2019-JAN-04 FSL version 7.6.88

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.

NEW CHECKS

24552 - (HPESBHF03906) HPE Intelligent Management Center Multiple Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-7114, CVE-2018-7115, CVE-2018-7116

Description Multiple vulnerabilities are present in some versions of HPE Intelligent Management Center.

Observation HPE Intelligent Management Center (iMC) is an enterprise-class network management platform.

Multiple vulnerabilities are present in some versions of HPE Intelligent Management Center. The flaws lie in multiple components. Successful exploitation could allow an attacker to cause a denial of service, cause buffer overflow or execute arbitrary code on the target system.

147517 - SuSE 15.0 openSUSE-SU-2018:4306-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-16873, CVE-2018-16874, CVE-2018-16875, CVE-2018-7187

Description The scan detected that the host is missing the following update: openSUSE-SU-2018:4306-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2018-12/msg00154.html

SuSE Linux 15.0 i586 go-1.10.4-lp150.2.7.1 go-doc-1.10.4-lp150.2.7.1 noarch docker-runc-kubic-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1 docker-kubic-bash-completion-18.06.1_ce-lp150.5.6.1 golang-packaging-15.0.11-lp150.2.3.1 containerd-kubic-test-1.1.2-lp150.4.3.1 containerd-test-1.1.2-lp150.4.3.1 docker-bash-completion-18.06.1_ce-lp150.5.6.1 docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1 docker-zsh-completion-18.06.1_ce-lp150.5.6.1 docker-kubic-zsh-completion-18.06.1_ce-lp150.5.6.1 x86_64 containerd-kubic-ctr-1.1.2-lp150.4.3.1 golang-github-docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1 go-race-1.10.4-lp150.2.7.1 docker-test-debuginfo-18.06.1_ce-lp150.5.6.1 docker-libnetwork-kubic-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1 docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1 docker-18.06.1_ce-lp150.5.6.1 docker-kubic-debugsource-18.06.1_ce-lp150.5.6.1 containerd-1.1.2-lp150.4.3.1 docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1 docker-runc-kubic-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1 docker-debugsource-18.06.1_ce-lp150.5.6.1 go-1.10.4-lp150.2.7.1 docker-libnetwork-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1 docker-kubic-test-debuginfo-18.06.1_ce-lp150.5.6.1 go1.10-doc-1.10.7-lp150.2.1 docker-debuginfo-18.06.1_ce-lp150.5.6.1 docker-kubic-debuginfo-18.06.1_ce-lp150.5.6.1 docker-libnetwork-kubic-debuginfo-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1 docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1 docker-kubic-18.06.1_ce-lp150.5.6.1 containerd-ctr-1.1.2-lp150.4.3.1 docker-test-18.06.1_ce-lp150.5.6.1 docker-runc-debuginfo-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.3.1 golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2664_3ac297bc7fd0-lp150.3.3.1 docker-kubic-test-18.06.1_ce-lp150.5.6.1 containerd-kubic-1.1.2-lp150.4.3.1 go1.10-1.10.7-lp150.2.1 go-doc-1.10.4-lp150.2.7.1 go1.10-race-1.10.7-lp150.2.1

24570 - Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability (cisco-sa-20181219-asa-privesc)

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-15465

Description A vulnerability is present in some versions of Cisco ASA devices.

Observation Cisco Adaptive Security Appliance is a word-class line of network security devices.

A vulnerability is present in some versions of Cisco ASA devices. The flaw is in authorization subsystem of Cisco ASA. Successful exploitation could allow a remote attacker to escalate privileges on the target system.

24540 - IBM DB2 Buffer Overflow Vulnerability (ibm10737295)

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-1897 Description A vulnerability is present in some versions of IBM DB2.

Observation IBM DB2 is a popular relational database management server.

A vulnerability is present in some versions of IBM DB2. The flaw lies in IBM Db2 db2pdcfg. Successful exploitation could allow a local attacker to escalate privileges and execute arbitrary code on the target system.

24561 - Mozilla Firefox Multiple Vulnerabilities Prior To 64

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-12405, CVE-2018-12406, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018- 18494, CVE-2018-18495, CVE-2018-18496, CVE-2018-18497, CVE-2018-18498

Description Multiple vulnerabilities are present in some versions of Mozilla Firefox.

Observation Mozilla Firefox is a popular web browser.

Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in several components. Successful exploitation could allow an attacker to remotely execute arbitrary code on the target system and cause a denial of service condition.

24562 - Mozilla Firefox Multiple Vulnerabilities Prior To 64

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-12405, CVE-2018-12406, CVE-2018-12407, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018- 18494, CVE-2018-18495, CVE-2018-18496, CVE-2018-18497, CVE-2018-18498

Description Multiple vulnerabilities are present in some versions of Mozilla Firefox.

Observation Mozilla Firefox is a popular web browser.

Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in several components. Successful exploitation could allow an attacker to remotely execute arbitrary code on the target system and cause a denial of service condition.

24563 - Mozilla Firefox ESR Vulnerabilities Prior To ESR 60.4

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498

Description Multiple Vulnerabilities are present in some versions of Mozilla Firefox ESR. Observation Mozilla Firefox ESR is a popular web browser.

Multiple Vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in multiple components. Successful exploitation could allow an attacker to remotely execute arbitrary code on the target system and cause a denial of service condition.

24564 - Mozilla Firefox ESR Vulnerabilities Prior To ESR 60.4

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498

Description Multiple Vulnerabilities are present in some versions of Mozilla Firefox ESR.

Observation Mozilla Firefox ESR is a popular web browser.

Multiple Vulnerabilities are present in some versions of Mozilla Firefox ESR. The flaws lie in multiple components. Successful exploitation could allow an attacker to remotely execute arbitrary code on the target system and cause a denial of service condition.

24571 - WordPress Multiple Vulnerabilities Prior To 5.0.1

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High CVE: CVE-MAP-NOMATCH

Description Multiple vulnerabilities are present in some versions of WordPress.

Observation WordPress is a popular blog application.

Multiple vulnerabilities are present in some versions of WordPress. The flaws lie in multiple components. Successful exploitation could allow an attacker to lead to a cross-site scripting attacks, obtain sensitive information, or bypass certain security restrictions.

131264 - Linux 9.0 DSA-4359-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2018-12086, CVE-2018-18225, CVE-2018-18226, CVE-2018-18227, CVE-2018-19622, CVE-2018-19623, CVE-2018- 19624, CVE-2018-19625, CVE-2018-19626, CVE-2018-19627, CVE-2018-19628

Description The scan detected that the host is missing the following update: DSA-4359-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2018/dsa-4359 Debian 9.0 all wireshark_2.6.5-1~deb9u1

147506 - SuSE Linux 15.0 openSUSE-SU-2019:1-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-20184, CVE-2018-20189

Description The scan detected that the host is missing the following update: openSUSE-SU-2019:1-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2019-01/msg00000.html

SuSE Linux 15.0 x86_64 GraphicsMagick-devel-1.3.29-lp150.3.18.1 libGraphicsMagick3-config-1.3.29-lp150.3.18.1 libGraphicsMagick++-devel-1.3.29-lp150.3.18.1 GraphicsMagick-1.3.29-lp150.3.18.1 libGraphicsMagick-Q16-3-1.3.29-lp150.3.18.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.29-lp150.3.18.1 libGraphicsMagick++-Q16-12-debuginfo-1.3.29-lp150.3.18.1 libGraphicsMagick++-Q16-12-1.3.29-lp150.3.18.1 libGraphicsMagickWand-Q16-2-1.3.29-lp150.3.18.1 perl-GraphicsMagick-1.3.29-lp150.3.18.1 libGraphicsMagick-Q16-3-debuginfo-1.3.29-lp150.3.18.1 GraphicsMagick-debuginfo-1.3.29-lp150.3.18.1 GraphicsMagick-debugsource-1.3.29-lp150.3.18.1 perl-GraphicsMagick-debuginfo-1.3.29-lp150.3.18.1

147509 - SuSE Linux 42.3 openSUSE-SU-2018:4282-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-19788

Description The scan detected that the host is missing the following update: openSUSE-SU-2018:4282-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2018-12/msg00137.html

SuSE Linux 42.3 i586 polkit-devel-0.113-14.6.1 typelib-1_0-Polkit-1_0-0.113-14.6.1 polkit-debuginfo-0.113-14.6.1 polkit-devel-debuginfo-0.113-14.6.1 polkit-debugsource-0.113-14.6.1 polkit-0.113-14.6.1 libpolkit0-debuginfo-0.113-14.6.1 libpolkit0-0.113-14.6.1 noarch polkit-doc-0.113-14.6.1 x86_64 polkit-devel-0.113-14.6.1 typelib-1_0-Polkit-1_0-0.113-14.6.1 libpolkit0-32bit-0.113-14.6.1 polkit-debuginfo-0.113-14.6.1 polkit-devel-debuginfo-0.113-14.6.1 polkit-debugsource-0.113-14.6.1 libpolkit0-debuginfo-32bit-0.113-14.6.1 polkit-0.113-14.6.1 libpolkit0-debuginfo-0.113-14.6.1 libpolkit0-0.113-14.6.1

147510 - SuSE Linux 42.3 openSUSE-SU-2018:4287-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-1160

Description The scan detected that the host is missing the following update: openSUSE-SU-2018:4287-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2018-12/msg00141.html

SuSE Linux 42.3 x86_64 netatalk-debugsource-3.1.7-8.3.1 netatalk-debuginfo-3.1.7-8.3.1 netatalk-3.1.7-8.3.1 libatalk16-debuginfo-3.1.7-8.3.1 netatalk-devel-3.1.7-8.3.1 libatalk16-3.1.7-8.3.1 i586 netatalk-debugsource-3.1.7-8.3.1 netatalk-debuginfo-3.1.7-8.3.1 netatalk-3.1.7-8.3.1 libatalk16-debuginfo-3.1.7-8.3.1 netatalk-devel-3.1.7-8.3.1 libatalk16-3.1.7-8.3.1

147511 - SuSE SLES 12 SP3, 12 SP4 SUSE-SU-2018:4296-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-2775, CVE-2016-6893, CVE-2018-0618, CVE-2018-13796, CVE-2018-5950

Description The scan detected that the host is missing the following update: SUSE-SU-2018:4296-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2018-December/005005.html

SuSE SLES 12 SP3 x86_64 mailman-debuginfo-2.1.17-3.3.3 mailman-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3

SuSE SLES 12 SP4 x86_64 mailman-debuginfo-2.1.17-3.3.3 mailman-2.1.17-3.3.3 mailman-debugsource-2.1.17-3.3.3

147514 - SuSE Linux 15.0 openSUSE-SU-2018:4304-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-18883, CVE-2018-19961, CVE-2018-19962, CVE-2018- 19965, CVE-2018-19966, CVE-2018-3646

Description The scan detected that the host is missing the following update: openSUSE-SU-2018:4304-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2018-12/msg00152.html

SuSE Linux 15.0 x86_64 xen-doc-html-4.10.2_04-lp150.2.12.1 xen-4.10.2_04-lp150.2.12.1 xen-tools-domU-debuginfo-4.10.2_04-lp150.2.12.1 xen-tools-domU-4.10.2_04-lp150.2.12.1 xen-libs-32bit-4.10.2_04-lp150.2.12.1 xen-libs-4.10.2_04-lp150.2.12.1 xen-tools-4.10.2_04-lp150.2.12.1 xen-libs-debuginfo-4.10.2_04-lp150.2.12.1 xen-devel-4.10.2_04-lp150.2.12.1 xen-libs-32bit-debuginfo-4.10.2_04-lp150.2.12.1 xen-tools-debuginfo-4.10.2_04-lp150.2.12.1 xen-debugsource-4.10.2_04-lp150.2.12.1 i586 xen-tools-domU-debuginfo-4.10.2_04-lp150.2.12.1 xen-tools-domU-4.10.2_04-lp150.2.12.1 xen-libs-4.10.2_04-lp150.2.12.1 xen-libs-debuginfo-4.10.2_04-lp150.2.12.1 xen-devel-4.10.2_04-lp150.2.12.1 xen-debugsource-4.10.2_04-lp150.2.12.1

147516 - SuSE Linux 42.3 openSUSE-SU-2018:4313-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-20184, CVE-2018-20189

Description The scan detected that the host is missing the following update: openSUSE-SU-2018:4313-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2018-12/msg00148.html

SuSE Linux 42.3 x86_64 libGraphicsMagick++-Q16-12-debuginfo-1.3.25-120.1 libGraphicsMagickWand-Q16-2-1.3.25-120.1 GraphicsMagick-devel-1.3.25-120.1 libGraphicsMagick-Q16-3-1.3.25-120.1 perl-GraphicsMagick-debuginfo-1.3.25-120.1 libGraphicsMagick++-devel-1.3.25-120.1 GraphicsMagick-debugsource-1.3.25-120.1 perl-GraphicsMagick-1.3.25-120.1 libGraphicsMagick3-config-1.3.25-120.1 libGraphicsMagick++-Q16-12-1.3.25-120.1 GraphicsMagick-debuginfo-1.3.25-120.1 libGraphicsMagick-Q16-3-debuginfo-1.3.25-120.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-120.1 GraphicsMagick-1.3.25-120.1 i586 libGraphicsMagick++-Q16-12-debuginfo-1.3.25-120.1 libGraphicsMagickWand-Q16-2-1.3.25-120.1 GraphicsMagick-devel-1.3.25-120.1 libGraphicsMagick-Q16-3-1.3.25-120.1 perl-GraphicsMagick-debuginfo-1.3.25-120.1 libGraphicsMagick++-devel-1.3.25-120.1 GraphicsMagick-debugsource-1.3.25-120.1 perl-GraphicsMagick-1.3.25-120.1 libGraphicsMagick3-config-1.3.25-120.1 libGraphicsMagick++-Q16-12-1.3.25-120.1 GraphicsMagick-debuginfo-1.3.25-120.1 libGraphicsMagick-Q16-3-debuginfo-1.3.25-120.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-120.1 GraphicsMagick-1.3.25-120.1 24574 - IBM AIX Itds Multiple Vulnerabilities (itds_advisory2)

Category: SSH Module -> NonIntrusive -> AIX Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-0702, CVE-2018-1388, CVE-2018-1426, CVE-2018-1427, CVE-2018-1447

Description Multiple vulnerabilities are present in some versions of IBM AIX.

Observation IBM AIX is a Unix-like .

Multiple vulnerabilities are present in some versions of IBM AIX. The flaws lie in IBM Tivoli Directory Server and IBM Security Directory Server. Successful exploitation could allow an attacker to obtain sensitive information, cause a denial of service condition.

24578 - IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability (ibm10729547)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2018-1767

Description A vulnerability is present in some versions of IBM WebSphere Application Server Liberty.

Observation IBM WebSphere Application Server Liberty is a server engine for Java EE Web applications.

A vulnerability is present in some versions of IBM WebSphere Application Server Liberty. The flaw lies in CacheMonitor component. Successful exploitation could allow a remote attacker to conduct cross site scripting attacks and or disclose sensitive information on the target system.

147507 - SuSE Linux 42.3 openSUSE-SU-2018:4299-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-5804, CVE-2018-5805, CVE-2018-5806, CVE-2018-5808, CVE-2018-5816

Description The scan detected that the host is missing the following update: openSUSE-SU-2018:4299-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2018-12/msg00144.html

SuSE Linux 42.3 x86_64 libraw15-debuginfo-0.17.1-26.1 libraw-devel-0.17.1-26.1 libraw-tools-debuginfo-0.17.1-26.1 libraw-tools-0.17.1-26.1 libraw-devel-static-0.17.1-26.1 libraw-debugsource-0.17.1-26.1 libraw15-0.17.1-26.1 i586 libraw15-debuginfo-0.17.1-26.1 libraw-devel-0.17.1-26.1 libraw-tools-debuginfo-0.17.1-26.1 libraw-tools-0.17.1-26.1 libraw-devel-static-0.17.1-26.1 libraw-debugsource-0.17.1-26.1 libraw15-0.17.1-26.1

194628 - Fedora Linux 28 FEDORA-2018-93a16d053f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-7441, CVE-2018-7442

Description The scan detected that the host is missing the following update: FEDORA-2018-93a16d053f

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=2

Fedora Core 28 leptonica-1.77.0-1.fc28 mingw-leptonica-1.77.0-1.fc28

194630 - Fedora Linux 29 FEDORA-2018-4db33b3753 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-7441, CVE-2018-7442

Description The scan detected that the host is missing the following update: FEDORA-2018-4db33b3753

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 29 leptonica-1.77.0-1.fc29 mingw-leptonica-1.77.0-1.fc29 194632 - Fedora Linux 28 FEDORA-2018-ea05fcd378 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-11099, CVE-2018-11129, CVE-2018-11130

Description The scan detected that the host is missing the following update: FEDORA-2018-ea05fcd378

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 28 vcftools-0.1.16-1.fc28

194633 - Fedora Linux 28 FEDORA-2018-e69d2aaa60 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-12895

Description The scan detected that the host is missing the following update: FEDORA-2018-e69d2aaa60

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 28 wordpress-5.0.2-1.fc28

24567 - (SB10260) McAfee Agent Multiple Vulnerabilities

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Medium CVE: CVE-2018-6705, CVE-2018-6706, CVE-2018-6707

Description Multiple vulnerabilities are present in some versions of McAfee Agent.

Observation McAfee Agent is client software used to communicate with McAfee ePolicy Orchestrator.

Multiple vulnerabilities are present in some versions of McAfee Agent. The flaws lie in multiple components. Successful exploitation could allow a local attacker to perform arbitrary command execution, cause a denial of service condition or unexpected behavior. 131265 - Debian Linux 9.0 DSA-4360-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017- 14503, CVE-2018-1000877, CVE-2018-1000878, CVE-2018-1000880

Description The scan detected that the host is missing the following update: DSA-4360-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2018/dsa-4360

Debian 9.0 all libarchive-tools_3.2.2-2+deb9u1 bsdtar_3.2.2-2+deb9u1 bsdcpio_3.2.2-2+deb9u1 libarchive-dev_3.2.2-2+deb9u1 libarchive13_3.2.2-2+deb9u1

131266 - Debian Linux 9.0 DSA-4358-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-3740

Description The scan detected that the host is missing the following update: DSA-4358-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2018/dsa-4358

Debian 9.0 all ruby-sanitize_2.1.0-2+deb9u1

147512 - SuSE SLES 11 SP4 SUSE-SU-2018:4274-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2016-8610, CVE-2018-0734, CVE-2018-5407

Description The scan detected that the host is missing the following update: SUSE-SU-2018:4274-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2018-December/005002.html

SuSE SLES 11 SP4 i586 libopenssl0_9_8-hmac-0.9.8j-0.106.18.1 openssl-doc-0.9.8j-0.106.18.1 libopenssl0_9_8-0.9.8j-0.106.18.1 openssl-0.9.8j-0.106.18.1 x86_64 openssl-doc-0.9.8j-0.106.18.1 libopenssl0_9_8-32bit-0.9.8j-0.106.18.1 libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.18.1 openssl-0.9.8j-0.106.18.1 libopenssl0_9_8-0.9.8j-0.106.18.1 libopenssl0_9_8-hmac-0.9.8j-0.106.18.1

178696 - GLSA-201812-11 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-201812-11

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/201812-11

Affected packages: dev-lang/rust < 1.29.1 dev-lang/rust-bin < 1.29.1

178697 - Gentoo Linux GLSA-201812-10 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: GLSA-201812-10

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/201812-10

Affected packages: x11-libs/gksu <= 2.0.2

194631 - Fedora Linux 28 FEDORA-2018-31c2a0b2ea Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-16737, CVE-2018-16738, CVE-2018-16758

Description The scan detected that the host is missing the following update: FEDORA-2018-31c2a0b2ea

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=2

Fedora Core 28 tinc-1.0.35-1.fc28

194639 - Fedora Linux 29 FEDORA-2018-afae5e8438 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-16737, CVE-2018-16738, CVE-2018-16758

Description The scan detected that the host is missing the following update: FEDORA-2018-afae5e8438

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=2

Fedora Core 29 tinc-1.0.35-1.fc29

147513 - SuSE Linux 15.0 openSUSE-SU-2018:4307-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625, CVE-2018-19626, CVE-2018-19627

Description The scan detected that the host is missing the following update: openSUSE-SU-2018:4307-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2018-12/msg00155.html

SuSE Linux 15.0 x86_64 wireshark-debugsource-2.4.11-lp150.2.16.1 wireshark-devel-2.4.11-lp150.2.16.1 libwireshark9-2.4.11-lp150.2.16.1 libwiretap7-debuginfo-2.4.11-lp150.2.16.1 wireshark-ui-qt-2.4.11-lp150.2.16.1 wireshark-ui-qt-debuginfo-2.4.11-lp150.2.16.1 libwireshark9-debuginfo-2.4.11-lp150.2.16.1 libwsutil8-debuginfo-2.4.11-lp150.2.16.1 libwscodecs1-2.4.11-lp150.2.16.1 libwscodecs1-debuginfo-2.4.11-lp150.2.16.1 libwsutil8-2.4.11-lp150.2.16.1 libwiretap7-2.4.11-lp150.2.16.1 wireshark-debuginfo-2.4.11-lp150.2.16.1 wireshark-2.4.11-lp150.2.16.1 i586 wireshark-debugsource-2.4.11-lp150.2.16.1 wireshark-devel-2.4.11-lp150.2.16.1 libwireshark9-2.4.11-lp150.2.16.1 libwiretap7-debuginfo-2.4.11-lp150.2.16.1 wireshark-ui-qt-2.4.11-lp150.2.16.1 wireshark-ui-qt-debuginfo-2.4.11-lp150.2.16.1 libwireshark9-debuginfo-2.4.11-lp150.2.16.1 libwsutil8-debuginfo-2.4.11-lp150.2.16.1 libwscodecs1-2.4.11-lp150.2.16.1 libwscodecs1-debuginfo-2.4.11-lp150.2.16.1 libwsutil8-2.4.11-lp150.2.16.1 libwiretap7-2.4.11-lp150.2.16.1 wireshark-debuginfo-2.4.11-lp150.2.16.1 wireshark-2.4.11-lp150.2.16.1

147515 - SuSE SLES 12 SP3, 12 SP4, SLED 12 SP3, 12 SP4 SUSE-SU-2018:4298-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625, CVE-2018-19626, CVE-2018-19627

Description The scan detected that the host is missing the following update: SUSE-SU-2018:4298-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.suse.com/pipermail/sle-security-updates/2018-December/005007.html SuSE SLED 12 SP3 x86_64 wireshark-gtk-2.4.11-48.35.1 libwiretap7-debuginfo-2.4.11-48.35.1 libwireshark9-2.4.11-48.35.1 libwscodecs1-debuginfo-2.4.11-48.35.1 libwiretap7-2.4.11-48.35.1 libwsutil8-debuginfo-2.4.11-48.35.1 wireshark-debugsource-2.4.11-48.35.1 libwsutil8-2.4.11-48.35.1 wireshark-debuginfo-2.4.11-48.35.1 wireshark-gtk-debuginfo-2.4.11-48.35.1 libwireshark9-debuginfo-2.4.11-48.35.1 wireshark-2.4.11-48.35.1 libwscodecs1-2.4.11-48.35.1

SuSE SLED 12 SP4 x86_64 wireshark-gtk-2.4.11-48.35.1 libwiretap7-debuginfo-2.4.11-48.35.1 libwireshark9-2.4.11-48.35.1 libwscodecs1-debuginfo-2.4.11-48.35.1 libwiretap7-2.4.11-48.35.1 libwsutil8-debuginfo-2.4.11-48.35.1 wireshark-debugsource-2.4.11-48.35.1 libwsutil8-2.4.11-48.35.1 wireshark-debuginfo-2.4.11-48.35.1 wireshark-gtk-debuginfo-2.4.11-48.35.1 libwireshark9-debuginfo-2.4.11-48.35.1 wireshark-2.4.11-48.35.1 libwscodecs1-2.4.11-48.35.1

SuSE SLES 12 SP4 x86_64 wireshark-gtk-2.4.11-48.35.1 libwiretap7-debuginfo-2.4.11-48.35.1 libwireshark9-2.4.11-48.35.1 libwscodecs1-debuginfo-2.4.11-48.35.1 libwiretap7-2.4.11-48.35.1 libwsutil8-debuginfo-2.4.11-48.35.1 wireshark-debugsource-2.4.11-48.35.1 libwsutil8-2.4.11-48.35.1 wireshark-debuginfo-2.4.11-48.35.1 wireshark-gtk-debuginfo-2.4.11-48.35.1 libwireshark9-debuginfo-2.4.11-48.35.1 wireshark-2.4.11-48.35.1 libwscodecs1-2.4.11-48.35.1

SuSE SLES 12 SP3 x86_64 wireshark-gtk-2.4.11-48.35.1 libwiretap7-debuginfo-2.4.11-48.35.1 libwireshark9-2.4.11-48.35.1 libwscodecs1-debuginfo-2.4.11-48.35.1 libwiretap7-2.4.11-48.35.1 libwsutil8-debuginfo-2.4.11-48.35.1 wireshark-debugsource-2.4.11-48.35.1 libwsutil8-2.4.11-48.35.1 wireshark-debuginfo-2.4.11-48.35.1 wireshark-gtk-debuginfo-2.4.11-48.35.1 libwireshark9-debuginfo-2.4.11-48.35.1 wireshark-2.4.11-48.35.1 libwscodecs1-2.4.11-48.35.1

194625 - Fedora Linux 29 FEDORA-2018-679f8aba03 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-16646, CVE-2018-18897, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149

Description The scan detected that the host is missing the following update: FEDORA-2018-679f8aba03

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 29 mingw-poppler-0.67.0-2.fc29

194636 - Fedora Linux 28 FEDORA-2018-12b934e224 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-18267, CVE-2018-13988, CVE-2018-16646, CVE-2018-18897, CVE-2018-19058, CVE-2018-19059, CVE-2018- 19060, CVE-2018-19149

Description The scan detected that the host is missing the following update: FEDORA-2018-12b934e224

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 28 mingw-poppler-0.62.0-2.fc28

194638 - Fedora Linux 28 FEDORA-2018-200c84e08a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-18088, CVE-2018-5785, CVE-2018-6616

Description The scan detected that the host is missing the following update: FEDORA-2018-200c84e08a Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 28 mingw-openjpeg2-2.3.0-6.fc28 openjpeg2-2.3.0-10.fc28

24611 - (APSB19-02) Multiple vulnerabilities In Adobe Acrobat and Reader

Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2018-16011, CVE-2018-16018

Description Multiple vulnerabilities are present in some versions of Adobe Reader and Acrobat.

Observation Adobe Reader and Acrobat are popular applications used to handle PDF files.

Multiple vulnerabilities are present in some versions of Adobe Reader and Acrobat. The flaws lie in undetermined components. Successful exploitation could allow an attacker to obtain sensitive information, execute arbitrary code or obtain elevated privileges.

The update provided by Adobe bulletin APSB19-02 resolves these issues.

131267 - Debian Linux 9.0 DSA-4361-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2018-20430, CVE-2018-20431

Description The scan detected that the host is missing the following update: DSA-4361-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2018/dsa-4361

Debian 9.0 all libextractor3_1:1.3-4+deb9u3 libextractor-dev_1:1.3-4+deb9u3 extract_1:1.3-4+deb9u3 libextractor-dbg_1:1.3-4+deb9u3

182876 - FreeBSD gitea Privilege Escalation, XSS (29d34524-0542-11e9-a444-080027fee39c) Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: gitea -- privilege escalation, XSS (29d34524-0542-11e9-a444-080027fee39c)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/29d34524-0542-11e9-a444-080027fee39c.html

Affected packages: gitea < 1.6.2

182877 - FreeBSD rpm4 Regression In -setperms, -setugids And -restore (f8fe2905-0918-11e9-a550-00262d164c21)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: rpm4 -- regression in -setperms, -setugids and -restore (f8fe2905-0918-11e9-a550-00262d164c21)

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.vuxml.org/freebsd/f8fe2905-0918-11e9-a550-00262d164c21.html

Affected packages: rpm4 < 4.14.2.1

194622 - Fedora Linux 29 FEDORA-2018-1bd545ef39 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2018-20167

Description The scan detected that the host is missing the following update: FEDORA-2018-1bd545ef39

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2019/1/?count=200&page=1

Fedora Core 29 terminology-1.3.2-1.fc29

194623 - Fedora Linux 28 FEDORA-2018-27f957ae8e Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2018-20167

Description The scan detected that the host is missing the following update: FEDORA-2018-27f957ae8e

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2019/1/?count=200&page=1

Fedora Core 28 terminology-1.3.2-1.fc28

194624 - Fedora Linux 29 FEDORA-2018-b4f6179eae Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2018-b4f6179eae

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 29 php-pear-1.10.7-2.fc29

194626 - Fedora Linux 28 FEDORA-2018-e2e8a07a01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2018-4437

Description The scan detected that the host is missing the following update: FEDORA-2018-e2e8a07a01

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=2

Fedora Core 28 webkit2gtk3-2.22.5-1.fc28

194627 - Fedora Linux 28 FEDORA-2018-50e3877b63 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2018-50e3877b63

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 28 php-pear-1.10.7-2.fc28

194629 - Fedora Linux 29 FEDORA-2018-f80b495582 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2018-20145

Description The scan detected that the host is missing the following update: FEDORA-2018-f80b495582

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=2

Fedora Core 29 mosquitto-1.5.5-1.fc29

194634 - Fedora Linux 29 FEDORA-2018-801432b551 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2018-20337, CVE-2018-20363, CVE-2018-20364, CVE-2018-20365 Description The scan detected that the host is missing the following update: FEDORA-2018-801432b551

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 29

LibRaw-0.19.2-1.fc29

194635 - Fedora Linux 28 FEDORA-2018-5acdf115df Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2018-20145

Description The scan detected that the host is missing the following update: FEDORA-2018-5acdf115df

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=2

Fedora Core 28 mosquitto-1.5.5-1.fc28

194637 - Fedora Linux 29 FEDORA-2018-25b3204dc8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2018-25b3204dc8

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 29 wordpress-5.0.2-1.fc29 194640 - Fedora Linux 28 FEDORA-2018-5f91fbf4fd Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2018-5f91fbf4fd

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=2

Fedora Core 28 sqlite-3.22.0-5.fc28

194641 - Fedora Linux 28 FEDORA-2018-f7d9989c42 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2018-16869

Description The scan detected that the host is missing the following update: FEDORA-2018-f7d9989c42

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=2

Fedora Core 28 nettle-3.4.1-1.fc28

194642 - Fedora Linux 29 FEDORA-2018-7d6590724e Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description The scan detected that the host is missing the following update: FEDORA-2018-7d6590724e

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/12/?count=200&page=1

Fedora Core 29 electron-cash-3.3.4-1.fc29

147508 - SuSE Linux 15.0 openSUSE-SU-2018:4283-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Low CVE: CVE-2018-0495, CVE-2018-12384, CVE-2018-12404

Description The scan detected that the host is missing the following update: openSUSE-SU-2018:4283-1

Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.opensuse.org/opensuse-updates/2018-12/msg00138.html

SuSE Linux 15.0 x86_64 mozilla-nss-32bit-3.40.1-lp150.2.10.2 mozilla-nspr-debugsource-4.20-lp150.2.3.1 mozilla-nss-debuginfo-3.40.1-lp150.2.10.2 mozilla-nss-certs-3.40.1-lp150.2.10.2 mozilla-nspr-4.20-lp150.2.3.1 mozilla-nss-certs-32bit-3.40.1-lp150.2.10.2 mozilla-nss-32bit-debuginfo-3.40.1-lp150.2.10.2 mozilla-nss-tools-3.40.1-lp150.2.10.2 mozilla-nss-devel-3.40.1-lp150.2.10.2 mozilla-nss-debugsource-3.40.1-lp150.2.10.2 mozilla-nspr-debuginfo-4.20-lp150.2.3.1 libsoftokn3-3.40.1-lp150.2.10.2 mozilla-nss-sysinit-3.40.1-lp150.2.10.2 mozilla-nss-certs-debuginfo-3.40.1-lp150.2.10.2 mozilla-nspr-devel-4.20-lp150.2.3.1 mozilla-nspr-32bit-4.20-lp150.2.3.1 mozilla-nss-certs-32bit-debuginfo-3.40.1-lp150.2.10.2 mozilla-nss-sysinit-32bit-debuginfo-3.40.1-lp150.2.10.2 libfreebl3-3.40.1-lp150.2.10.2 mozilla-nspr-32bit-debuginfo-4.20-lp150.2.3.1 libsoftokn3-debuginfo-3.40.1-lp150.2.10.2 libfreebl3-32bit-debuginfo-3.40.1-lp150.2.10.2 mozilla-nss-sysinit-32bit-3.40.1-lp150.2.10.2 libsoftokn3-32bit-debuginfo-3.40.1-lp150.2.10.2 mozilla-nss-sysinit-debuginfo-3.40.1-lp150.2.10.2 mozilla-nss-tools-debuginfo-3.40.1-lp150.2.10.2 libsoftokn3-32bit-3.40.1-lp150.2.10.2 mozilla-nss-3.40.1-lp150.2.10.2 libfreebl3-32bit-3.40.1-lp150.2.10.2 libfreebl3-debuginfo-3.40.1-lp150.2.10.2 i586 libfreebl3-3.40.1-lp150.2.10.2 mozilla-nss-sysinit-3.40.1-lp150.2.10.2 mozilla-nspr-debuginfo-4.20-lp150.2.3.1 libsoftokn3-3.40.1-lp150.2.10.2 mozilla-nss-tools-debuginfo-3.40.1-lp150.2.10.2 mozilla-nss-debuginfo-3.40.1-lp150.2.10.2 mozilla-nspr-debugsource-4.20-lp150.2.3.1 mozilla-nss-certs-3.40.1-lp150.2.10.2 libsoftokn3-debuginfo-3.40.1-lp150.2.10.2 mozilla-nss-sysinit-debuginfo-3.40.1-lp150.2.10.2 mozilla-nss-3.40.1-lp150.2.10.2 mozilla-nspr-4.20-lp150.2.3.1 mozilla-nss-devel-3.40.1-lp150.2.10.2 mozilla-nss-certs-debuginfo-3.40.1-lp150.2.10.2 mozilla-nspr-devel-4.20-lp150.2.3.1 libfreebl3-debuginfo-3.40.1-lp150.2.10.2 mozilla-nss-tools-3.40.1-lp150.2.10.2 mozilla-nss-debugsource-3.40.1-lp150.2.10.2

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 182841 - FreeBSD Flash Player Arbitrary Code Execution (8f128c72-ecf9-11e8-aa00-6451062f0f7a)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: High CVE: CVE-2018-15981

Update Details Risk is updated

196190 - Red Hat Enterprise Linux RHSA-2018-3644 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2018-15981

Update Details Risk is updated

24556 - Microsoft Office 365 ProPlus and Office 2019 Dec 2018 Updates

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-8587, CVE-2018-8597, CVE-2018-8598, CVE-2018-8627, CVE-2018-8628, CVE-2018-8636

Update Details Risk is updated

147420 - SuSE Linux 15.0 openSUSE-SU-2018:4043-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-17953

Update Details Risk is updated

131255 - Debian Linux 9.0 DSA-4347-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314

Update Details Risk is updated

147218 - SuSE SLED 12 SP3 SUSE-SU-2018:3343-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2018-5800, CVE-2018-5801, CVE-2018-5802, CVE-2018-5810, CVE-2018-5813

Update Details Risk is updated

182827 - FreeBSD Gitlab Multiple Vulnerabilities (b9591212-dba7-11e8-9416-001b217b3468)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: High CVE: CVE-2018-18640, CVE-2018-18641, CVE-2018-18642, CVE-2018-18643, CVE-2018-18644, CVE-2018-18645, CVE-2018- 18646, CVE-2018-18647, CVE-2018-18648, CVE-2018-18649

Update Details Risk is updated

186503 - Linux 14.04, 16.04, 18.04, 18.10 USN-3834-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314

Update Details Risk is updated

186505 - Ubuntu Linux 14.04, 16.04, 18.04 USN-3838-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2018-5807, CVE-2018-5810, CVE-2018-5811, CVE-2018-5812, CVE-2018-5813, CVE-2018-5815, CVE-2018-5816

Update Details Risk is updated 194021 - Fedora Linux 28 FEDORA-2018-f37cbaafdf Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2018-5815, CVE-2018-5816

Update Details Risk is updated

194051 - Fedora Linux 27 FEDORA-2018-baa8315daa Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2018-5815, CVE-2018-5816

Update Details Risk is updated

194531 - Fedora Linux 29 FEDORA-2018-f467c36c2b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2018-19486

Update Details Risk is updated

194544 - Fedora Linux 29 FEDORA-2018-9dbe983805 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314

Update Details Risk is updated

24490 - INVT Electric VT-Designer Multiple Vulnerabilities (ICSA-18-333-01)

Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2018-18983, CVE-2018-18987

Update Details Risk is updated

146483 - SuSE Linux 42.3 openSUSE-SU-2018:0731-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-5800, CVE-2018-5801, CVE-2018-5802 Update Details Risk is updated

147467 - SuSE Linux 15.0, 42.3 openSUSE-SU-2018:4124-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-19968, CVE-2018-19969, CVE-2018-19970

Update Details Risk is updated

163730 - Oracle Enterprise Linux ELSA-2018-3065 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-5800, CVE-2018-5801, CVE-2018-5802, CVE-2018-5805, CVE-2018-5806

Update Details Risk is updated

175476 - Scientific Linux Security ERRATA Moderate: libkdcraw on SL7.x x86_64 (1811-6180)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2018-5800, CVE-2018-5801, CVE-2018-5802, CVE-2018-5805, CVE-2018-5806

Update Details Risk is updated

182608 - FreeBSD libraw Multiple DoS Vulnerabilities (c60804f1-126f-11e8-8b5b-4ccc6adda413)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-16909, CVE-2017-16910

Update Details Risk is updated

182609 - FreeBSD libraw Multiple DoS Vulnerabilities (6f0b0cbf-1274-11e8-8b5b-4ccc6adda413)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-5800, CVE-2018-5801, CVE-2018-5802

Update Details Risk is updated

186152 - Ubuntu Linux 14.04, 16.04, 17.10 USN-3615-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-16909, CVE-2017-16910, CVE-2018-5800, CVE-2018-5801, CVE-2018-5802

Update Details Risk is updated

196128 - Red Hat Enterprise Linux RHSA-2018-3065 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-5800, CVE-2018-5801, CVE-2018-5802, CVE-2018-5805, CVE-2018-5806

Update Details Risk is updated

24508 - Wireshark Multiple Vulnerabilities Prior To 2.6.5

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625, CVE-2018-19626, CVE-2018-19627, CVE-2018- 19628

Update Details Risk is updated

147213 - SuSE SLES 11 SP4 SUSE-SU-2018:3156-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

147417 - SuSE Linux 15.0 openSUSE-SU-2018:4041-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-16476

Update Details Risk is updated

147446 - SuSE Linux 15.0 openSUSE-SU-2018:4156-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-10851, CVE-2018-14626

Update Details Risk is updated

147451 - SuSE Linux 15.0 openSUSE-SU-2018:4152-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-10851, CVE-2018-14626, CVE-2018-14644, CVE-2018-16855

Update Details Risk is updated

147461 - SuSE Linux 15.0 openSUSE-SU-2018:4174-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-15750, CVE-2018-15751

Update Details Risk is updated

147476 - SuSE Linux 42.3 openSUSE-SU-2018:4151-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-10851, CVE-2018-14626, CVE-2018-14644

Update Details Risk is updated

147502 - SuSE Linux 42.3 openSUSE-SU-2018:4197-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-15750, CVE-2018-15751

Update Details Risk is updated

182798 - FreeBSD asterisk Remote Crash Vulnerability In HTTP Websocket Upgrade (77f67b46-bd75-11e8-81b6- 001999f8d30b)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-17281

Update Details Risk is updated

182811 - FreeBSD tinc Buffer Overflow (a4eb38ea-cc06-11e8-ada4-408d5cf35399)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-16737, CVE-2018-16738, CVE-2018-16758

Update Details Risk is updated

182828 - FreeBSD salt Multiple Vulnerabilities (4f7c6af3-6a2c-4ead-8453-04e509688d45)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-15750, CVE-2018-15751

Update Details Risk is updated

182839 - FreeBSD Flash Player Information Disclosure (b69292e8-e798-11e8-ae07-6451062f0f7a)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-15978

Update Details Risk is updated

182843 - FreeBSD powerdns Multiple Vulnerabilities (0aee2f13-ec1d-11e8-8c92-6805ca2fa271)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-10851, CVE-2018-14626

Update Details Risk is updated

182845 - FreeBSD powerdns-recursor Multiple Vulnerabilities (e9aa0e4c-ea8b-11e8-a5b7-00e04c1ea73d)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-10851, CVE-2018-14626, CVE-2018-14644

Update Details Risk is updated

182852 - FreeBSD Rails Active Job Vulnerability (f96044a2-7df9-414b-9f6b-6e5b85d06c86)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-16476

Update Details Risk is updated 182860 - FreeBSD powerdns-recursor Crafted Query Can Cause A Denial Of Service (f6d6308a-f2ec-11e8-b005- 6805ca2fa271)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-16855

Update Details Risk is updated

194333 - Fedora Linux 28 FEDORA-2018-9a6af7815a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-12543

Update Details Risk is updated

194347 - Fedora Linux 29 FEDORA-2018-ff1fdf28aa Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-12543

Update Details Risk is updated

194348 - Fedora Linux 29 FEDORA-2018-ac14dbf3fd Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

194349 - Fedora Linux 29 FEDORA-2018-71fd5db181 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

194351 - Fedora Linux 29 FEDORA-2018-9860917db0 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647 Update Details Risk is updated

194353 - Fedora Linux 28 FEDORA-2018-7689556ab2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

194356 - Fedora Linux 28 FEDORA-2018-d3b53d81e6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

194374 - Fedora Linux 29 FEDORA-2018-ee97fc9e81 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

194420 - Fedora Linux 28 FEDORA-2018-bbbd8cc3a6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

194421 - Fedora Linux 28 FEDORA-2018-49d6e4bc3f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

194460 - Fedora Linux 28 FEDORA-2018-2ff7cdbb7b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-10851, CVE-2018-14626

Update Details Risk is updated

194462 - Fedora Linux 29 FEDORA-2018-85fc964de8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-10851, CVE-2018-14626

Update Details Risk is updated

194540 - Fedora Linux 28 FEDORA-2018-5ed8fb9efa Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

194558 - Fedora Linux 29 FEDORA-2018-4544e8dbc8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

194564 - Fedora Linux 29 FEDORA-2018-937e8a39c4 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14647

Update Details Risk is updated

194581 - Fedora Linux 29 FEDORA-2018-7ebfe1e6f2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-19518, CVE-2018-19935

Update Details Risk is updated 194585 - Fedora Linux 28 FEDORA-2018-c341b70641 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-10851, CVE-2018-14626, CVE-2018-14644, CVE-2018-16855

Update Details Risk is updated

194587 - Fedora Linux 28 FEDORA-2018-dfe1f0bac6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-19518, CVE-2018-19935

Update Details Risk is updated

194598 - Fedora Linux 29 FEDORA-2018-e14840a7f5 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-10851, CVE-2018-14626, CVE-2018-14644, CVE-2018-16855

Update Details Risk is updated

196191 - Red Hat Enterprise Linux RHSA-2018-3618 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-15978

Update Details Risk is updated

24509 - Wireshark Multiple Vulnerabilities Prior To 2.4.11

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625, CVE-2018-19626, CVE-2018-19627

Update Details Risk is updated

131219 - Debian Linux 9.0 DSA-4312-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-16738, CVE-2018-16758 Update Details Risk is updated

147346 - SuSE Linux 15.0 openSUSE-SU-2018:3798-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-11797

Update Details Risk is updated

147452 - SuSE Linux 15.0 openSUSE-SU-2018:4144-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-19519

Update Details Risk is updated

147469 - SuSE SLES 12 SP3, 12 SP4, SLED 12 SP3, 12 SP4 SUSE-SU-2018:4149-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-19519

Update Details Risk is updated

182813 - FreeBSD Gitlab Multiple Vulnerabilities (23413442-c8ea-11e8-b35c-001b217b3468)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-17939, CVE-2018-17975, CVE-2018-17976

Update Details Risk is updated

193085 - Fedora Linux 26 FEDORA-2017-e68e87955b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2017-16910

Update Details Risk is updated

193891 - Fedora Linux 28 FEDORA-2018-866bd0e3c2 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-5801

Update Details Risk is updated

193990 - Fedora Linux 27 FEDORA-2018-ae1ced8fb6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-5801

Update Details Risk is updated

194524 - Fedora Linux 29 FEDORA-2018-9f375c6c01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14663

Update Details Risk is updated

194526 - Fedora Linux 28 FEDORA-2018-ef486b9e50 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-14663

Update Details Risk is updated

194618 - Fedora Linux 29 FEDORA-2018-4be0428ab2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2018-19787

Update Details Risk is updated

70074 - mcafee.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational CVE: CVE-MAP-NOMATCH

Update Details FASLScript is updated HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.com Multi-National Phone Support available here: http://www.mcafee.com/us/about/contact/index.html Non-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2019 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates