017-10966

Update Details Risk is updated

130807 - Debian Linux 8.0 DSA-3893-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2016-4000

Update Details Risk is updated

182387 - FreeBSD irssi Multiple Vulnerabilities (31001c6b-63e7-11e7-85aa-a4badb2f4699)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: High CVE: CVE-2017-10965, CVE-2017-10966

Update Details Risk is updated

33145 - Oracle Solaris 150401-52 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Medium CVE: CVE-2004-0230, CVE-2013-0399, CVE-2013-3799, CVE-2013-5862, CVE-2013-5876, CVE-2014-4215, CVE-2014-6575, CVE- 2015-0375, CVE-2015-0471, CVE-2015-2580, CVE-2015-4869, CVE-2016-3419, CVE-2016-3441, CVE-2016-3453, CVE-2016-5544, CVE-2016-5553, CVE-2017-10004, CVE-2017-10036, CVE-2017-10042, CVE-2017-10122

Update Details CVE is updated

88885 - Slackware Linux 14.0, 14.1, 14.2 SSA:2017-195-02 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11103

Update Details Risk is updated

88889 - Slackware Linux 13.0, 13.1, 13.37, 14.0, 14.1, 14.2 SSA:2017-194-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9788, CVE-2017-9789

Update Details Risk is updated

130778 - Debian Linux 8.0 DSA-3862-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-2295

Update Details Risk is updated

130814 - Debian Linux 8.0 DSA-3905-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-10971, CVE-2017-10972

Update Details Risk is updated FASLScript is updated

130816 - Debian Linux 8.0 DSA-3912-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11103

Update Details Risk is updated FASLScript is updated

130818 - Debian Linux 8.0 DSA-3913-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9788

Update Details Risk is updated FASLScript is updated

130821 - Debian Linux 8.0 DSA-3909-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11103

Update Details Risk is updated FASLScript is updated

141370 - Red Hat Enterprise Linux RHSA-2016-2809 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-8638

Update Details Risk is updated

145447 - SuSE SLES 12 SP2, SLED 12 SP2 SUSE-SU-2017:1860-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-10971, CVE-2017-10972

Update Details Risk is updated

145452 - SuSE SLES 11 SP4 SUSE-SU-2017:1850-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-10971, CVE-2017-10972

Update Details Risk is updated

163228 - Oracle Enterprise Linux ELSA-2016-2809 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-8638

Update Details Risk is updated

170827 - Amazon Linux AMI ALAS-2017-849 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-2295

Update Details Risk is updated

182393 - FreeBSD Orpheus Lyre Mutual Authentication Validation Bypass (85851e4f-67d9-11e7-bc37-00505689d4ae)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11103

Update Details Risk is updated

182396 - FreeBSD Apache httpd Multiple Vulnerabilities (457ce015-67fa-11e7-867f-b499baebfeaf)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9788, CVE-2017-9789

Update Details Risk is updated

185775 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3353-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11103

Update Details Risk is updated

185777 - Ubuntu Linux 14.04, 16.04, 16.10, 17.04 USN-3353-2 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11103

Update Details Risk is updated

191572 - Fedora Linux 25 FEDORA-2016-2d8fb6d7ad Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-8638

Update Details Risk is updated

191577 - Fedora Linux 24 FEDORA-2016-b465090499 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-8638

Update Details Risk is updated

192170 - Fedora Linux 25 FEDORA-2017-8ad8d1bd86 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-2295

Update Details Risk is updated

192191 - Fedora Linux 26 FEDORA-2017-b9b66117bb Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-2295

Update Details Risk is updated

12415 - TLS / SSL Man-In-The-Middle Renegotiation Vulnerability

Category: General Vulnerability Assessment -> Instrusive -> Miscellaneous Risk Level: Medium CVE: CVE-2009-3555

Update Details FASLScript is updated

22144 - Joomla Multiple Vulnerabilities Prior To 3.7.3

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2017-9933, CVE-2017-9934

Update Details Risk is updated

22158 - (APSB17-22) Vulnerabilities In Adobe Connect

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2017-3101, CVE-2017-3102, CVE-2017-3103

Update Details Risk is updated

141620 - Red Hat Enterprise Linux RHSA-2017-1681 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9524

Update Details Risk is updated

145442 - SuSE SLES 12 SP2, SLED 12 SP2 SUSE-SU-2017:1792-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000381

Update Details Risk is updated

160280 - CentOS 7 CESA-2017-1681 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9524

Update Details Risk is updated

163388 - Oracle Enterprise Linux ELSA-2017-1681 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-9524

Update Details Risk is updated

175200 - Scientific Linux Security ERRATA Important: qemu-kvm on SL7.x x86_64 (1707-75)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2017-9524

Update Details Risk is updated

182386 - FreeBSD tor Security Regression (0b9f4b5e-5d82-11e7-85df-14dae9d5a9d2)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-0377

Update Details Risk is updated

191643 - Fedora Linux 25 FEDORA-2017-fff6e1af37 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000001

Update Details Risk is updated

191677 - Fedora Linux 24 FEDORA-2017-a73bc7ac5d Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000001

Update Details Risk is updated

192282 - Fedora Linux 26 FEDORA-2017-6dc3fd198d Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000381

Update Details Risk is updated

192309 - Fedora Linux 25 FEDORA-2017-ba1399832b Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-1000381

Update Details Risk is updated

32912 - Oracle Solaris 147674-11 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Medium CVE: CVE-2007-5333, CVE-2007-5342, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE- 2008-2938, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2010-4312, CVE-2011- 0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-3375, CVE- 2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022, CVE-2012-3112, CVE-2013-5839, CVE-2014-0390, CVE-2017-10062

Update Details CVE is updated

32913 - Oracle Solaris 147673-11 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Medium CVE: CVE-2007-5333, CVE-2007-5342, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE- 2008-2938, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2010-1157, CVE-2010-2227, CVE-2010-3718, CVE-2010-4172, CVE-2010-4312, CVE-2011- 0013, CVE-2011-0534, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190, CVE-2011-3375, CVE- 2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022, CVE-2012-3112, CVE-2013-5839, CVE-2014-0390, CVE-2017-10062

Update Details CVE is updated

33162 - Oracle Solaris 150400-52 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Medium CVE: CVE-2004-0230, CVE-2013-5862, CVE-2013-5876, CVE-2014-0447, CVE-2014-6473, CVE-2014-6575, CVE-2015-0375, CVE- 2015-0471, CVE-2015-2580, CVE-2015-2589, CVE-2015-4869, CVE-2016-3419, CVE-2016-3441, CVE-2016-3453, CVE-2016-5553, CVE-2017-10004, CVE-2017-10036, CVE-2017-10042, CVE-2017-10122

Update Details CVE is updated

33326 - Oracle Solaris 152260-02 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0535, CVE-2017-10003 Update Details CVE is updated

33327 - Oracle Solaris 152261-02 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0535, CVE-2017-10003

Update Details CVE is updated

130820 - Debian Linux 8.0 DSA-3910-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-11104

Update Details FASLScript is updated

184876 - Ubuntu Linux 12.04, 14.04, 14.10, 15.04 USN-2648-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-1323

Update Details Risk is updated

192253 - Fedora Linux 25 FEDORA-2017-278f46fcd6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-8932

Update Details Risk is updated

13143 - Microsoft Windows Explorer Local Denial Of Service Vulnerability

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-MAP-NOMATCH

Update Details Recommendation is updated

32708 - Oracle Solaris 124393-12 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Low CVE: CVE-2017-3632

Update Details CVE is updated

32712 - Oracle Solaris 124394-12 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and Hotfixes Risk Level: Low CVE: CVE-2017-3632

Update Details CVE is updated

130813 - Debian Linux 8.0 DSA-3904-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2017-3142, CVE-2017-3143

Update Details FASLScript is updated

130817 - Debian Linux 8.0 DSA-3907-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7506

Update Details FASLScript is updated

130819 - Debian Linux 8.0 DSA-3911-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2017-1000083

Update Details FASLScript is updated

130822 - Debian Linux 8.0 DSA-3908-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2017-7529

Update Details FASLScript is updated 141350 - Red Hat Enterprise Linux RHSA-2016-2581 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Low CVE: CVE-2016-0764

Update Details Risk is updated

163198 - Oracle Enterprise Linux ELSA-2016-2581 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Low CVE: CVE-2016-0764

Update Details Risk is updated

175060 - Scientific Linux Security ERRATA Low: NetworkManager on SL7.x x86_64 (1612-11489)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Low CVE: CVE-2016-0764

Update Details Risk is updated

70019 - version.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational CVE: CVE-MAP-NOMATCH

Update Details FASLScript is updated

70114 - juniper.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational CVE: CVE-MAP-NOMATCH

Update Details FASLScript is updated

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing. FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.com Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.html Non-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2017 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates