McAfee Foundstone FSL Update · CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370,...

2018-JUN-28FSL version 7.6.33

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is adetailed summary of the new and updated checks included with this release.

NEW CHECKS

23766 - IBM WebSphere MQ Multiple Vulnerabilities (swg22014651)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2016-0705, CVE-2017-3732, CVE-2017-3736, CVE-2018-1426, CVE-2018-1427, CVE-2018-1428, CVE-2018-1447

DescriptionMultiple vulnerabilities are present in some versions of IBM WebSphere MQ.

ObservationIBM WebSphere MQ is a popular cross platform messaging system.

Multiple vulnerabilities are present in some versions of IBM WebSphere MQ. The flaws lie in multiple components. Successful exploitation could allow an attacker to obtain sensitive information or cause a denial of service condition.

146818 - SuSE Linux 42.3 openSUSE-SU-2018:1770-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-1000469

DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2018:1770-1

ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

http://lists.opensuse.org/opensuse-updates/2018-06/msg00112.html

SuSE Linux 42.3noarchcobbler-web-2.6.6-14.1cobbler-2.6.6-14.1koan-2.6.6-14.1cobbler-tests-2.6.6-14.1

163644 - Oracle Enterprise Linux ELSA-2018-1860 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: High

CVE: CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2008-1105, CVE-2008-3789, CVE-2008-4314, CVE-2009-2813,CVE-2009-2906, CVE-2009-2948, CVE-2009-3297, CVE-2010-0728, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0244, CVE-2014-3493, CVE-2015-0240, CVE-2015-5252,CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118, CVE-2016-2125, CVE-2016-2126, CVE-2017-12150, CVE-2017-12163, CVE-2017-2619, CVE-2017-7494, CVE-2018-1050

DescriptionThe scan detected that the host is missing the following update:ELSA-2018-1860


http://oss.oracle.com/pipermail/el-errata/2018-June/007809.html

OEL6x86_64samba-winbind-devel-3.6.23-51.0.1.el6samba-winbind-3.6.23-51.0.1.el6libsmbclient-3.6.23-51.0.1.el6samba-common-3.6.23-51.0.1.el6samba-glusterfs-3.6.23-51.0.1.el6libsmbclient-devel-3.6.23-51.0.1.el6samba-winbind-krb5-locator-3.6.23-51.0.1.el6samba-doc-3.6.23-51.0.1.el6samba-swat-3.6.23-51.0.1.el6samba-domainjoin-gui-3.6.23-51.0.1.el6samba-3.6.23-51.0.1.el6samba-winbind-clients-3.6.23-51.0.1.el6samba-client-3.6.23-51.0.1.el6

i386samba-domainjoin-gui-3.6.23-51.0.1.el6libsmbclient-3.6.23-51.0.1.el6samba-doc-3.6.23-51.0.1.el6samba-winbind-3.6.23-51.0.1.el6samba-winbind-devel-3.6.23-51.0.1.el6samba-client-3.6.23-51.0.1.el6libsmbclient-devel-3.6.23-51.0.1.el6samba-common-3.6.23-51.0.1.el6samba-3.6.23-51.0.1.el6samba-winbind-clients-3.6.23-51.0.1.el6samba-swat-3.6.23-51.0.1.el6samba-winbind-krb5-locator-3.6.23-51.0.1.el6


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2012-6701, CVE-2015-8830, CVE-2016-7910, CVE-2016-8650, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-1000251, CVE-2017-1000253, CVE-2017-1000364, CVE-2017-1000410, CVE-2017-11176, CVE-2017-12190, CVE-2017-13166,CVE-2017-14106, CVE-2017-15121, CVE-2017-18017, CVE-2017-18203, CVE-2017-2636, CVE-2017-2671, CVE-2017-5715,CVE-2017-5753, CVE-2017-5754, CVE-2017-6001, CVE-2017-6214, CVE-2017-7308, CVE-2017-7541, CVE-2017-7542, CVE-2017-7616, CVE-2017-7889, CVE-2017-7895, CVE-2017-8824, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2018-1130, CVE-2018-3639, CVE-2018-5803




OEL6x86_64perf-2.6.32-754.el6kernel-firmware-2.6.32-754.el6kernel-debug-devel-2.6.32-754.el6kernel-devel-2.6.32-754.el6kernel-abi-whitelists-2.6.32-754.el6kernel-2.6.32-754.el6python-perf-2.6.32-754.el6kernel-doc-2.6.32-754.el6kernel-headers-2.6.32-754.el6kernel-debug-2.6.32-754.el6

i386perf-2.6.32-754.el6kernel-firmware-2.6.32-754.el6kernel-debug-devel-2.6.32-754.el6kernel-devel-2.6.32-754.el6kernel-abi-whitelists-2.6.32-754.el6kernel-2.6.32-754.el6python-perf-2.6.32-754.el6kernel-doc-2.6.32-754.el6kernel-headers-2.6.32-754.el6kernel-debug-2.6.32-754.el6

193847 - Fedora Linux 28 FEDORA-2018-52ee188215 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-1000469

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-52ee188215


https://lists.fedoraproject.org/archives/list/[email protected]/2018/6/?count=200&page=3

Fedora Core 28

cobbler-2.8.3-2.fc28

193870 - Fedora Linux 27 FEDORA-2018-f96f72ce8f Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-f96f72ce8f



Fedora Core 27

cobbler-2.8.3-2.fc27

23743 - (HPESBHF03852) HPE Intelligent Management Center Wireless Service Manager RCE Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2017-8990

DescriptionA remote code execution vulnerability is present in some versions of HPE Intelligent Management Center.

ObservationHPE Intelligent Management Center (iMC) is an enterprise-class network management platform.

A remote code execution vulnerability is present in some versions of HPE Intelligent Management Center. The flaw lies in the Wireless Service Manager. Successful exploitation could allow an attacker to remotely execute arbitrary code on the target system.

23747 - (HT208853) Apple iCloud Vulnerabilities Prior To 7.5

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-4188, CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4200, CVE-2018-4201, CVE-2018-4204,CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4224, CVE-2018-4225, CVE-2018-4226, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246

DescriptionMultiple vulnerabilities are present in some versions of Apple iCloud.

ObservationApple iCloud is a manager for the Apple's cloud-based storage service.

Multiple vulnerabilities are present in some versions of Apple iCloud. The flaws lie in multiple components. Successful exploitation could allow an attacker to obtain sensitive information, arbitrary code execution or cause a denial-of-service.

23748 - Google Chrome Out Of Bound Write Vulnerability Prior To 67.0.3396.87

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-6149

DescriptionA vulnerability is present in some versions of Google Chrome.

ObservationGoogle Chrome is a popular web browser.

A vulnerability is present in some versions of Google Chrome. The flaw lies in V8 engine. Successful exploitation by an attacker can cause an out of bound write to arbitrary locations in memory.

23749 - Google Chrome Out Of Bound Write Vulnerability Prior To 67.0.3396.87

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-6149

DescriptionA vulnerability is present in some versions of Google Chrome.

ObservationGoogle Chrome is a popular web browser.

A vulnerability is present in some versions of Google Chrome. The flaw lies in V8 engine. Successful exploitation by an attacker can cause an out of bound write to arbitrary locations in memory.

23750 - Advantech WebAccess Multiple Vulnerabilities (ICSA-18-135-01)

Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: HighCVE: CVE-2018-10589, CVE-2018-10590, CVE-2018-10591, CVE-2018-7495, CVE-2018-7497, CVE-2018-7499, CVE-2018-7501,CVE-2018-7503, CVE-2018-7505, CVE-2018-8841, CVE-2018-8845

DescriptionMultiple vulnerabilities are present in some versions of Advantech WebAccess.

ObservationAdvantech WebAccess is a web-based HMI software application used in energy, manufacturing, and building automation systems.

Multiple vulnerabilities are present in some versions of Advantech WebAccess. The flaws lie in multiple components. Successful exploitation could allow a remote attacker to bypass authentication, to execute arbitrary code or disclose private information.

23752 - (HT208895) Apple Xcode Multiple Vulnerabilities Prior To 9.4.1

Category: SSH Module -> NonIntrusive -> Mac OS X Patches and HotfixesRisk Level: HighCVE: CVE-2018-11233, CVE-2018-11235

DescriptionMultiple vulnerabilities are present in some versions of Apple Xcode.

ObservationApple Xcode is an integrated development environment.

Multiple vulnerabilities are present in some versions of Apple Xcode. The flaws lie in the Git component. Successful exploitation could allow an attacker to execute arbitrary code.

23768 - (LFSEC00000125) Schneider Electric InTouch Machine Edition Remote Code Execution Vulnerability

Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-8840

DescriptionA vulnerability is present in some versions of Schneider Electric InTouch Machine Edition 2017.

ObservationSchneider Electric InTouch Machine Edition is a tool to build SCADA (Supervisory Control And Data Acquisition) or HMI (Human-Machine Interface) applications.

A vulnerability is present in some versions of Schneider Electric InTouch Machine Edition 2017. The flaw is due to improper handling of stack based buffer overflow condition. Successful exploitation by a remote attacker could result in the execution of arbitrary code.

146817 - SuSE Linux 15.0, 42.3 openSUSE-SU-2018:1811-1 Update Is Not Installed





SuSE Linux 15.0x86_64go1.9-1.9.7-lp150.2.4.2go1.9-race-1.9.7-lp150.2.4.2go-doc-1.9.7-lp150.2.4.1go1.9-doc-1.9.7-lp150.2.4.2go-race-1.9.7-lp150.2.4.1go-1.9.7-lp150.2.4.1

i586go1.9-doc-1.9.7-lp150.2.4.2go-1.9.7-lp150.2.4.1

go-doc-1.9.7-lp150.2.4.1go1.9-1.9.7-lp150.2.4.2

SuSE Linux 42.3x86_64go1.9-1.9.7-10.1go-doc-1.9.7-37.2go-1.9.7-37.2go1.9-race-1.9.7-10.1go1.9-doc-1.9.7-10.1go-race-1.9.7-37.2

i586go1.9-doc-1.9.7-10.1go-1.9.7-37.2go-doc-1.9.7-37.2go1.9-1.9.7-10.1


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2010-2237, CVE-2010-2238, CVE-2010-2239, CVE-2010-2242, CVE-2011-1146, CVE-2013-0170, CVE-2013-1962,CVE-2013-4296, CVE-2013-4311, CVE-2013-6458, CVE-2014-0179, CVE-2014-1447, CVE-2014-3633, CVE-2014-3657, CVE-2014-7823, CVE-2017-5715, CVE-2018-1064, CVE-2018-3639, CVE-2018-5748




OEL6x86_64libvirt-python-0.10.2-64.0.1.el6libvirt-devel-0.10.2-64.0.1.el6libvirt-0.10.2-64.0.1.el6libvirt-client-0.10.2-64.0.1.el6libvirt-lock-sanlock-0.10.2-64.0.1.el6

i386libvirt-python-0.10.2-64.0.1.el6libvirt-devel-0.10.2-64.0.1.el6libvirt-0.10.2-64.0.1.el6libvirt-client-0.10.2-64.0.1.el6

23764 - Cisco Adaptive Security Appliance Web Services Denial Of Service Vulnerability (sa-20180606-asaftd)

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-0296

Description

A vulnerability is present in some versions of Cisco Adaptive Security Appliance (ASA).

ObservationCisco Adaptive Security Appliance is a firewall device.

A vulnerability is present in some versions of Cisco Adaptive Security Appliance (ASA). The flaw lies in a bad handling of HTTP URLs. Successful exploitation could allow an unauthenticated remote attacker to retrieve sensitive information or cause denial of service condition in the target system.

23662 - (HPESBUX03818) HP-UX Secure Shell Multiple Vulnerabilities

Category: SSH Module -> NonIntrusive -> HP-UX Patches and HotfixesRisk Level: HighCVE: CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012

DescriptionMultiple vulnerabilities are present in some versions of HP-UX.

ObservationHP-UX is a Unix-based operating system.

Multiple vulnerabilities are present in some versions of HP-UX. The flaws lie in the Secure Shell daemon. Successful exploitation could allow an attacker to obtain sensitive information or execute arbitrary code.

23733 - (HT208852) Apple iTunes Vulnerabilities Prior To 12.7.5

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-4188, CVE-2018-4190, CVE-2018-4192, CVE-2018-4194, CVE-2018-4199, CVE-2018-4200, CVE-2018-4201,CVE-2018-4204, CVE-2018-4214, CVE-2018-4218, CVE-2018-4222, CVE-2018-4224, CVE-2018-4225, CVE-2018-4226, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246

DescriptionMultiple vulnerabilities are present in some versions of Apple iTunes.

ObservationApple iTunes is a media management software.

Multiple vulnerabilities are present in some versions of Apple iTunes. The flaws lie in several components. Successful exploitation could allow an attacker to remotely execute arbitrary code or disclose sensitive information on the target system.

23745 - (K52167636) F5 BIG-IP TMM Vulnerability

Category: SSH Module -> NonIntrusive -> F5Risk Level: HighCVE: CVE-2017-6153

DescriptionA vulnerability is present in some versions of F5 BIG-IP products.

ObservationF5's BIG-IP products are network appliances that run F5's Traffic Management Operating System.

A vulnerability is present in some versions of F5 BIG-IP products. The flaw lies in the TMM. Successful exploitation could allow an attacker to cause a denial of service condition on the target system.

23751 - Foxit PhantomPDF Multiple Safe Reading Mode Vulnerabilities (2017-08-22)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2017-10951, CVE-2017-10952

DescriptionMultiple vulnerabilities are present in some versions of Foxit PhantomPDF .

ObservationFoxit PhantomPDF is a fully featured solution for PDF documents handling.

Multiple vulnerabilities are present in some versions of Foxit PhantomPDF . The flaws lie in the Safe Reading Mode feature. Successful exploitation could allow an attacker to execute arbitrary code on the target system.

23755 - (K50254952) F5 BIG-IP Configuration utility Vulnerability

Category: SSH Module -> NonIntrusive -> F5Risk Level: HighCVE: CVE-2018-5523

DescriptionA vulnerability is present in some versions of F5's BIG-IP products.

ObservationF5's BIG-IP product is a network appliance that runs F5's Traffic Management Operating System.

A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in the Traffic Management User Interface. Successful exploitation could allow an attacker authenticated as administrative user to escalate privileges in the target system.


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-12581, CVE-2018-12613




SuSE Linux 15.0noarch

phpMyAdmin-4.8.2-lp150.2.3.1

SuSE Linux 42.3noarchphpMyAdmin-4.8.2-15.1

146816 - SuSE SLES 12 SP3, SLED 12 SP3 SUSE-SU-2018:1765-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2016-1549, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185

DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2018:1765-1


http://lists.suse.com/pipermail/sle-security-updates/2018-June/004208.html

SuSE SLED 12 SP3x86_64ntp-4.2.8p11-64.5.1ntp-debuginfo-4.2.8p11-64.5.1ntp-debugsource-4.2.8p11-64.5.1ntp-doc-4.2.8p11-64.5.1

SuSE SLES 12 SP3x86_64ntp-4.2.8p11-64.5.1ntp-debuginfo-4.2.8p11-64.5.1ntp-debugsource-4.2.8p11-64.5.1ntp-doc-4.2.8p11-64.5.1

146819 - SuSE SLES 11 SP4 SUSE-SU-2018:1760-1 Update Is Not Installed





SuSE SLES 11 SP4i586pam-modules-11-1.27.3.1

x86_64pam-modules-32bit-11-1.27.3.1pam-modules-11-1.27.3.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-13305, CVE-2017-17741, CVE-2017-18241, CVE-2017-18249, CVE-2018-1000199, CVE-2018-1065, CVE-2018-1092, CVE-2018-1093, CVE-2018-1094, CVE-2018-1130, CVE-2018-12233, CVE-2018-3639, CVE-2018-3665, CVE-2018-5803,CVE-2018-5848, CVE-2018-7492, CVE-2018-8781




SuSE SLES 12 SP3x86_64kernel-syms-rt-4.4.138-3.14.1kernel-rt-base-4.4.138-3.14.1kernel-rt_debug-debugsource-4.4.138-3.14.1kernel-rt-devel-4.4.138-3.14.1kernel-rt-4.4.138-3.14.1kernel-rt_debug-devel-debuginfo-4.4.138-3.14.1dlm-kmp-rt-debuginfo-4.4.138-3.14.1kernel-rt-base-debuginfo-4.4.138-3.14.1cluster-md-kmp-rt-4.4.138-3.14.1kernel-rt-debuginfo-4.4.138-3.14.1kernel-rt-debugsource-4.4.138-3.14.1dlm-kmp-rt-4.4.138-3.14.1cluster-md-kmp-rt-debuginfo-4.4.138-3.14.1ocfs2-kmp-rt-debuginfo-4.4.138-3.14.1kernel-rt_debug-debuginfo-4.4.138-3.14.1gfs2-kmp-rt-debuginfo-4.4.138-3.14.1ocfs2-kmp-rt-4.4.138-3.14.1gfs2-kmp-rt-4.4.138-3.14.1kernel-rt_debug-devel-4.4.138-3.14.1

noarchkernel-devel-rt-4.4.138-3.14.1kernel-source-rt-4.4.138-3.14.1



DescriptionThe scan detected that the host is missing the following update:

SUSE-SU-2018:1783-1



SuSE SLED 12 SP3x86_64MozillaFirefox-debuginfo-52.8.1esr-109.34.1MozillaFirefox-52.8.1esr-109.34.1MozillaFirefox-translations-52.8.1esr-109.34.1MozillaFirefox-debugsource-52.8.1esr-109.34.1

SuSE SLES 12 SP3x86_64MozillaFirefox-debuginfo-52.8.1esr-109.34.1MozillaFirefox-52.8.1esr-109.34.1MozillaFirefox-translations-52.8.1esr-109.34.1MozillaFirefox-debugsource-52.8.1esr-109.34.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-11218, CVE-2018-11219




SuSE Linux 15.0x86_64redis-debugsource-4.0.10-lp150.3.3.1redis-4.0.10-lp150.3.3.1redis-debuginfo-4.0.10-lp150.3.3.1

SuSE Linux 42.3x86_64redis-4.0.10-17.1redis-debugsource-4.0.10-17.1redis-debuginfo-4.0.10-17.1

i586redis-4.0.10-17.1redis-debugsource-4.0.10-17.1redis-debuginfo-4.0.10-17.1






SuSE Linux 15.0noarchpython3-matrix-synapse-0.28.1-lp150.2.4.1python2-matrix-synapse-0.28.1-lp150.2.4.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2017-13305, CVE-2017-17741, CVE-2017-18241, CVE-2017-18249, CVE-2018-1092, CVE-2018-1093, CVE-2018-1094, CVE-2018-12233, CVE-2018-3639, CVE-2018-3665, CVE-2018-5848




SuSE Linux 42.3x86_64kernel-debug-debuginfo-4.4.138-59.1kselftests-kmp-debug-4.4.138-59.1kernel-obs-build-4.4.138-59.1kernel-vanilla-base-4.4.138-59.1kernel-default-4.4.138-59.1kernel-debug-devel-4.4.138-59.1kselftests-kmp-default-debuginfo-4.4.138-59.1kernel-debug-debugsource-4.4.138-59.1kernel-vanilla-base-debuginfo-4.4.138-59.1kernel-syms-4.4.138-59.1kernel-debug-base-4.4.138-59.1kselftests-kmp-vanilla-debuginfo-4.4.138-59.1kernel-debug-base-debuginfo-4.4.138-59.1kernel-default-debuginfo-4.4.138-59.1kernel-vanilla-devel-4.4.138-59.1kernel-obs-qa-4.4.138-59.1kernel-vanilla-debugsource-4.4.138-59.1kselftests-kmp-default-4.4.138-59.1

kernel-vanilla-debuginfo-4.4.138-59.1kernel-vanilla-4.4.138-59.1kernel-default-devel-4.4.138-59.1kernel-debug-devel-debuginfo-4.4.138-59.1kernel-debug-4.4.138-59.1kernel-default-base-4.4.138-59.1kselftests-kmp-vanilla-4.4.138-59.1kernel-default-debugsource-4.4.138-59.1kernel-obs-build-debugsource-4.4.138-59.1kselftests-kmp-debug-debuginfo-4.4.138-59.1kernel-default-base-debuginfo-4.4.138-59.1

noarchkernel-source-vanilla-4.4.138-59.1kernel-source-4.4.138-59.1kernel-devel-4.4.138-59.1kernel-macros-4.4.138-59.1kernel-docs-pdf-4.4.138-59.1kernel-docs-4.4.138-59.1kernel-docs-html-4.4.138-59.1

160427 - CentOS 7 CESA-2018-1957 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and HotfixesRisk Level: HighCVE: CVE-2018-11235

DescriptionThe scan detected that the host is missing the following update:CESA-2018-1957


http://lists.centos.org/pipermail/centos-announce/2018-June/022924.html

CentOS 7x86_64git-daemon-1.8.3.1-14.el7_5git-svn-1.8.3.1-14.el7_5git-1.8.3.1-14.el7_5

noarchgit-hg-1.8.3.1-14.el7_5gitweb-1.8.3.1-14.el7_5emacs-git-el-1.8.3.1-14.el7_5perl-Git-SVN-1.8.3.1-14.el7_5git-p4-1.8.3.1-14.el7_5gitk-1.8.3.1-14.el7_5git-cvs-1.8.3.1-14.el7_5perl-Git-1.8.3.1-14.el7_5git-email-1.8.3.1-14.el7_5git-bzr-1.8.3.1-14.el7_5git-all-1.8.3.1-14.el7_5git-gui-1.8.3.1-14.el7_5emacs-git-1.8.3.1-14.el7_5


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2014-10072, CVE-2017-18206, CVE-2018-1083, CVE-2018-1100




OEL6x86_64zsh-html-4.3.11-8.el6zsh-4.3.11-8.el6

i386zsh-html-4.3.11-8.el6zsh-4.3.11-8.el6


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2017-15670, CVE-2017-15804




OEL6x86_64glibc-headers-2.12-1.212.0.1.el6glibc-static-2.12-1.212.0.1.el6glibc-devel-2.12-1.212.0.1.el6nscd-2.12-1.212.0.1.el6glibc-common-2.12-1.212.0.1.el6glibc-utils-2.12-1.212.0.1.el6glibc-2.12-1.212.0.1.el6

i386glibc-headers-2.12-1.212.0.1.el6glibc-static-2.12-1.212.0.1.el6glibc-devel-2.12-1.212.0.1.el6nscd-2.12-1.212.0.1.el6

glibc-common-2.12-1.212.0.1.el6glibc-utils-2.12-1.212.0.1.el6glibc-2.12-1.212.0.1.el6

175405 - Scientific Linux Security ERRATA Important: libvirt on SL7.x x86_64 (1806-4588)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2018-3639

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: libvirt on SL7.x x86_64 (1806-4588)


https://listserv.fnal.gov/scripts/wa.exe?A2=ind1806&L=scientific-linux-errata&F=&S=&P=4588

SL7x86_64libvirt-docs-3.9.0-14.el7_5.6libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6libvirt-nss-3.9.0-14.el7_5.6libvirt-lock-sanlock-3.9.0-14.el7_5.6libvirt-client-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6libvirt-libs-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6libvirt-daemon-config-network-3.9.0-14.el7_5.6libvirt-daemon-3.9.0-14.el7_5.6libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6libvirt-debuginfo-3.9.0-14.el7_5.6libvirt-daemon-driver-network-3.9.0-14.el7_5.6libvirt-admin-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6libvirt-daemon-driver-secret-3.9.0-14.el7_5.6libvirt-3.9.0-14.el7_5.6libvirt-daemon-kvm-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6libvirt-login-shell-3.9.0-14.el7_5.6libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6libvirt-devel-3.9.0-14.el7_5.6libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6libvirt-daemon-lxc-3.9.0-14.el7_5.6libvirt-daemon-driver-interface-3.9.0-14.el7_5.6

175406 - Scientific Linux Security ERRATA Important: git on SL7.x x86_64 (1806-4272)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixes

Risk Level: HighCVE: CVE-2018-11235

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: git on SL7.x x86_64 (1806-4272)



SL7x86_64git-daemon-1.8.3.1-14.el7_5git-debuginfo-1.8.3.1-14.el7_5git-1.8.3.1-14.el7_5git-svn-1.8.3.1-14.el7_5


175407 - Scientific Linux Security ERRATA Important: qemu-kvm on SL7.x x86_64 (1806-5623)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: HighCVE: CVE-2018-3639

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: qemu-kvm on SL7.x x86_64 (1806-5623)



SL7x86_64qemu-kvm-tools-1.5.3-156.el7_5.3qemu-kvm-common-1.5.3-156.el7_5.3qemu-img-1.5.3-156.el7_5.3qemu-kvm-debuginfo-1.5.3-156.el7_5.3

qemu-kvm-1.5.3-156.el7_5.3

182721 - FreeBSD GraphicsMagick Multiple Vulnerabilities (25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2016-7800, CVE-2016-7996, CVE-2016-7997, CVE-2016-9830, CVE-2017-10794, CVE-2017-10799, CVE-2017-10800,CVE-2017-6335, CVE-2017-8350

DescriptionThe scan detected that the host is missing the following update:GraphicsMagick -- multiple vulnerabilities (25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba)


http://www.vuxml.org/freebsd/25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba.html

Affected packages: GraphicsMagick < 1.3.26,1

193841 - Fedora Linux 28 FEDORA-2018-5bd16d6143 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2015-8981, CVE-2017-5852, CVE-2017-5853, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886, CVE-2017-6840,CVE-2017-6842, CVE-2017-6843, CVE-2017-6844, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7380, CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-7994, CVE-2017-8053, CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5296, CVE-2018-5308, CVE-2018-8000

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-5bd16d6143



Fedora Core 28

podofo-0.9.5-9.fc28

193849 - Fedora Linux 28 FEDORA-2018-7c2e288c5f Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-11546, CVE-2017-11547, CVE-2017-11549

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-7c2e288c5f



Fedora Core 28

timidity++-2.14.0-16.fc28

193850 - Fedora Linux 27 FEDORA-2018-2807317e7a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-5852, CVE-2017-5853, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886, CVE-2017-6840, CVE-2017-6842,CVE-2017-6843, CVE-2017-6844, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7380, CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-7994, CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308, CVE-2018-8000

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-2807317e7a



Fedora Core 27

mingw-podofo-0.9.5-6.fc27

193851 - Fedora Linux 27 FEDORA-2018-303a46d436 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-11546, CVE-2017-11547, CVE-2017-11549

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-303a46d436



Fedora Core 27

timidity++-2.14.0-16.fc27

193854 - Fedora Linux 28 FEDORA-2018-578fa05659 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-5852, CVE-2017-5853, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886, CVE-2017-6840, CVE-2017-6842,CVE-2017-6843, CVE-2017-6844, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7380, CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-7994, CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308, CVE-2018-8000

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-578fa05659



Fedora Core 28

mingw-podofo-0.9.5-6.fc28

193856 - Fedora Linux 27 FEDORA-2018-c449dc1c9c Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2017-1000405, CVE-2017-12193, CVE-2017-15115, CVE-2017-16532, CVE-2017-16538, CVE-2017-16644, CVE-2017-16647, CVE-2017-16649, CVE-2017-16650, CVE-2017-17448, CVE-2017-17449, CVE-2017-17450, CVE-2017-17558, CVE-2017-17712, CVE-2017-17741, CVE-2017-17852, CVE-2017-17853, CVE-2017-17854, CVE-2017-17855, CVE-2017-17856, CVE-2017-17857, CVE-2017-17862, CVE-2017-17863, CVE-2017-17864, CVE-2017-18232, CVE-2017-8824, CVE-2018-1000004,CVE-2018-1000026, CVE-2018-10021, CVE-2018-10322, CVE-2018-10323, CVE-2018-1065, CVE-2018-10840, CVE-2018-10853, CVE-2018-1108, CVE-2018-1120, CVE-2018-11506, CVE-2018-12232, CVE-2018-3639, CVE-2018-5332, CVE-2018-5333, CVE-2018-5344, CVE-2018-5750, CVE-2018-5803, CVE-2018-7757, CVE-2018-7995, CVE-2018-8043

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-c449dc1c9c



Fedora Core 27

kernel-4.16.16-200.fc27

193858 - Fedora Linux 27 FEDORA-2018-2f3c0cdf93 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2015-8981, CVE-2017-5852, CVE-2017-5853, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886, CVE-2017-6840,CVE-2017-6842, CVE-2017-6843, CVE-2017-6844, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7380, CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-7994, CVE-2017-8053, CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5296, CVE-2018-5308, CVE-2018-8000

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-2f3c0cdf93



Fedora Core 27

podofo-0.9.5-9.fc27

193861 - Fedora Linux 28 FEDORA-2018-cc86e5bc77 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2016-10092, CVE-2016-10093, CVE-2016-10094, CVE-2016-10095, CVE-2017-5225, CVE-2017-5563

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-cc86e5bc77



Fedora Core 28

mingw-libtiff-4.0.9-1.fc28

196022 - Red Hat Enterprise Linux RHSA-2018-2001 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-3639

DescriptionThe scan detected that the host is missing the following update:RHSA-2018-2001


http://www.redhat.com/archives/rhsa-announce/2018-June/msg00039.html

RHEL7Dx86_64qemu-kvm-tools-1.5.3-156.el7_5.3qemu-kvm-common-1.5.3-156.el7_5.3

qemu-img-1.5.3-156.el7_5.3qemu-kvm-debuginfo-1.5.3-156.el7_5.3qemu-kvm-1.5.3-156.el7_5.3

RHEL7Sx86_64qemu-kvm-tools-1.5.3-156.el7_5.3qemu-kvm-common-1.5.3-156.el7_5.3qemu-img-1.5.3-156.el7_5.3qemu-kvm-debuginfo-1.5.3-156.el7_5.3qemu-kvm-1.5.3-156.el7_5.3

RHEL7WSx86_64qemu-kvm-tools-1.5.3-156.el7_5.3qemu-kvm-common-1.5.3-156.el7_5.3qemu-img-1.5.3-156.el7_5.3qemu-kvm-debuginfo-1.5.3-156.el7_5.3qemu-kvm-1.5.3-156.el7_5.3






RHEL7Dx86_64git-daemon-1.8.3.1-14.el7_5git-debuginfo-1.8.3.1-14.el7_5git-1.8.3.1-14.el7_5git-svn-1.8.3.1-14.el7_5


RHEL7Snoarchgit-hg-1.8.3.1-14.el7_5gitk-1.8.3.1-14.el7_5emacs-git-el-1.8.3.1-14.el7_5perl-Git-SVN-1.8.3.1-14.el7_5git-p4-1.8.3.1-14.el7_5gitweb-1.8.3.1-14.el7_5git-cvs-1.8.3.1-14.el7_5perl-Git-1.8.3.1-14.el7_5git-email-1.8.3.1-14.el7_5git-bzr-1.8.3.1-14.el7_5git-all-1.8.3.1-14.el7_5git-gui-1.8.3.1-14.el7_5emacs-git-1.8.3.1-14.el7_5

x86_64git-daemon-1.8.3.1-14.el7_5git-debuginfo-1.8.3.1-14.el7_5git-1.8.3.1-14.el7_5git-svn-1.8.3.1-14.el7_5

RHEL7WSx86_64git-daemon-1.8.3.1-14.el7_5git-debuginfo-1.8.3.1-14.el7_5git-1.8.3.1-14.el7_5git-svn-1.8.3.1-14.el7_5

noarchgit-hg-1.8.3.1-14.el7_5gitk-1.8.3.1-14.el7_5emacs-git-el-1.8.3.1-14.el7_5perl-Git-SVN-1.8.3.1-14.el7_5git-p4-1.8.3.1-14.el7_5gitweb-1.8.3.1-14.el7_5git-cvs-1.8.3.1-14.el7_5perl-Git-1.8.3.1-14.el7_5git-email-1.8.3.1-14.el7_5git-bzr-1.8.3.1-14.el7_5git-all-1.8.3.1-14.el7_5git-gui-1.8.3.1-14.el7_5emacs-git-1.8.3.1-14.el7_5






RHEL7Dx86_64libvirt-docs-3.9.0-14.el7_5.6libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6libvirt-nss-3.9.0-14.el7_5.6libvirt-lock-sanlock-3.9.0-14.el7_5.6libvirt-client-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6libvirt-libs-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6libvirt-daemon-config-network-3.9.0-14.el7_5.6libvirt-daemon-3.9.0-14.el7_5.6libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6libvirt-debuginfo-3.9.0-14.el7_5.6libvirt-daemon-driver-network-3.9.0-14.el7_5.6libvirt-admin-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6libvirt-daemon-driver-secret-3.9.0-14.el7_5.6libvirt-3.9.0-14.el7_5.6libvirt-daemon-kvm-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6libvirt-login-shell-3.9.0-14.el7_5.6libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6libvirt-devel-3.9.0-14.el7_5.6libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6libvirt-daemon-lxc-3.9.0-14.el7_5.6libvirt-daemon-driver-interface-3.9.0-14.el7_5.6

RHEL7Sx86_64libvirt-docs-3.9.0-14.el7_5.6libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6libvirt-nss-3.9.0-14.el7_5.6libvirt-lock-sanlock-3.9.0-14.el7_5.6libvirt-client-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6libvirt-libs-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6libvirt-daemon-config-network-3.9.0-14.el7_5.6libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6libvirt-debuginfo-3.9.0-14.el7_5.6libvirt-daemon-driver-network-3.9.0-14.el7_5.6libvirt-admin-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6libvirt-daemon-driver-secret-3.9.0-14.el7_5.6libvirt-3.9.0-14.el7_5.6libvirt-daemon-kvm-3.9.0-14.el7_5.6

libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6libvirt-daemon-lxc-3.9.0-14.el7_5.6libvirt-login-shell-3.9.0-14.el7_5.6libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6libvirt-devel-3.9.0-14.el7_5.6libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6libvirt-daemon-3.9.0-14.el7_5.6libvirt-daemon-driver-interface-3.9.0-14.el7_5.6

RHEL7WSx86_64libvirt-docs-3.9.0-14.el7_5.6libvirt-daemon-config-nwfilter-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-disk-3.9.0-14.el7_5.6libvirt-daemon-driver-nwfilter-3.9.0-14.el7_5.6libvirt-nss-3.9.0-14.el7_5.6libvirt-lock-sanlock-3.9.0-14.el7_5.6libvirt-client-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-logical-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-iscsi-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-core-3.9.0-14.el7_5.6libvirt-libs-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-rbd-3.9.0-14.el7_5.6libvirt-daemon-config-network-3.9.0-14.el7_5.6libvirt-daemon-driver-nodedev-3.9.0-14.el7_5.6libvirt-debuginfo-3.9.0-14.el7_5.6libvirt-daemon-driver-network-3.9.0-14.el7_5.6libvirt-admin-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-mpath-3.9.0-14.el7_5.6libvirt-daemon-driver-secret-3.9.0-14.el7_5.6libvirt-3.9.0-14.el7_5.6libvirt-daemon-kvm-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-gluster-3.9.0-14.el7_5.6libvirt-daemon-lxc-3.9.0-14.el7_5.6libvirt-login-shell-3.9.0-14.el7_5.6libvirt-daemon-driver-lxc-3.9.0-14.el7_5.6libvirt-devel-3.9.0-14.el7_5.6libvirt-daemon-driver-qemu-3.9.0-14.el7_5.6libvirt-daemon-driver-storage-scsi-3.9.0-14.el7_5.6libvirt-daemon-3.9.0-14.el7_5.6libvirt-daemon-driver-interface-3.9.0-14.el7_5.6

23738 - (HT208854) Apple Safari Vulnerabilities Prior To 11.1.1

Category: SSH Module -> NonIntrusive -> Mac OS X Patches and HotfixesRisk Level: MediumCVE: CVE-2018-4188, CVE-2018-4190, CVE-2018-4192, CVE-2018-4199, CVE-2018-4201, CVE-2018-4205, CVE-2018-4214,CVE-2018-4218, CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246, CVE-2018-4247

DescriptionMultiple vulnerabilities are present in some versions of Apple Safari.

ObservationApple Safari is a popular web browser.

Multiple vulnerabilities are present in some versions of Apple Safari. The flaws lie in multiple components. Successful exploitation

could allow an attacker to obtain sensitive information, cause a denial of service condition, lead to remote code execution or address bar spoofing.

23754 - Joomla PHAR Files Upload Vulnerability (20180502)

Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: MediumCVE: CVE-2018-11322

DescriptionA vulnerability is present in some versions of Joomla!.

ObservationJoomla! is an open source content management system.

A vulnerability is present in some versions of Joomla!. The flaw is due to an inadequate management of PHAR files. Successful exploitation could allow an attacker to execute PHAR files as PHP scripts.

23756 - (K11464209) F5 BIG-IP IP Intelligence Feed List Vulnerability

Category: SSH Module -> NonIntrusive -> F5Risk Level: MediumCVE: CVE-2017-6143



A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in validation of X509 certificate by the IP Intelligence Subscription and IP Intelligence feed-list features. Successful exploitation could allow a remote attacker to obtain sensitive information.

23767 - (ESA-2017-122) EMC NetWorker Server service Buffer Overflow Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2017-8022

DescriptionA buffer-overflow vulnerability is present in some versions of EMC NetWorker.

ObservationEMC NetWorker is an enterprise backup and recovery solution.

A buffer-overflow vulnerability is present in some versions of EMC NetWorker. The flaw lies in the EMC NetWorker Server service. Successful exploitation could allow an attacker to remotely execute arbitrary code or cause a denial of service.

23776 - Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous

(CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2017-6669

DescriptionMultiple vulnerabilities are present in some versions of Cisco WebEx Network Recording Player for Advanced Recording Format.

ObservationCisco WebEx Network Recording Player for Advanced Recording Format is used to play WebEx sessions in ARF format.

Multiple vulnerabilities are present in some versions of Cisco WebEx Network Recording Player for Advanced Recording Format. The flaws lie in how Cisco WebEx Network Recording Player handles ARF files. Successful exploitation could allow a remote attacker to cause a denial of service or may allow the execution of arbitrary remote code.

23780 - LCDS LAquis SCADA Improper Exceptional Conditions Handling Vulnerability

Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-5463

DescriptionA vulnerability is present in some versions of LCDS LAquis SCADA.

ObservationLCDS LAquis SCADA is a supervisory control and data acquisition software.

A vulnerability is present in some versions of LCDS LAquis SCADA. The flaw is due to a bad handling of exceptional conditions. Successful exploitation could allow an attacker to execute arbitrary code on the target system.


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-2755, CVE-2018-2761, CVE-2018-2766, CVE-2018-2767, CVE-2018-2771, CVE-2018-2781, CVE-2018-2782,CVE-2018-2784, CVE-2018-2787, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819




SuSE Linux 42.3x86_64mariadb-errormessages-10.0.35-35.1mariadb-tools-debuginfo-10.0.35-35.1mariadb-client-debuginfo-10.0.35-35.1libmysqlclient-devel-10.0.35-35.1libmysqlclient_r18-32bit-10.0.35-35.1

mariadb-debugsource-10.0.35-35.1mariadb-bench-10.0.35-35.1mariadb-debuginfo-10.0.35-35.1libmysqlclient_r18-10.0.35-35.1libmysqlclient18-debuginfo-10.0.35-35.1mariadb-test-debuginfo-10.0.35-35.1mariadb-bench-debuginfo-10.0.35-35.1libmysqld18-10.0.35-35.1libmysqlclient18-10.0.35-35.1mariadb-test-10.0.35-35.1libmysqld-devel-10.0.35-35.1libmysqld18-debuginfo-10.0.35-35.1mariadb-tools-10.0.35-35.1mariadb-client-10.0.35-35.1libmysqlclient18-debuginfo-32bit-10.0.35-35.1libmysqlclient18-32bit-10.0.35-35.1mariadb-10.0.35-35.1

i586mariadb-errormessages-10.0.35-35.1mariadb-tools-debuginfo-10.0.35-35.1mariadb-client-debuginfo-10.0.35-35.1libmysqlclient-devel-10.0.35-35.1mariadb-debugsource-10.0.35-35.1mariadb-bench-10.0.35-35.1mariadb-debuginfo-10.0.35-35.1libmysqlclient_r18-10.0.35-35.1libmysqlclient18-debuginfo-10.0.35-35.1mariadb-test-debuginfo-10.0.35-35.1mariadb-bench-debuginfo-10.0.35-35.1libmysqld18-10.0.35-35.1libmysqlclient18-10.0.35-35.1mariadb-test-10.0.35-35.1libmysqld-devel-10.0.35-35.1libmysqld18-debuginfo-10.0.35-35.1mariadb-tools-10.0.35-35.1mariadb-client-10.0.35-35.1mariadb-10.0.35-35.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1417, CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797,CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814




SuSE SLES 12 SP3x86_64

java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23.1java-1_7_1-ibm-1.7.1_sr4.25-38.23.1java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23.1java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2018-2755, CVE-2018-2761, CVE-2018-2766, CVE-2018-2767, CVE-2018-2771, CVE-2018-2781, CVE-2018-2782,CVE-2018-2784, CVE-2018-2787, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819




SuSE SLED 12 SP3x86_64mariadb-client-debuginfo-10.0.35-29.20.3libmysqlclient18-debuginfo-10.0.35-29.20.3libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3libmysqlclient_r18-10.0.35-29.20.3mariadb-client-10.0.35-29.20.3mariadb-debugsource-10.0.35-29.20.3mariadb-errormessages-10.0.35-29.20.3libmysqlclient18-32bit-10.0.35-29.20.3mariadb-debuginfo-10.0.35-29.20.3libmysqlclient18-10.0.35-29.20.3libmysqlclient_r18-32bit-10.0.35-29.20.3mariadb-10.0.35-29.20.3

SuSE SLES 12 SP3x86_64mariadb-client-debuginfo-10.0.35-29.20.3mariadb-10.0.35-29.20.3libmysqlclient18-debuginfo-32bit-10.0.35-29.20.3mariadb-tools-10.0.35-29.20.3mariadb-client-10.0.35-29.20.3mariadb-debugsource-10.0.35-29.20.3libmysqlclient18-32bit-10.0.35-29.20.3libmysqlclient18-10.0.35-29.20.3libmysqlclient18-debuginfo-10.0.35-29.20.3mariadb-debuginfo-10.0.35-29.20.3mariadb-tools-debuginfo-10.0.35-29.20.3mariadb-errormessages-10.0.35-29.20.3

175403 - Scientific Linux Security ERRATA Important: kernel on SL7.x x86_64 (1806-5272)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: MediumCVE: CVE-2017-11600, CVE-2018-3639

DescriptionThe scan detected that the host is missing the following update:Security ERRATA Important: kernel on SL7.x x86_64 (1806-5272)



SL7x86_64kernel-headers-3.10.0-862.6.3.el7kernel-tools-libs-devel-3.10.0-862.6.3.el7python-perf-3.10.0-862.6.3.el7kernel-debug-3.10.0-862.6.3.el7perf-debuginfo-3.10.0-862.6.3.el7kernel-debug-devel-3.10.0-862.6.3.el7kernel-debuginfo-3.10.0-862.6.3.el7kernel-tools-debuginfo-3.10.0-862.6.3.el7kernel-tools-libs-3.10.0-862.6.3.el7python-perf-debuginfo-3.10.0-862.6.3.el7kernel-debug-debuginfo-3.10.0-862.6.3.el7kernel-3.10.0-862.6.3.el7kernel-devel-3.10.0-862.6.3.el7kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7kernel-tools-3.10.0-862.6.3.el7perf-3.10.0-862.6.3.el7

noarchkernel-abi-whitelists-3.10.0-862.6.3.el7kernel-doc-3.10.0-862.6.3.el7

193860 - Fedora Linux 27 FEDORA-2018-320cb9d7fb Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1000400

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-320cb9d7fb



Fedora Core 27

cri-o-1.10.3-1.gite558bd5.fc27

193869 - Fedora Linux 27 FEDORA-2018-86026275ea Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes

Risk Level: MediumCVE: CVE-2018-2755, CVE-2018-2759, CVE-2018-2761, CVE-2018-2766, CVE-2018-2771, CVE-2018-2773, CVE-2018-2777,CVE-2018-2781, CVE-2018-2782, CVE-2018-2784, CVE-2018-2786, CVE-2018-2787, CVE-2018-2810, CVE-2018-2813, CVE-2018-2817, CVE-2018-2818, CVE-2018-2819

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-86026275ea



Fedora Core 27

mariadb-10.2.15-2.fc27

193872 - Fedora Linux 28 FEDORA-2018-0c9ce03fce Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-0c9ce03fce



Fedora Core 28

cri-o-1.10.3-1.gite558bd5.fc28


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-11600, CVE-2018-3639




RHEL7Dx86_64kernel-headers-3.10.0-862.6.3.el7kernel-tools-libs-devel-3.10.0-862.6.3.el7python-perf-3.10.0-862.6.3.el7kernel-debug-3.10.0-862.6.3.el7perf-debuginfo-3.10.0-862.6.3.el7kernel-debug-devel-3.10.0-862.6.3.el7kernel-debuginfo-3.10.0-862.6.3.el7kernel-tools-debuginfo-3.10.0-862.6.3.el7kernel-tools-libs-3.10.0-862.6.3.el7python-perf-debuginfo-3.10.0-862.6.3.el7kernel-debug-debuginfo-3.10.0-862.6.3.el7kernel-3.10.0-862.6.3.el7kernel-devel-3.10.0-862.6.3.el7kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7kernel-tools-3.10.0-862.6.3.el7perf-3.10.0-862.6.3.el7


RHEL7Snoarchkernel-abi-whitelists-3.10.0-862.6.3.el7kernel-doc-3.10.0-862.6.3.el7

x86_64kernel-headers-3.10.0-862.6.3.el7kernel-tools-libs-devel-3.10.0-862.6.3.el7python-perf-3.10.0-862.6.3.el7kernel-debug-3.10.0-862.6.3.el7perf-debuginfo-3.10.0-862.6.3.el7kernel-debug-devel-3.10.0-862.6.3.el7kernel-debuginfo-3.10.0-862.6.3.el7kernel-tools-debuginfo-3.10.0-862.6.3.el7kernel-tools-libs-3.10.0-862.6.3.el7python-perf-debuginfo-3.10.0-862.6.3.el7kernel-debug-debuginfo-3.10.0-862.6.3.el7kernel-3.10.0-862.6.3.el7kernel-devel-3.10.0-862.6.3.el7kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7kernel-tools-3.10.0-862.6.3.el7perf-3.10.0-862.6.3.el7

RHEL7WSx86_64kernel-headers-3.10.0-862.6.3.el7kernel-tools-libs-devel-3.10.0-862.6.3.el7python-perf-3.10.0-862.6.3.el7kernel-debug-3.10.0-862.6.3.el7perf-debuginfo-3.10.0-862.6.3.el7kernel-debug-devel-3.10.0-862.6.3.el7kernel-debuginfo-3.10.0-862.6.3.el7kernel-tools-debuginfo-3.10.0-862.6.3.el7kernel-tools-libs-3.10.0-862.6.3.el7python-perf-debuginfo-3.10.0-862.6.3.el7kernel-debug-debuginfo-3.10.0-862.6.3.el7

kernel-3.10.0-862.6.3.el7kernel-devel-3.10.0-862.6.3.el7kernel-debuginfo-common-x86_64-3.10.0-862.6.3.el7kernel-tools-3.10.0-862.6.3.el7perf-3.10.0-862.6.3.el7


23739 - (HT208848) Apple iOS Multiple Vulnerabilities Prior To 11.4

Category: Wireless Assessment -> NonIntrusive -> iOSRisk Level: MediumCVE: CVE-2018-4100, CVE-2018-4188, CVE-2018-4190, CVE-2018-4192, CVE-2018-4194, CVE-2018-4198, CVE-2018-4199,CVE-2018-4201, CVE-2018-4202, CVE-2018-4204, CVE-2018-4211, CVE-2018-4214, CVE-2018-4215, CVE-2018-4218, CVE-2018-4221, CVE-2018-4222, CVE-2018-4223, CVE-2018-4224, CVE-2018-4225, CVE-2018-4226, CVE-2018-4227, CVE-2018-4232, CVE-2018-4233, CVE-2018-4235, CVE-2018-4237, CVE-2018-4238, CVE-2018-4239, CVE-2018-4240, CVE-2018-4241,CVE-2018-4243, CVE-2018-4244, CVE-2018-4246, CVE-2018-4247, CVE-2018-4249, CVE-2018-4250, CVE-2018-4252

DescriptionMultiple vulnerabilities are present in some versions of Apple iOS.

ObservationApple iOS is the operating system used by Apple iPhone, iPad and iPod touch.

Multiple vulnerabilities are present in some versions of Apple iOS. The flaws lie in many components. Successful exploitation could allow an attacker to cause remote code execution, privilege escalation, disclosure of information and denial of service condition on the target.

23757 - IBM AIX Java Multiple Vulnerabilities (java_apr2018_advisory)

Category: SSH Module -> NonIntrusive -> AIX Patches and HotfixesRisk Level: MediumCVE: CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798,CVE-2018-2799, CVE-2018-2800

DescriptionMultiple vulnerabilities are present in some versions of IBM AIX.

ObservationIBM AIX is a Unix-like operating system.

Multiple vulnerabilities are present in some versions of IBM AIX. The flaws lie in Java SDK component. Successful exploitation could allow an attacker to affect confidentiality, integrity and availability of the target system.

23759 - Cisco WebEx Recording Format Player Information Disclosure Vulnerability


Description

An information disclosure vulnerability is present in some versions of Cisco WebEx WRF Player.

ObservationCisco WebEx WRF Player is used to play WebEx sessions in WRF format.

An information disclosure vulnerability is present in some versions of Cisco WebEx WRF Player. The flaw lies in how Cisco WebEx Player handles WRF files. Successful exploitation could allow a remote attacker to obtain sensitive information.

23763 - (K55225440) F5 BIG-IP BIG-IP SOCKS proxy Vulnerability




A vulnerability is present in some versions of F5 BIG-IP products. The flaw occurs when SOCKS profiles are configured on virtual servers. Successful exploitation could allow an attacker to cause a denial of service attack on the target system.

23765 - Moxa Mxview Information Exposure Vulnerability (ICSA-18-095-02)

Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-7506

DescriptionA vulnerability is present in some versions of Moxa Mxview.

ObservationMoxa MXview is a network management software for Moxa network devices.

A vulnerability is present in some versions of Moxa Mxview. The private key of the web server can be accessed via a HTTP GET request. Successful exploitation could allow an attacker to retrieve sensitive information.

23769 - (K52521791) F5 BIG-IP vCMP Cavium Nitrox SSL Hardware Accelerator Vulnerability




A vulnerability is present in some versions of F5 BIG-IP products. The flaw lies in vCMP guest with Cavium Nitrox SSL hardware accelerator. Successful exploitation could allow an attacker to cause a denial of service condition on the target system.

23770 - (K65355492) F5 BIG-IP Apache Vulnerability




A vulnerability is present in some versions of F5's BIG-IP products. The flaw lies in the Apache HTTPD (Configuration utility, iControl) component. Successful exploitation could allow an attacker to disclose sensitive information.

23773 - Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability (cisco-sa-20180620-anyconnect-dos)


DescriptionA vulnerability is present in some versions of Cisco AnyConnect Secure Mobility Client.

ObservationCisco AnyConnect Secure Mobility Client is a VPN client software.

A vulnerability is present in some versions of Cisco AnyConnect Secure Mobility Client. The flaw is due to improper validation of user-supplied data. Successful exploitation could allow an attacker to cause a denial of service condition.


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2016-7837, CVE-2016-9800, CVE-2016-9804, CVE-2017-1000250




SuSE SLED 12 SP3x86_64bluez-debuginfo-5.13-5.4.1bluez-cups-5.13-5.4.1bluez-debugsource-5.13-5.4.1bluez-5.13-5.4.1

libbluetooth3-debuginfo-5.13-5.4.1libbluetooth3-5.13-5.4.1bluez-cups-debuginfo-5.13-5.4.1

SuSE SLES 12 SP3x86_64bluez-debuginfo-5.13-5.4.1bluez-5.13-5.4.1libbluetooth3-5.13-5.4.1bluez-debugsource-5.13-5.4.1libbluetooth3-debuginfo-5.13-5.4.1


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2017-12173




OEL6x86_64libcollection-devel-0.6.2-13.el6python-sss-1.13.3-60.0.1.el6libsss_nss_idmap-1.13.3-60.0.1.el6libdhash-devel-0.4.3-13.el6libsss_nss_idmap-devel-1.13.3-60.0.1.el6python-libsss_nss_idmap-1.13.3-60.0.1.el6libipa_hbac-devel-1.13.3-60.0.1.el6sssd-tools-1.13.3-60.0.1.el6libsss_idmap-devel-1.13.3-60.0.1.el6libsss_simpleifp-devel-1.13.3-60.0.1.el6libini_config-devel-1.1.0-13.el6libsss_simpleifp-1.13.3-60.0.1.el6libpath_utils-devel-0.2.1-13.el6libref_array-devel-0.1.4-13.el6libbasicobjects-devel-0.1.1-13.el6

i386sssd-common-pac-1.13.3-60.0.1.el6python-sss-1.13.3-60.0.1.el6libsss_idmap-1.13.3-60.0.1.0.1.el6libcollection-0.6.2-13.el6libbasicobjects-0.1.1-13.el6libdhash-0.4.3-13.el6sssd-1.13.3-60.0.1.el6sssd-ipa-1.13.3-60.0.1.el6sssd-dbus-1.13.3-60.0.1.el6libpath_utils-0.2.1-13.el6sssd-common-1.13.3-60.0.1.el6

libref_array-0.1.4-13.el6python-libipa_hbac-1.13.3-60.0.1.el6sssd-ldap-1.13.3-60.0.1.el6python-sss-murmur-1.13.3-60.0.1.el6sssd-client-1.13.3-60.0.1.el6sssd-krb5-1.13.3-60.0.1.el6libini_config-1.1.0-13.el6sssd-krb5-common-1.13.3-60.0.1.el6libipa_hbac-1.13.3-60.0.1.0.1.el6python-sssdconfig-1.13.3-60.0.1.el6sssd-proxy-1.13.3-60.0.1.el6sssd-ad-1.13.3-60.0.1.el6


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1123, CVE-2018-11235




OEL7x86_64git-hg-1.8.3.1-14.el7_5git-daemon-1.8.3.1-14.el7_5gitk-1.8.3.1-14.el7_5emacs-git-el-1.8.3.1-14.el7_5git-1.8.3.1-14.el7_5git-p4-1.8.3.1-14.el7_5git-svn-1.8.3.1-14.el7_5gitweb-1.8.3.1-14.el7_5git-cvs-1.8.3.1-14.el7_5perl-Git-1.8.3.1-14.el7_5git-email-1.8.3.1-14.el7_5git-bzr-1.8.3.1-14.el7_5git-all-1.8.3.1-14.el7_5perl-Git-SVN-1.8.3.1-14.el7_5git-gui-1.8.3.1-14.el7_5emacs-git-1.8.3.1-14.el7_5

175404 - Scientific Linux Security ERRATA Moderate: pki-core on SL7.x x86_64 (1806-4923)

Category: SSH Module -> NonIntrusive -> Scientific Linux Patches and HotFixesRisk Level: MediumCVE: CVE-2018-1080

DescriptionThe scan detected that the host is missing the following update:

Security ERRATA Moderate: pki-core on SL7.x x86_64 (1806-4923)



SL7x86_64pki-tools-10.5.1-13.1.el7_5pki-symkey-10.5.1-13.1.el7_5pki-core-debuginfo-10.5.1-13.1.el7_5

noarchpki-javadoc-10.5.1-13.1.el7_5pki-base-java-10.5.1-13.1.el7_5pki-server-10.5.1-13.1.el7_5pki-ca-10.5.1-13.1.el7_5pki-base-10.5.1-13.1.el7_5pki-kra-10.5.1-13.1.el7_5

178647 - Gentoo Linux GLSA-201806-08 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:GLSA-201806-08


https://security.gentoo.org/glsa/201806-08

Affected packages: sys-apps/file < 5.33-r2

178648 - Gentoo Linux GLSA-201806-09 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:GLSA-201806-09


https://security.gentoo.org/glsa/201806-09

Affected packages: net-analyzer/pnp4nagios < 0.6.26-r9

182722 - FreeBSD Gitlab Multiple Vulnerabilities (b950a83b-789e-11e8-8545-d8cb8abf62dd)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: MediumCVE: CVE-2018-12605, CVE-2018-12606, CVE-2018-12607, CVE-2018-3740

DescriptionThe scan detected that the host is missing the following update:Gitlab -- multiple vulnerabilities (b950a83b-789e-11e8-8545-d8cb8abf62dd)


http://www.vuxml.org/freebsd/b950a83b-789e-11e8-8545-d8cb8abf62dd.html

Affected packages: 11.0.0 <= gitlab < 11.0.110.8.0 <= gitlab < 10.8.54.1 <= gitlab < 10.7.6

186275 - Ubuntu Linux 14.04 USN-3691-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799,CVE-2018-2800, CVE-2018-2814, CVE-2018-2815

DescriptionThe scan detected that the host is missing the following update:USN-3691-1


https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-June/004458.html

Ubuntu 14.04

openjdk-7-jre-lib_7u181-2.6.14-0ubuntu0.1openjdk-7-jre-headless_7u181-2.6.14-0ubuntu0.1openjdk-7-jre-zero_7u181-2.6.14-0ubuntu0.1icedtea-7-jre-jamvm_7u181-2.6.14-0ubuntu0.1openjdk-7-jre_7u181-2.6.14-0ubuntu0.1

193864 - Fedora Linux 27 FEDORA-2018-de5457b0a2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: Medium

CVE: CVE-2018-11396, CVE-2018-12016

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-de5457b0a2



Fedora Core 27

epiphany-3.26.7-1.fc27


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798,CVE-2018-2799, CVE-2018-2800




RHEL6x86_64java-1.7.1-ibm-1.7.1.4.25-1jpp.3.el6java-1.7.1-ibm-devel-1.7.1.4.25-1jpp.3.el6


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1080




RHEL7D

x86_64pki-tools-10.5.1-13.1.el7_5pki-symkey-10.5.1-13.1.el7_5pki-core-debuginfo-10.5.1-13.1.el7_5

noarchpki-javadoc-10.5.1-13.1.el7_5pki-base-java-10.5.1-13.1.el7_5pki-server-10.5.1-13.1.el7_5pki-ca-10.5.1-13.1.el7_5pki-base-10.5.1-13.1.el7_5pki-kra-10.5.1-13.1.el7_5

RHEL7Snoarchpki-ca-10.5.1-13.1.el7_5pki-kra-10.5.1-13.1.el7_5pki-base-java-10.5.1-13.1.el7_5pki-server-10.5.1-13.1.el7_5pki-javadoc-10.5.1-13.1.el7_5pki-base-10.5.1-13.1.el7_5

x86_64pki-tools-10.5.1-13.1.el7_5pki-symkey-10.5.1-13.1.el7_5pki-core-debuginfo-10.5.1-13.1.el7_5

RHEL7WSx86_64pki-tools-10.5.1-13.1.el7_5pki-symkey-10.5.1-13.1.el7_5pki-core-debuginfo-10.5.1-13.1.el7_5

noarchpki-ca-10.5.1-13.1.el7_5pki-kra-10.5.1-13.1.el7_5pki-base-java-10.5.1-13.1.el7_5pki-server-10.5.1-13.1.el7_5pki-javadoc-10.5.1-13.1.el7_5pki-base-10.5.1-13.1.el7_5

23761 - Cisco AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability


DescriptionA vulnerability is present in some versions of Cisco AnyConnect Secure Mobility Client.

ObservationCisco AnyConnect Secure Mobility Client is a VPN client software.

A vulnerability is present in some versions of Cisco AnyConnect Secure Mobility Client. The flaw lies in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication module. Successful exploitation could allow an attacker to hijack a valid authentication token and use that to establish an authenticated AnyConnect session.

23762 - IBM Tivoli Storage Manager FastBack Java Runtime Vulnerability (swg22016679)


DescriptionA vulnerability is present in some versions of IBM Tivoli Storage Manager FastBack.

ObservationIBM Tivoli Storage Manager FastBack is a data protection and recovery software.

A vulnerability is present in some versions of IBM Tivoli Storage Manager FastBack. The flaw lies in the JRE component. Successful exploitation could allow an attacker to obtain sensitive information, cause a denial of service condition or execute arbitrary code on the target system.


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2015-4000




SuSE SLES 11 SP4i586nagios-nrpe-2.12-24.4.10.3.3nagios-nrpe-doc-2.12-24.4.10.3.3nagios-plugins-nrpe-2.12-24.4.10.3.3

x86_64nagios-nrpe-2.12-24.4.10.3.3nagios-nrpe-doc-2.12-24.4.10.3.3nagios-plugins-nrpe-2.12-24.4.10.3.3






SuSE SLES 11 SP4i586iscsitarget-kmp-pae-1.4.20_3.0.101_108.52-0.43.2.1iscsitarget-1.4.20-0.43.2.1iscsitarget-kmp-default-1.4.20_3.0.101_108.52-0.43.2.1ofed-kmp-default-1.5.4.1_3.0.101_108.52-22.3.1ofed-kmp-trace-1.5.4.1_3.0.101_108.52-22.3.1ofed-kmp-pae-1.5.4.1_3.0.101_108.52-22.3.1ofed-1.5.4.1-22.3.1ofed-doc-1.5.4.1-22.3.1iscsitarget-kmp-trace-1.4.20_3.0.101_108.52-0.43.2.1iscsitarget-kmp-xen-1.4.20_3.0.101_108.52-0.43.2.1

x86_64iscsitarget-1.4.20-0.43.2.1ofed-kmp-rt-1.5.4.1_3.0.101_rt130_69.24-22.3.1iscsitarget-kmp-default-1.4.20_3.0.101_108.52-0.43.2.1ofed-kmp-default-1.5.4.1_3.0.101_108.52-22.3.1ofed-kmp-trace-1.5.4.1_3.0.101_108.52-22.3.1iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_69.24-0.43.2.1iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_69.24-0.43.2.1ofed-1.5.4.1-22.3.1ofed-doc-1.5.4.1-22.3.1ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_69.24-22.3.1iscsitarget-kmp-trace-1.4.20_3.0.101_108.52-0.43.2.1iscsitarget-kmp-xen-1.4.20_3.0.101_108.52-0.43.2.1






SuSE SLES 11 SP4noarchpython-doc-pdf-2.6-8.40.6.2python-doc-2.6-8.40.6.2

i586python-2.6.9-40.6.2python-demo-2.6.9-40.6.2python-curses-2.6.9-40.6.2

libpython2_6-1_0-2.6.9-40.6.2python-idle-2.6.9-40.6.2python-xml-2.6.9-40.6.2python-base-2.6.9-40.6.2python-tk-2.6.9-40.6.2python-gdbm-2.6.9-40.6.2

x86_64python-2.6.9-40.6.2python-demo-2.6.9-40.6.2python-curses-2.6.9-40.6.2python-32bit-2.6.9-40.6.2libpython2_6-1_0-2.6.9-40.6.2python-idle-2.6.9-40.6.2python-xml-2.6.9-40.6.2python-base-2.6.9-40.6.2libpython2_6-1_0-32bit-2.6.9-40.6.2python-tk-2.6.9-40.6.2python-base-32bit-2.6.9-40.6.2python-gdbm-2.6.9-40.6.2


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2017-17741, CVE-2017-18241, CVE-2017-18249, CVE-2018-12233, CVE-2018-3665, CVE-2018-5848




SuSE SLED 12 SP3x86_64kernel-default-devel-4.4.138-94.39.1kernel-default-extra-4.4.138-94.39.1kernel-default-debuginfo-4.4.138-94.39.1kernel-default-4.4.138-94.39.1kernel-default-extra-debuginfo-4.4.138-94.39.1kernel-syms-4.4.138-94.39.1kernel-default-debugsource-4.4.138-94.39.1

noarchkernel-devel-4.4.138-94.39.1kernel-macros-4.4.138-94.39.1kernel-source-4.4.138-94.39.1

SuSE SLES 12 SP3noarchkernel-devel-4.4.138-94.39.1kernel-macros-4.4.138-94.39.1kernel-source-4.4.138-94.39.1

x86_64kernel-default-devel-4.4.138-94.39.1kernel-default-base-debuginfo-4.4.138-94.39.1kernel-default-debuginfo-4.4.138-94.39.1kernel-default-4.4.138-94.39.1kernel-syms-4.4.138-94.39.1kernel-default-base-4.4.138-94.39.1kernel-default-debugsource-4.4.138-94.39.1

186274 - Ubuntu Linux 14.04, 16.04, 17.10, 18.04 USN-3692-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2018-0495, CVE-2018-0732, CVE-2018-0737




Ubuntu 16.04

libssl1.0.0_1.0.2g-1ubuntu4.13

Ubuntu 14.04

libssl1.0.0_1.0.1f-1ubuntu2.26

Ubuntu 18.04

libssl1.1_1.1.0g-2ubuntu4.1libssl1.0.0_1.0.2n-1ubuntu5.1

Ubuntu 17.10

libssl1.0.0_1.0.2g-1ubuntu13.6


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2017-5715




Ubuntu 16.04

amd64-microcode_3.20180524.1~ubuntu0.16.04.1

Ubuntu 14.04


Ubuntu 18.04


Ubuntu 17.10


193844 - Fedora Linux 28 FEDORA-2018-6d87dc56e0 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-6d87dc56e0



Fedora Core 28

libgxps-0.3.0-5.fc28

193859 - Fedora Linux 28 FEDORA-2018-2c6bd93875 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-10322, CVE-2018-10323, CVE-2018-10840, CVE-2018-10853, CVE-2018-1108, CVE-2018-1120, CVE-2018-11412, CVE-2018-11506, CVE-2018-12232, CVE-2018-3639

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-2c6bd93875



Fedora Core 28

kernel-tools-4.17.2-200.fc28kernel-4.17.2-200.fc28

33385 - Oracle Solaris 146085-08 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:146085-08


https://getupdates.oracle.com/readme/146085-08

Oracle Solaris Cluster 3.3: SDS/SVM Mediator patch for Oracle Solaris 10

SOLARIS_10

SUNWmdmu:3.3.0,REV=2010.07.26.13.19

33386 - Oracle Solaris 146086-08 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Solaris Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:146086-08


https://getupdates.oracle.com/readme/146086-08

Oracle Solaris Cluster 3.3: SDS/SVM Mediator patch for Oracle Solaris 10(x86)

SOLARIS_10_x86

SUNWmdmu:3.3.0,REV=2010.07.26.13.13

88954 - Slackware Linux 14.2 SSA:2018-176-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:SSA:2018-176-01


http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.356975

Slackware 14.2x86_64mozilla-firefox-52.9.0esr-x86_64-1

i586mozilla-firefox-52.9.0esr-i586-1

131139 - Debian Linux 9.0 DSA-4234-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-12564, CVE-2018-12565

DescriptionThe scan detected that the host is missing the following update:DSA-4234-1


http://www.debian.org/security/2018/dsa-4234

Debian 9.0alllava-server_2016.12-3


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-1000180




Debian 9.0all

libbcpkix-java-doc_1.56-1+deb9u2libbcprov-java-doc_1.56-1+deb9u2libbcmail-java_1.56-1+deb9u2libbcpg-java-doc_1.56-1+deb9u2libbcpkix-java_1.56-1+deb9u2libbcmail-java-doc_1.56-1+deb9u2libbcpg-java_1.56-1+deb9u2libbcprov-java_1.56-1+deb9u2


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2018-3665




Debian 9.0allxen-system-arm64_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8xen-system-armhf_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8libxen-dev_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8xen-hypervisor-4.8-arm64_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8libxenstore3.0_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8xenstore-utils_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8xen-hypervisor-4.8-armhf_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8libxen-4.8_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8xen-hypervisor-4.8-amd64_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8xen-utils-common_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8xen-utils-4.8_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8xen-system-amd64_4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u8

182717 - FreeBSD phpmyadmin Remote Code Inclusion And XSS Scripting (17cb6ff3-7670-11e8-8854-6805ca0b3d42)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-12581, CVE-2018-12613

DescriptionThe scan detected that the host is missing the following update:phpmyadmin -- remote code inclusion and XSS scripting (17cb6ff3-7670-11e8-8854-6805ca0b3d42)


http://www.vuxml.org/freebsd/17cb6ff3-7670-11e8-8854-6805ca0b3d42.html

Affected packages: phpmyadmin < 4.8.2

182718 - FreeBSD mozilla Multiple Vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-12358, CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-12371, CVE-2018-5156, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188

DescriptionThe scan detected that the host is missing the following update:mozilla -- multiple vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)


http://www.vuxml.org/freebsd/cd81806c-26e7-4d4a-8425-02724a2f48af.html

Affected packages: firefox < 61.0_1,1waterfox < 56.2.1.19_2seamonkey < 2.49.5linux-seamonkey < 2.49.560.0,1 <= firefox-esr < 60.1.0_1,1firefox-esr < 52.9.0_1,1linux-firefox < 52.9.0,2libxul < 52.9.0thunderbird < 52.9.0linux-thunderbird < 52.9.0

182719 - FreeBSD FreeBSD Lazy FPU State Restore Information Disclosure (4e07d94f-75a5-11e8-85d1-a4badb2f4699)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-3665

DescriptionThe scan detected that the host is missing the following update:FreeBSD -- Lazy FPU State Restore Information Disclosure (4e07d94f-75a5-11e8-85d1-a4badb2f4699)


http://www.vuxml.org/freebsd/4e07d94f-75a5-11e8-85d1-a4badb2f4699.html

Affected packages: 11.1 <= FreeBSD-kernel < 11.1_11

182720 - FreeBSD mailman Hardening Against Malicious Listowners Injecting Evil HTML Scripts (739948e3-78bf-11e8-b23c-080027ac955c)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2018-0618

DescriptionThe scan detected that the host is missing the following update:mailman -- hardening against malicious listowners injecting evil HTML scripts (739948e3-78bf-11e8-b23c-080027ac955c)


http://www.vuxml.org/freebsd/739948e3-78bf-11e8-b23c-080027ac955c.html

Affected packages: mailman < 2.1.27mailman-with-htdig < 2.1.27ja-mailman < 2.1.27

193842 - Fedora Linux 27 FEDORA-2018-388847c0de Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-388847c0de



Fedora Core 27

LibRaw-0.18.12-1.fc27

193843 - Fedora Linux 28 FEDORA-2018-527698a904 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2018-3639

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-527698a904



Fedora Core 28

libvirt-4.1.0-3.fc28

193845 - Fedora Linux 28 FEDORA-2018-31f5fe58f7 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-31f5fe58f7



Fedora Core 28

redis-4.0.10-1.fc28

193846 - Fedora Linux 27 FEDORA-2018-fd67c19256 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-fd67c19256



Fedora Core 27

thunderbird-enigmail-2.0.7-1.fc27

193848 - Fedora Linux 28 FEDORA-2018-44f8a7454d Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-44f8a7454d



Fedora Core 28

qemu-2.11.1-3.fc28

193852 - Fedora Linux 28 FEDORA-2018-3f61c5cf7c Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-3f61c5cf7c



Fedora Core 28

rubygem-sinatra-2.0.0-4.fc28

193853 - Fedora Linux 27 FEDORA-2018-ce05750e27 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-ce05750e27



Fedora Core 27

redis-4.0.10-1.fc27

193855 - Fedora Linux 27 FEDORA-2018-09b59b0227 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: Low

CVE: CVE-2018-6123, CVE-2018-6124, CVE-2018-6125, CVE-2018-6126, CVE-2018-6127, CVE-2018-6128, CVE-2018-6129,CVE-2018-6130, CVE-2018-6131, CVE-2018-6132, CVE-2018-6133, CVE-2018-6134, CVE-2018-6135, CVE-2018-6136, CVE-2018-6137, CVE-2018-6138, CVE-2018-6139, CVE-2018-6140, CVE-2018-6141, CVE-2018-6142, CVE-2018-6143, CVE-2018-6144, CVE-2018-6145, CVE-2018-6147, CVE-2018-6148

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-09b59b0227



Fedora Core 27

chromium-67.0.3396.79-1.fc27

193857 - Fedora Linux 27 FEDORA-2018-b619637e45 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-b619637e45



Fedora Core 27

ansible-2.5.5-2.fc27

193862 - Fedora Linux 28 FEDORA-2018-a4bb79ea75 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-a4bb79ea75



Fedora Core 28

thunderbird-enigmail-2.0.7-1.fc28

193863 - Fedora Linux 28 FEDORA-2018-0e72ef852a Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-0e72ef852a



Fedora Core 28

libjpeg-turbo-1.5.3-5.fc28

193865 - Fedora Linux 28 FEDORA-2018-a89844963c Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-a89844963c



Fedora Core 28

pass-1.7.2-1.fc28

193866 - Fedora Linux 28 FEDORA-2018-6e759af8fb Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-6e759af8fb



Fedora Core 28

python-prometheus_client-0.2.0-1.fc28matrix-synapse-0.31.2-1.fc28

193867 - Fedora Linux 27 FEDORA-2018-a3e631b454 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-a3e631b454



Fedora Core 27

pass-1.7.2-1.fc27

193868 - Fedora Linux 28 FEDORA-2018-1a6e6196b9 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-1a6e6196b9



Fedora Core 28

ansible-2.5.5-2.fc28

193871 - Fedora Linux 27 FEDORA-2018-0b17e1e529 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes

Risk Level: LowCVE: CVE-2018-11627

DescriptionThe scan detected that the host is missing the following update:FEDORA-2018-0b17e1e529



Fedora Core 27

rubygem-sinatra-2.0.0-3.fc27

23741 - (K00363258) F5 BIG-IP Configuration utility Vulnerability

Category: SSH Module -> NonIntrusive -> F5Risk Level: LowCVE: CVE-2018-5525


ObservationF5's BIG-IP products are network appliances that run F5's Traffic Management Operating System.

A vulnerability is present in some versions of F5 BIG-IP products. The flaw lies in the Configuration utility. Successful exploitation could allow an attacker to obtain sensitive customer data.

23771 - IBM AIX Rmsock Multiple Vulnerabilities (rmsock_advisory2)

Category: SSH Module -> NonIntrusive -> AIX Patches and HotfixesRisk Level: LowCVE: CVE-2018-1655

DescriptionA vulnerability is present in some versions of IBM AIX.

ObservationAIX is a Unix-like operating system developed by IBM.

A vulnerability is present in some versions of IBM AIX. The flaw lies in the rmsock command. Successful exploitation could allow an attacker to obtain sensitive information.


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: LowCVE: CVE-2018-1050




OEL6x86_64samba4-dc-4.2.10-15.el6samba4-python-4.2.10-15.el6samba4-libs-4.2.10-15.el6samba4-winbind-krb5-locator-4.2.10-15.el6samba4-client-4.2.10-15.el6samba4-winbind-4.2.10-15.el6samba4-pidl-4.2.10-15.el6samba4-dc-libs-4.2.10-15.el6samba4-4.2.10-15.el6samba4-common-4.2.10-15.el6samba4-winbind-clients-4.2.10-15.el6samba4-test-4.2.10-15.el6samba4-devel-4.2.10-15.el6

i386samba4-dc-4.2.10-15.el6samba4-python-4.2.10-15.el6samba4-libs-4.2.10-15.el6samba4-winbind-krb5-locator-4.2.10-15.el6samba4-client-4.2.10-15.el6samba4-winbind-4.2.10-15.el6samba4-pidl-4.2.10-15.el6samba4-dc-libs-4.2.10-15.el6samba4-4.2.10-15.el6samba4-common-4.2.10-15.el6samba4-winbind-clients-4.2.10-15.el6samba4-test-4.2.10-15.el6samba4-devel-4.2.10-15.el6

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on avulnerability and anything else that improves upon an existing FSL check.

23035 - Mozilla Firefox Multiple Vulnerabilities Prior To 58

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5105, CVE-2018-5106, CVE-2018-5107, CVE-2018-5108, CVE-2018-5109, CVE-2018-5110, CVE-2018-5111, CVE-2018-5112, CVE-2018-5113, CVE-2018-5114, CVE-2018-5115, CVE-2018-5116, CVE-2018-5117, CVE-2018-5118,CVE-2018-5119, CVE-2018-5121, CVE-2018-5122

Update Details

Risk is updated

23036 - Mozilla Firefox Multiple Vulnerabilities Prior To 58

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5105, CVE-2018-5106, CVE-2018-5107, CVE-2018-5108, CVE-2018-5109, CVE-2018-5110, CVE-2018-5111, CVE-2018-5112, CVE-2018-5113, CVE-2018-5114, CVE-2018-5115, CVE-2018-5116, CVE-2018-5117, CVE-2018-5118,CVE-2018-5119, CVE-2018-5121, CVE-2018-5122

Update DetailsRisk is updated

23265 - (APSB18-05) Vulnerabilities In Adobe Flash Player

Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-4919, CVE-2018-4920



Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-4919, CVE-2018-4920



Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937



Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: HighCVE: CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937



Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-4919, CVE-2018-4920



Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937





182515 - FreeBSD mozilla Multiple Vulnerabilities (f78eac48-c3d1-4666-8de5-63ceea25a578)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833,CVE-2017-7834, CVE-2017-7835, CVE-2017-7836, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842


182582 - FreeBSD mozilla Multiple Vulnerabilities (a891c5b4-3d7a-4de9-9c71-eef3fd698c77)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5105, CVE-2018-5106, CVE-2018-5107, CVE-2018-5108, CVE-2018-5109, CVE-2018-5110, CVE-2018-5111, CVE-2018-5112, CVE-2018-5113, CVE-2018-5114, CVE-2018-5115, CVE-2018-5116, CVE-2018-5117, CVE-2018-5118,CVE-2018-5119, CVE-2018-5121, CVE-2018-5122


182640 - FreeBSD Flash Player Multiple Vulnerabilities (313078e3-26e2-11e8-9920-6451062f0f7a)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2018-4919, CVE-2018-4920


182667 - FreeBSD Flash Player Multiple Vulnerabilities (5c6f7482-3ced-11e8-b157-6451062f0f7a)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937


182691 - FreeBSD Flash Player Arbitrary Code Execution (9558d49c-534c-11e8-8177-d43d7ef03aa6)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2018-4944



Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833,CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842






Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833,

CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7839, CVE-2017-7840, CVE-2017-7842





186077 - Ubuntu Linux 14.04, 16.04, 17.10 USN-3544-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5105, CVE-2018-5106, CVE-2018-5107, CVE-2018-5108, CVE-2018-5109, CVE-2018-5111, CVE-2018-5112, CVE-2018-5113, CVE-2018-5114, CVE-2018-5115, CVE-2018-5116, CVE-2018-5117, CVE-2018-5118, CVE-2018-5119,CVE-2018-5122



Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2018-5089, CVE-2018-5090, CVE-2018-5091, CVE-2018-5092, CVE-2018-5093, CVE-2018-5094, CVE-2018-5095,CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5100, CVE-2018-5101, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5105, CVE-2018-5106, CVE-2018-5107, CVE-2018-5108, CVE-2018-5109, CVE-2018-5111, CVE-2018-5112, CVE-2018-5113, CVE-2018-5114, CVE-2018-5115, CVE-2018-5116, CVE-2018-5117, CVE-2018-5118, CVE-2018-5119,CVE-2018-5122


23697 - (MSPT-Jun2018) Microsoft Internet Explorer Handles Objects in Memory Remote Code Execution (CVE-2018-8267)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2018-8267

Update DetailsDescription is updated Observation is updated

88946 - Slackware Linux 14.2 SSA:2018-142-03 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: HighCVE: CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126


131117 - Debian Linux 8.0, 9.0 DSA-4208-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126


182467 - FreeBSD mozilla Multiple Vulnerabilities (1098a15b-b0f6-42b7-b5c7-8a8646e8be07)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814,CVE-2017-7815, CVE-2017-7816, CVE-2017-7817, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824, CVE-2017-7825


182529 - FreeBSD palemoon Multiple Vulnerabilities (6056bf68-f570-4e70-b740-b9f606971283)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2017-7832, CVE-2017-7835, CVE-2017-7840


182589 - FreeBSD palemoon Multiple Vulnerabilities (5044bd23-08cb-11e8-b08f-00012e582166)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2018-5102, CVE-2018-5122



Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814,

CVE-2017-7815, CVE-2017-7816, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824



Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, CVE-2017-7813, CVE-2017-7814,CVE-2017-7815, CVE-2017-7816, CVE-2017-7818, CVE-2017-7819, CVE-2017-7820, CVE-2017-7821, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824



Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126


193713 - Fedora Linux 28 FEDORA-2018-bba8fed5ab Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-1124, CVE-2018-1126


193730 - Fedora Linux 27 FEDORA-2018-de5de06754 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-1124, CVE-2018-1126


193792 - Fedora Linux 27 FEDORA-2018-79792e0c64 Update Is Not Installed


Update Details

Risk is updated

193804 - Fedora Linux 28 FEDORA-2018-168af81706 Update Is Not Installed



23298 - (APSB18-06) Vulnerabilities In Adobe Connect

Category: General Vulnerability Assessment -> NonIntrusive -> Web ServerRisk Level: MediumCVE: CVE-2018-4921, CVE-2018-4923


23440 - (APSB18-13) Vulnerabilities In Adobe Digital Editions

Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-4925, CVE-2018-4926


23441 - (APSB18-13) Vulnerabilities In Adobe Digital Editions

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: MediumCVE: CVE-2018-4925, CVE-2018-4926


23688 - (MSPT-Jun2018) Microsoft Sharepoint Web Request Sanitization Privilege Escalation (CVE-2018-8254)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-8254

Update DetailsDescription is updated Observation is updated

131124 - Debian Linux 8.0, 9.0 DSA-4214-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes

Risk Level: MediumCVE: CVE-2018-8012


193838 - Fedora Linux 28 FEDORA-2018-a5e45fc9f7 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-11396, CVE-2018-12016


23643 - IBM DB2 Db2exmig And Db2exfmt Tools Multiple Vulnerabilities (swg22016143)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2018-1544, CVE-2018-1565


23644 - IBM DB2 Db2exmig And Db2exfmt Tools Multiple Vulnerabilities (swg22016143)

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: MediumCVE: CVE-2018-1544, CVE-2018-1565






Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: MediumCVE: CVE-2018-1000199, CVE-2018-3639


193636 - Fedora Linux 28 FEDORA-2018-5926c0ffc8 Update Is Not Installed



193744 - Fedora Linux 28 FEDORA-2018-916dfe0d86 Update Is Not Installed



23734 - IBM DB2 Multiple File Overwrite Vulnerabilities (swg22016181)

Category: SSH Module -> NonIntrusive -> SSH MiscellaneousRisk Level: LowCVE: CVE-2018-1449, CVE-2018-1450, CVE-2018-1451, CVE-2018-1452


182014 - FreeBSD tiff Buffer Overflow (0ab66088-4aa5-11e6-a7bd-14dae9d210b8)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2016-5314, CVE-2016-5875

Update DetailsCVE is updated

23588 - (SB10237) McAfee VirusScan Enterprise Elevation Of Privilege Vulnerability

Category: Windows Host Assessment -> Anti-Virus Software (CATEGORY REQUIRES CREDENTIALS)Risk Level: LowCVE: CVE-2018-6674


70087 - hp.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid CategoryRisk Level: Informational

CVE: CVE-MAP-NOMATCH

Update DetailsFASLScript is updated

70116 - scada.fasl3.inc

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid CategoryRisk Level: InformationalCVE: CVE-MAP-NOMATCH

Update DetailsFASLScript is updated

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we stronglyurge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download anycritical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility byselecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The newvulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selectedvulnerability category and checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts willbe automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.comMulti-National Phone Support available here:

http://www.mcafee.com/us/about/contact/index.htmlNon-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distributionby others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2018 McAfee, Inc.McAfee is a registered trademark of McAfee, Inc. and/or its affiliates

https://mysupport.mcafee.com/

http://www.mcafee.com/us/about/contact/index.html

McAfee Foundstone FSL Update · CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370,...

Documents

Transcript of McAfee Foundstone FSL Update · CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370,...