DOCSLIB.ORG

Mcafee Foundstone Fsl Update

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mcafee Foundstone Fsl Update 2016-OCT-13 FSL version 7.5.857 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 191256 - Fedora Linux 25 FEDORA-2016-81e5a36d8c Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2016-7116, CVE-2016-7161, CVE-2016-7777 Description The scan detected that the host is missing the following update: FEDORA-2016-81e5a36d8c Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2016/10/?count=200&page=3 Fedora Core 25 xen-4.7.0-6.fc25 130604 - Debian Linux 8.0 DSA-3688-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2015-4000, CVE-2015-7181, CVE-2015-7182, CVE-2015-7575, CVE-2016-1938, CVE-2016-1950, CVE-2016-1978, CVE- 2016-1979, CVE-2016-2834 Description The scan detected that the host is missing the following update: DSA-3688-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2016/dsa-3688 Debian 8.0 all libnss3-tools_2:3.26-1+debu8u1 libnss3-1d_2:3.26-1+debu8u1 libnss3_2:3.26-1+debu8u1 libnss3-dbg_2:3.26-1+debu8u1 libnss3-dev_2:3.26-1+debu8u1 144916 - SuSE Linux 13.2 openSUSE-SU-2016:2496-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2016-1669, CVE-2016-2178, CVE-2016-2183, CVE-2016-5325, CVE-2016-6304, CVE-2016-6306, CVE-2016-7052, CVE- 2016-7099 Description The scan detected that the host is missing the following update: openSUSE-SU-2016:2496-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://lists.opensuse.org/opensuse-updates/2016-10/msg00032.html SuSE Linux 13.2 i586 nodejs-devel-4.6.0-24.2 nodejs-debugsource-4.6.0-24.2 nodejs-debuginfo-4.6.0-24.2 nodejs-4.6.0-24.2 noarch nodejs-doc-4.6.0-24.2 x86_64 nodejs-devel-4.6.0-24.2 nodejs-debugsource-4.6.0-24.2 nodejs-debuginfo-4.6.0-24.2 nodejs-4.6.0-24.2 178220 - Gentoo Linux GLSA-201610-05 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: High CVE: CVE-2014-0032, CVE-2014-3504, CVE-2014-3522, CVE-2014-3528, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, CVE- 2015-3184, CVE-2015-3187, CVE-2015-5259, CVE-2016-2167, CVE-2016-2168 Description The scan detected that the host is missing the following update: GLSA-201610-05 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://security.gentoo.org/glsa/201610-05 Affected packages: dev-vcs/subversion < 1.9.4 net-libs/serf < 1.3.7 20473 - Navis WebAccess SQL Injection Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> SCADA Risk Level: High CVE: CVE-2016-5817 Description A SQL injection vulnerability is present in some versions of Navis WebAccess. Observation Navis WebAccess is a web-based application that provides the operator and its constituents with real-time, online access to operational logistics information. A SQL injection vulnerability is present in some versions of Navis WebAccess. The flaw lies in showNotice.do. Successful exploitation could allow an attacker to execute arbitrary code. 20615 - Mozilla Firefox Multiple Vulnerabilities Prior To 49 Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-2827, CVE-2016-5256, CVE-2016-5257, CVE-2016-5270, CVE-2016-5271, CVE-2016-5272, CVE-2016-5273, CVE- 2016-5274, CVE-2016-5275, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5279, CVE-2016-5280, CVE-2016-5281, CVE-2016-5282, CVE-2016-5283, CVE-2016-5284 Description Multiple vulnerabilities are present in some versions of Mozilla Firefox. Observation Mozilla Firefox is a popular web browser. Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in several components. Successful exploitation could allow an attacker to cause a denial of service condition, conduct spoofing attacks, retrieve sensitive data, remotely execute arbitrary code or have other unspecified impact on the target system. 20616 - Mozilla Firefox Multiple Vulnerabilities Prior To 49 Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2016-2827, CVE-2016-5256, CVE-2016-5257, CVE-2016-5270, CVE-2016-5271, CVE-2016-5272, CVE-2016-5273, CVE- 2016-5274, CVE-2016-5275, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5279, CVE-2016-5280, CVE-2016-5281, CVE-2016-5282, CVE-2016-5283, CVE-2016-5284 Description Multiple vulnerabilities are present in some versions of Mozilla Firefox. Observation Mozilla Firefox is a popular web browser. Multiple vulnerabilities are present in some versions of Mozilla Firefox. The flaws lie in several components. Successful exploitation could allow an attacker to cause a denial of service condition, conduct spoofing attacks, retrieve sensitive data, remotely execute arbitrary code or have other unspecified impact on the target system. 20694 - Moxa Active OPC Server Unquoted Service Path Escalation Vulnerability Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-5793 Description A vulnerability is present in some versions of Moxa Active OPC Server. Observation Moxa Active OPC Server is a software interface that interacts with SCADA or HMI systems. A vulnerability is present in some versions of Moxa Active OPC Server. The flaw lies in how the product handles the user-provided input in search path fields. Successful exploitation could allow an attacker to escalate privileges. Exploitation requires local access to the vulnerable system. 130603 - Debian Linux 8.0 DSA-3689-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE- 2016-7131, CVE-2016-7132, CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418 Description The scan detected that the host is missing the following update: DSA-3689-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2016/dsa-3689 Debian 8.0 all php5_5.6.26+dfsg-0+deb8u1 130605 - Debian Linux 8.0 DSA-3687-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2016-1951 Description The scan detected that the host is missing the following update: DSA-3687-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2016/dsa-3687 Debian 8.0 all libnspr4-dev_2:4.12-1+debu8u1 libnspr4_2:4.12-1+debu8u1 libnspr4-dbg_2:4.12-1+debu8u1 libnspr4-0d_2:4.12-1+debu8u1 130606 - Debian Linux 8.0 DSA-3690-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2016-5257 Description The scan detected that the host is missing the following update: DSA-3690-1 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://www.debian.org/security/2016/dsa-3690 Debian 8.0 all icedove_1:45.4.0-1~deb8u1 132284 - Oracle VM OVMSA-2016-0139 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle VM Patches and Hotfixes Risk Level: High CVE: CVE-2016-3134, CVE-2016-5829 Description The scan detected that the host is missing the following update: OVMSA-2016-0139 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/oraclevm-errata/2016-October/000557.html OVM3.3 x86_64 kernel-uek-firmware-3.8.13-118.13.2.el6uek kernel-uek-3.8.13-118.13.2.el6uek 132285 - Oracle VM OVMSA-2016-0138 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Oracle VM Patches and Hotfixes Risk Level: High CVE: CVE-2016-3134, CVE-2016-5829 Description The scan detected that the host is missing the following update: OVMSA-2016-0138 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: http://oss.oracle.com/pipermail/oraclevm-errata/2016-October/000556.html OVM3.4 x86_64 kernel-uek-firmware-4.1.12-61.1.13.el6uek kernel-uek-4.1.12-61.1.13.el6uek 141298 - Red Hat Enterprise Linux RHSA-2016-2047 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2016-7039 Description The scan detected that the host is missing the following update: RHSA-2016-2047 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://rhn.redhat.com/errata/RHSA-2016-2047.html RHEL7D x86_64 kernel-debug-devel-3.10.0-327.36.2.el7 perf-debuginfo-3.10.0-327.36.2.el7 python-perf-debuginfo-3.10.0-327.36.2.el7 kernel-tools-debuginfo-3.10.0-327.36.2.el7 kernel-debug-3.10.0-327.36.2.el7 kernel-tools-3.10.0-327.36.2.el7
Load more

Recommended publications
  • Mcafee Foundstone Fsl Update
    2016-JUL-14 FSL version 7.5.834 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 20245 - IBM WebSphere Application Server Apache Struts Multiple Vulnerabilities Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2016-1181, CVE-2016-1182 Description Multiple vulnerabilities are present in some versions of IBM WebSphere Application Server. Observation IBM WebSphere Application Server is a Java application server. Multiple vulnerabilities are present in some versions of IBM WebSphere Application Server. The flaws lie in Apache Struts component. Successful exploitation could allow an attacker to execute arbitrary code. 144735 - SuSE Linux 13.1 openSUSE-SU-2016:1767-1 Update Is Not Installed Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2016-1952, CVE-2016-1953, CVE-2016-1954, CVE-2016-1955, CVE-2016-1956, CVE-2016-1957, CVE-2016-1960, CVE- 2016-1961, CVE-2016-1964, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016- 2801, CVE-2016-2802, CVE-2016-2806, CVE-2016-2807, CVE-2016-2815, CVE-2016-2818 Description The scan detected that the host is missing the following update: openSUSE-SU-2016:1767-1 Observation Updates often remediate critical security problems that should be quickly addressed.
    [Show full text]
  • Wrobel: "Gentoo Linux"
    Wrobel: Gentoo Linux Gunnar Wrobel: "Gentoo Linux" (http://creativecommons.org/licenses/by-sa/3.0/de/) Original Edition: Open Source Press (http://www.opensourcepress.de) Gunnar Wrobel: "Gentoo Linux" (http://creativecommons.org/licenses/by-sa/3.0/de/) Original Edition: Open Source Press (http://www.opensourcepress.de) Gunnar Wrobel Gentoo Linux Installation – Konfiguration – Administration Gunnar Wrobel: "Gentoo Linux" (http://creativecommons.org/licenses/by-sa/3.0/de/) Original Edition: Open Source Press (http://www.opensourcepress.de) Alle in diesem Buch enthaltenen Programme, Darstellungen und Informationen wurden nach bestem Wissen erstellt. Dennoch sind Fehler nicht ganz auszuschließen. Aus diesem Grunde sind die in dem vorliegenden Buch enthaltenen Informationen mit keiner Verpflichtung oder Garantie irgendeiner Art verbunden. Autor(en), Herausgeber, Übersetzer und Verlag übernehmen infolgedessen keine Verantwor- tung und werden keine daraus folgende Haftung übernehmen, die auf irgendeine Art aus der Benutzung dieser Informationen – oder Teilen davon – entsteht, auch nicht für die Verletzung von Patentrechten, die daraus resultieren können. Ebenso wenig übernehmen Autor(en) und Verlag die Gewähr dafür, dass die beschriebenen Verfahren usw. frei von Schutzrechten Dritter sind. Die in diesem Werk wiedergegebenen Gebrauchsnamen, Handelsnamen, Warenbezeichnungen usw. werden ohne Gewährleistung der freien Verwendbarkeit benutzt und können auch ohne besondere Kennzeichnung eingetragene Marken oder Warenzeichen sein und als solche den gesetzlichen
    [Show full text]
  • 20 Linux Server Hardening Security Tips - Nixcraft
    10/29/2014 20 Linux Server Hardening Security Tips - nixCraft About Contact us Forums Home Linux How-to & Tutorials Shell Scripts RSS/Feed nixCraft 20 Linux Server Hardening Security Tips by nixCraft on October 30, 2009 · 130 comments· LAST UPDATED January 25, 2014 in Debian Linux, fedora linux, Gentoo Linux Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system. Linux Server Hardening Checklist and Tips The following instructions assume that you are using CentOS/RHEL or Ubuntu/Debian based Linux distribution. #1: Encrypt Data Communication All data transmitted over a network is open to monitoring. Encrypt transmitted data whenever possible with password or using keys / certificates. 1. Use scp, ssh, rsync, or sftp for file transfer. You can also mount remote server file system or your own home directory using special sshfs and fuse tools. 2. GnuPG allows to encrypt and sign your data and communication, features a versatile key managment system as well as access modules for all kind of public key directories. 3. Fugu is a graphical frontend to the commandline Secure File Transfer application (SFTP). SFTP is similar to FTP, but unlike FTP, the entire session is encrypted, meaning no passwords are sent in cleartext form, and is thus much less vulnerable to third-party interception. Another option is FileZilla - a cross-platform client that supports FTP, FTP over SSL/TLS (FTPS), and SSH File Transfer Protocol (SFTP).
    [Show full text]
  • Mcafee Foundstone Fsl Update
    2016-NOV-03 FSL version 7.5.862 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 141313 - Red Hat Enterprise Linux RHSA-2016-2131 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6662, CVE- 2016-6663, CVE-2016-8283 Description The scan detected that the host is missing the following update: RHSA-2016-2131 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://rhn.redhat.com/errata/RHSA-2016-2131.html RHEL6_6S x86_64 mariadb55-mariadb-libs-5.5.53-1.el6 mariadb55-mariadb-bench-5.5.53-1.el6 mariadb55-mariadb-devel-5.5.53-1.el6 mariadb55-mariadb-5.5.53-1.el6 mariadb55-mariadb-debuginfo-5.5.53-1.el6 mariadb55-mariadb-test-5.5.53-1.el6 mariadb55-mariadb-server-5.5.53-1.el6 RHEL6S x86_64 mariadb55-mariadb-libs-5.5.53-1.el6 mariadb55-mariadb-bench-5.5.53-1.el6 mariadb55-mariadb-devel-5.5.53-1.el6 mariadb55-mariadb-5.5.53-1.el6 mariadb55-mariadb-debuginfo-5.5.53-1.el6 mariadb55-mariadb-test-5.5.53-1.el6 mariadb55-mariadb-server-5.5.53-1.el6 RHEL6WS x86_64 mariadb55-mariadb-libs-5.5.53-1.el6 mariadb55-mariadb-bench-5.5.53-1.el6 mariadb55-mariadb-devel-5.5.53-1.el6 mariadb55-mariadb-5.5.53-1.el6 mariadb55-mariadb-debuginfo-5.5.53-1.el6
    [Show full text]
  • Php-Pear Rpm Download
    Php-pear rpm download click here to download Package, Summary, Distribution, Download. www.doorway.ru, PEAR - PHP Extension and Application Repository, Mandriva for i, www.doorway.ru · www.doorway.ru, PEAR - PHP Extension and Application Repository, Mandriva Package, Summary, Distribution, Download. www.doorway.ru, PEAR: Database Abstraction Layer, Fedora 27 for sx, www.doorway.ru · www.doorway.ru, PEAR: Database Abstraction Layer, Fedora Rawhide for armhfp, www.doorway.ru Package, Summary, Distribution, Download. www.doorway.ru, Abstracted logging facility for PHP, Fedora 27 for sx, www.doorway.ru · www.doorway.ru, Abstracted logging facility for PHP, Fedora Rawhide for sx. Package, Summary, Distribution, Download. www.doorway.ru, Abstraction of various SASL mechanism responses, Fedora 27 for sx, www.doorway.ru · www.doorway.ru, Abstraction of various SASL mechanism responses, Fedora. Download phpphp-pear(PEAR) packages for CentOS, Fedora. Package name: php-pear. Package version: Package release: www.doorway.ru6. Package architecture: noarch. Package type: rpm. Installed size: MB. Download size: KB. Official Mirror: www.doorway.ru PEAR is a framework and distribution system for reusable PHP components. This package contains the basic. php-pear-DB - PEAR: Database Abstraction Layer. Distribution: CentOS 6. Repository: EPEL i Package name: php-pear-DB. Package version: Package release: www.doorway.ru6. Package architecture: noarch. Package type: rpm. Installed size: KB. Download size: KB. Official Mirror: www.doorway.ru php-pear-DB - PEAR: Database Abstraction Layer. Distribution: CentOS 7. Repository: EPEL x86_ Package name: php-pear-DB. Package version: Package release: www.doorway.ru7. Package architecture: noarch. Package type: rpm. Installed size: KB. Download size: KB.
    [Show full text]