2018-NOV-28 FSL version 7.6.71 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 24474 - (VMSA-2018-0029) VMware vSphere Data Protection Multiple Vulnerabilities Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077 Description Multiple vulnerabilities are present in some versions of VMware vSphere Data Protection. Observation VMware vSphere Data Protection is a backup management, recovery and replication utility for virtual machines. Multiple vulnerabilities are present in some versions of VMware vSphere Data Protection. The flaw lies in multiple components. Successful exploitation could allow a remote attacker to execute arbitrary commands, obtain sensitive information, or conduct phishing attacks. 194479 - Fedora Linux 27 FEDORA-2018-b68776e5b0 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-1000405, CVE-2017-12193, CVE-2017-15115, CVE-2017-16532, CVE-2017-16538, CVE-2017-16644, CVE-2017- 16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017- 17712, CVE-2017-17741, CVE-2017-17852, CVE-2017-17853, CVE-2017-17854, CVE-2017-17855, CVE-2017-17856, CVE-2017- 17857, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864, CVE-2017-18232, CVE-2017-8824, CVE-2018-1000004, CVE-2018- 1000026, CVE-2018-10021, CVE-2018-10322, CVE-2018-10323, CVE-2018-1065, CVE-2018-10840, CVE-2018-10853, CVE-2018- 1108, CVE-2018-1120, CVE-2018-11506, CVE-2018-12232, CVE-2018-12633, CVE-2018-12714, CVE-2018-12896, CVE-2018- 13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-13405, CVE-2018-14633, CVE-2018-14678, CVE-2018- 14734, CVE-2018-15471, CVE-2018-17182, CVE-2018-18710, CVE-2018-3620, CVE-2018-3639, CVE-2018-3646, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344, CVE-2018-5391, CVE-2018-5750, CVE-2018-5803, CVE-2018-7757, CVE-2018-7995, CVE-2018- 8043 Description The scan detected that the host is missing the following update: FEDORA-2018-b68776e5b0 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/11/?count=200&page=1 Fedora Core 27 kernel-4.18.19-100.fc27 kernel-tools-4.18.19-100.fc27 kernel-headers-4.18.19-100.fc27 194496 - Fedora Linux 28 FEDORA-2018-1621b2204a Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2018-10322, CVE-2018-10323, CVE-2018-10840, CVE-2018-10853, CVE-2018-1108, CVE-2018-1120, CVE-2018-11506, CVE-2018-12232, CVE-2018-12633, CVE-2018-12714, CVE-2018-12896, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-13405, CVE-2018-14633, CVE-2018-14678, CVE-2018-14734, CVE-2018-15471, CVE-2018-17182, CVE-2018-18710, CVE-2018-3620, CVE-2018-3639, CVE-2018-3646, CVE-2018-5391 Description The scan detected that the host is missing the following update: FEDORA-2018-1621b2204a Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/11/?count=200&page=2 Fedora Core 28 kernel-tools-4.19.2-200.fc28 kernel-headers-4.19.2-200.fc28 kernel-4.19.2-200.fc28 24443 - (HT209193) Apple macOS Multiple Vulnerabilities Prior To 10.14.1 Category: SSH Module -> NonIntrusive -> Mac OS X Patches and Hotfixes Risk Level: High CVE: CVE-2017-0898, CVE-2017-10784, CVE-2017-12613, CVE-2017-12618, CVE-2017-14033, CVE-2017-14064, CVE-2017- 17405, CVE-2017-17742, CVE-2018-3639, CVE-2018-3640, CVE-2018-3646, CVE-2018-4126, CVE-2018-4153, CVE-2018-4203, CVE-2018-4242, CVE-2018-4259, CVE-2018-4286, CVE-2018-4287, CVE-2018-4288, CVE-2018-4291, CVE-2018-4295, CVE-2018- 4304, CVE-2018-4308, CVE-2018-4310, CVE-2018-4326, CVE-2018-4331, CVE-2018-4334, CVE-2018-4340, CVE-2018-4341, CVE- 2018-4342, CVE-2018-4346, CVE-2018-4348, CVE-2018-4350, CVE-2018-4354, CVE-2018-4368, CVE-2018-4369, CVE-2018-4371, CVE-2018-4389, CVE-2018-4393, CVE-2018-4394, CVE-2018-4395, CVE-2018-4396, CVE-2018-4398, CVE-2018-4399, CVE-2018- 4400, CVE-2018-4401, CVE-2018-4402, CVE-2018-4403, CVE-2018-4406, CVE-2018-4407, CVE-2018-4408, CVE-2018-4410, CVE- 2018-4411, CVE-2018-4412, CVE-2018-4413, CVE-2018-4415, CVE-2018-4417, CVE-2018-4418, CVE-2018-4419, CVE-2018-4420, CVE-2018-4422, CVE-2018-4423, CVE-2018-4424, CVE-2018-4425, CVE-2018-4426, CVE-2018-6797, CVE-2018-6914, CVE-2018- 8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780 Description Multiple vulnerabilities are present in some versions of Apple macOS. Observation Apple macOS is the operating system developed by Apple. Multiple vulnerabilities are present in some versions of Apple macOS. The flaws lie in several components. Successful exploitation could allow an attacker to retrieve sensitive data, escalate privileges, cause a denial of service condition, conduct spoofing attacks or remotely execute arbitrary code on the target system. 24454 - PostgreSQL Sql Injection Vulnerability (November 2018) Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-16850 Description An SQLInjection vulnerability is present in some versions of PostgreSQL. Observation PostgreSQL is an open-source object-relational database management system. An SQLInjection vulnerability is present in some versions of PostgreSQL. The flaws lie in Core Server component. Successful exploitation could allow an attacker to gain elevated privileges on the target system. 175479 - Scientific Linux Security ERRATA Critical: python-paramiko on SL7.x (noarch) (1811-13751) Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: High CVE: CVE-2018-1000805 Description The scan detected that the host is missing the following update: Security ERRATA Critical: python-paramiko on SL7.x (noarch) (1811-13751) Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://listserv.fnal.gov/scripts/wa.exe?A2=ind1811&L=scientific-linux-errata&F=&S=&P=13751 SL7 noarch python-paramiko-2.1.1-9.el7 python-paramiko-doc-2.1.1-9.el7 175487 - Scientific Linux Security ERRATA Moderate: glibc on SL7.x x86_64 (1811-9362) Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes Risk Level: High CVE: CVE-2017-16997, CVE-2018-11236, CVE-2018-11237, CVE-2018-6485 Description The scan detected that the host is missing the following update: Security ERRATA Moderate: glibc on SL7.x x86_64 (1811-9362) Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://listserv.fnal.gov/scripts/wa.exe?A2=ind1811&L=scientific-linux-errata&F=&S=&P=9362 SL7 x86_64 glibc-headers-2.17-260.el7 glibc-static-2.17-260.el7 glibc-utils-2.17-260.el7 nscd-2.17-260.el7 glibc-debuginfo-2.17-260.el7 glibc-2.17-260.el7 glibc-common-2.17-260.el7 glibc-devel-2.17-260.el7 glibc-debuginfo-common-2.17-260.el7 194478 - Fedora Linux 27 FEDORA-2018-fe24359b69 Update Is Not Installed Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2017-15588, CVE-2017-15589, CVE-2017-15590, CVE-2017-15591, CVE-2017-15592, CVE-2017-15593, CVE-2017- 15594, CVE-2017-15595, CVE-2017-15597, CVE-2017-17044, CVE-2017-17045, CVE-2017-17563, CVE-2017-17564, CVE-2017- 17565, CVE-2017-17566, CVE-2018-10981, CVE-2018-10982, CVE-2018-12891, CVE-2018-12892, CVE-2018-12893, CVE-2018- 15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-18883, CVE-2018-3620, CVE-2018-3639, CVE-2018-3646, CVE-2018-3665, CVE-2018-7540, CVE-2018-7541, CVE-2018-7542, CVE-2018-8897 Description The scan detected that the host is missing the following update: FEDORA-2018-fe24359b69 Observation Updates often remediate critical security problems that should be quickly addressed. For more information see: https://lists.fedoraproject.org/archives/list/[email protected]/2018/11/?count=200&page=1 Fedora Core 27 xen-4.9.3-3.fc27 24371 - Joomla CSRF Hardening In com_installer Vulnerability (20181005) Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High CVE: CVE-2018-17858 Description A vulnerability is present in some versions of Joomla. Observation Joomla is an open source content management system. A vulnerability is present in some versions of Joomla. The flaw is related to com_installer actions. Successful exploitation could allow an attacker to conduct cross-site request forgery attacks. 24457 - (APSB18-43) Vulnerability In Adobe Photoshop CC Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2018-15980 Description A Vulnerability is present in some versions of Adobe Photoshop CC. Observation Adobe Photoshop CC is a product for media editing and management. A Vulnerability is present in some versions of Adobe Photoshop CC. The flaw is due to an out-of-bounds read. Successful exploitation could allow an attacker to disclose sensitive information on the target system. 24458 - (APSB18-43) Vulnerability In Adobe Photoshop CC Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2018-15980 Description A Vulnerability is present in some versions of Adobe Photoshop CC. Observation Adobe Photoshop CC is a product for media editing and management.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages92 Page
-
File Size-