MCAFEE FOUNDSTONE FSL UPDATE 2019-SEP-11...Code Execution (CVE-201 Category: Windows Host Assessment...
Transcript of MCAFEE FOUNDSTONE FSL UPDATE 2019-SEP-11...Code Execution (CVE-201 Category: Windows Host Assessment...
2019-SEP-11FSL version 7.6.128
MCAFEE FOUNDSTONE FSL UPDATE
To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is adetailed summary of the new and updated checks included with this release.
NEW CHECKS
131424 - Debian Linux 10.0, 9.0 DSA-4517-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846
DescriptionThe scan detected that the host is missing the following update:DSA-4517-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2019/dsa-4517
Debian 9.0allexim4_4.89-2+deb9u6
Debian 10.0allexim4_4.92-8+deb10u2
148299 - SuSE Linux 15.0, 15.1 openSUSE-SU-2019:2093-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2093-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00051.html
SuSE Linux 15.0x86_64exim-4.88-lp150.3.9.1eximstats-html-4.88-lp150.3.9.1
exim-debugsource-4.88-lp150.3.9.1eximon-debuginfo-4.88-lp150.3.9.1exim-debuginfo-4.88-lp150.3.9.1eximon-4.88-lp150.3.9.1
SuSE Linux 15.1x86_64exim-4.88-lp151.4.9.1eximstats-html-4.88-lp151.4.9.1eximon-debuginfo-4.88-lp151.4.9.1eximon-4.88-lp151.4.9.1exim-debugsource-4.88-lp151.4.9.1exim-debuginfo-4.88-lp151.4.9.1
171139 - Amazon Linux AMI ALAS-2019-1277 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846
DescriptionThe scan detected that the host is missing the following update:ALAS-2019-1277
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://alas.aws.amazon.com/ALAS-2019-1277.html
Amazon Linux AMIx86_64exim-greylist-4.92-1.24.amzn1exim-pgsql-4.92-1.24.amzn1exim-mysql-4.92-1.24.amzn1exim-mon-4.92-1.24.amzn1exim-debuginfo-4.92-1.24.amzn1exim-4.92-1.24.amzn1
i686exim-greylist-4.92-1.24.amzn1exim-pgsql-4.92-1.24.amzn1exim-mysql-4.92-1.24.amzn1exim-mon-4.92-1.24.amzn1exim-debuginfo-4.92-1.24.amzn1exim-4.92-1.24.amzn1
186903 - Ubuntu Linux 16.04, 18.04, 19.04 USN-4124-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846
DescriptionThe scan detected that the host is missing the following update:USN-4124-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005102.html
Ubuntu 16.04
exim4-daemon-light_4.86.2-2ubuntu2.5exim4-daemon-heavy_4.86.2-2ubuntu2.5
Ubuntu 19.04
exim4-daemon-heavy_4.92-4ubuntu1.3exim4-daemon-light_4.92-4ubuntu1.3
Ubuntu 18.04
exim4-daemon-light_4.90.1-1ubuntu1.4exim4-daemon-heavy_4.90.1-1ubuntu1.4
195525 - Fedora Linux 29 FEDORA-2019-ae361e20c2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-ae361e20c2
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 29
exim-4.92.2-1.fc29
195530 - Fedora Linux 30 FEDORA-2019-467fcbb10a Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-467fcbb10a
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 30
exim-4.92.2-1.fc30
25653 - (APSB19-46) Vulnerability In Adobe Flash Player
Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-8069, CVE-2019-8070
DescriptionMultiple vulnerabilities in some versions of Adobe Flash Player could lead to remote code execution.
ObservationMultiple vulnerabilities in some versions of Adobe Flash Player could lead to remote code execution.
The flaws lie in several components. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
163992 - Oracle Enterprise Linux ELSA-2019-2694 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-11733, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812
DescriptionThe scan detected that the host is missing the following update:ELSA-2019-2694
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2019-September/009134.html
OEL6x86_64firefox-60.9.0-1.0.1.el6_10
i386firefox-60.9.0-1.0.1.el6_10
163993 - Oracle Enterprise Linux ELSA-2019-2663 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-11735, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11747, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752, CVE-2019-9812
Description
The scan detected that the host is missing the following update:ELSA-2019-2663
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2019-September/009129.html
OEL8x86_64firefox-68.1.0-1.0.1.el8_0
195518 - Fedora Linux 29 FEDORA-2019-c1dac1b3b8 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2019-5736
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-c1dac1b3b8
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 29
lxcfs-3.0.4-1.fc29python3-lxc-3.0.4-1.fc29lxc-3.0.4-1.fc29
195529 - Fedora Linux 30 FEDORA-2019-2baa1f7b19 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2019-5736
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-2baa1f7b19
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=3
Fedora Core 30
lxcfs-3.0.4-1.fc30
lxc-3.0.4-1.fc30python3-lxc-3.0.4-1.fc30
196477 - Red Hat Enterprise Linux RHSA-2019-2694 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-11733, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812
DescriptionThe scan detected that the host is missing the following update:RHSA-2019-2694
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2019-September/msg00023.html
RHEL6Dx86_64firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10
i386firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10
RHEL6Si386firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10
x86_64firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10
RHEL6WSx86_64firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10
i386firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10
25582 - (MSPT-Sep2019) Microsoft Explorer VBScript Remote Code Execution (CVE-2019-1208)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1208
DescriptionA vulnerability in some versions of Microsoft Explorer could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Explorer could lead to remote code execution.
The flaw lies in the VBScript component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25583 - (MSPT-Sep2019) Microsoft VBScript Improperly Handles Objects in Memory Remote Code Execution (CVE-2019-1236)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1236
DescriptionA vulnerability in some versions of Microsoft VBScript could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft VBScript could lead to remote code execution.
The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25591 - (MSPT-Sep2019) Microsoft Exchange Improperly Handles Objects in Memory Denial of Service (CVE-2019-1233)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1233
DescriptionA vulnerability in some versions of Microsoft Exchange could lead to a denial of service.
ObservationA vulnerability in some versions of Microsoft Exchange could lead to a denial of service.
The flaw lies due to Improperly Handles Objects in Memory. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the user to open a vulnerable website, email or document.
25594 - (MSPT-Sep2019) Microsoft Team Foundation Server Improperly Sanitize Input Remote Code Execution (CVE-2019-1305)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1305
DescriptionA vulnerability in some versions of Microsoft Team Foundation Server could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Team Foundation Server could lead to remote code execution.
The flaw lies due to Improperly Sanitize Input component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25595 - (MSPT-Sep2019) Microsoft Azure DevOps Server and Team Foundation Server Improperly Validate Input RemoteCode Execution (CVE-201
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1306
DescriptionA vulnerability in some versions of Microsoft Azure DevOps Server and Team Foundation Server could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Azure DevOps Server and Team Foundation Server could lead to remote code execution.
The flaw lies due to improperly validate input. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25598 - (MSPT-Sep2019) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2019-1240)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1240
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25599 - (MSPT-Sep2019) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2019-1241)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1241
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25600 - (MSPT-Sep2019) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2019-1242)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1242
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25601 - (MSPT-Sep2019) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2019-1243)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1243
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25602 - (MSPT-Sep2019) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2019-1246)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1246
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25603 - (MSPT-Sep2019) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2019-1247)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1247
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25604 - (MSPT-Sep2019) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2019-1248)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1248
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25605 - (MSPT-Sep2019) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2019-1249)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1249
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25606 - (MSPT-Sep2019) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2019-1250)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1250
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
Observation
A vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Jet Database Engine component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25612 - (MSPT-Sep2019) Microsoft Windows .LNK Remote Code Execution (CVE-2019-1280)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1280
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the .LNK file processing. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25615 - (MSPT-Sep2019) Microsoft Windows Denial of Service Vulnerability (CVE-2019-1292)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1292
DescriptionA vulnerability in some versions of Microsoft Windows could lead to a denial of service.
ObservationA vulnerability in some versions of Microsoft Windows could lead to a denial of service.
The flaw lies due to improperly handle objects in memory. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.
25624 - (MSPT-Sep2019) Microsoft Windows Remote Desktop Services Remote Code Execution (CVE-2019-0787)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-0787
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Remote Desktop Services component. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
25625 - (MSPT-Sep2019) Microsoft Windows Remote Desktop Services Remote Code Execution (CVE-2019-0788)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-0788
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Remote Desktop Services component. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
25626 - (MSPT-Sep2019) Microsoft Windows Remote Desktop Services Remote Code Execution (CVE-2019-1290)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1290
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Remote Desktop Services component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.
25627 - (MSPT-Sep2019) Microsoft Windows Remote Desktop Services Remote Code Execution (CVE-2019-1291)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1291
DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.
The flaw lies in the Remote Desktop Services component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.
25629 - (MSPT-Sep2019) Microsoft Edge Chakra Remote Code Execution (CVE-2019-1138)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: High
CVE: CVE-2019-1138
DescriptionA vulnerability in some versions of Microsoft Edge could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Edge could lead to remote code execution.
The flaw lies in the Chakra component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25630 - (MSPT-Sep2019) Microsoft Edge Chakra Remote Code Execution (CVE-2019-1217)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1217
DescriptionA vulnerability in some versions of Microsoft Edge could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Edge could lead to remote code execution.
The flaw lies in the Chakra component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25631 - (MSPT-Sep2019) Microsoft Edge Chakra Remote Code Execution (CVE-2019-1237)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1237
DescriptionA vulnerability in some versions of Microsoft Edge could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Edge could lead to remote code execution.
The flaw lies in the Chakra component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25632 - (MSPT-Sep2019) Microsoft Edge Scripting Engine Remote Code Execution (CVE-2019-1298)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1298
DescriptionA vulnerability in some versions of Microsoft Edge could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Edge could lead to remote code execution.
The flaw lies in the Scripting Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25634 - (MSPT-Sep2019) Microsoft ChakraCore Scripting Engine Remote Code Execution (CVE-2019-1300)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1300
DescriptionA vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.
The flaw lies in the Scripting Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25635 - (MSPT-Sep2019) Microsoft Hyper-V Properly Validate Input Denial of Service (CVE-2019-0928)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-0928
DescriptionA vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.
ObservationA vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.
The flaw lies in the Properly Validate Input component. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.
25638 - (MSPT-Sep2019) Microsoft Excel Improperly Handle Objects in Memory Remote Code Execution (CVE-2019-1297)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1297
DescriptionA vulnerability in some versions of Microsoft Excel could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Excel could lead to remote code execution.
The flaw lies due to improperly handle objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25642 - (MSPT-Sep2019) Microsoft SharePoint Remote Code Execution (CVE-2019-1257)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1257
DescriptionA vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
The flaw lies in the Application Package component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25647 - (MSPT-Sep2019) Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1295)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1295
DescriptionA vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
The flaw lies in the Unsafe APIs component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25648 - (MSPT-Sep2019) Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1296)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1296
DescriptionA vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.
The flaw lies in the Unsafe APIs component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25649 - (MSPT-Sep2019) Microsoft VBScript Improperly Handles Objects in Memory Remote Code Execution (CVE-2019-1220)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)
Risk Level: HighCVE: CVE-2019-1220
DescriptionA vulnerability in some versions of Microsoft VBScript could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft VBScript could lead to remote code execution.
The flaw lies due to Improperly Handles Objects in Memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
25650 - (MSPT-Sep2019) Microsoft Explorer Improperly Handles Objects in Memory Remote Code Execution (CVE-2019-1221)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1221
DescriptionA vulnerability in some versions of Microsoft Explorer could lead to remote code execution.
ObservationA vulnerability in some versions of Microsoft Explorer could lead to remote code execution.
The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.
131418 - Debian Linux 10.0, 9.0 DSA-4519-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2019-9854
DescriptionThe scan detected that the host is missing the following update:DSA-4519-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2019/dsa-4519
Debian 9.0alllibreoffice_1:5.2.7-1+deb9u11
Debian 10.0alllibreoffice_1:6.1.5-3+deb10u4
131419 - Debian Linux 10.0 DSA-4520-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518
DescriptionThe scan detected that the host is missing the following update:DSA-4520-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2019/dsa-4520
Debian 10.0alltrafficserver_8.0.2+ds-1+deb10u1
131420 - Debian Linux 10.0, 9.0 DSA-4518-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817
DescriptionThe scan detected that the host is missing the following update:DSA-4518-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2019/dsa-4518
Debian 9.0allghostscript_9.26a~dfsg-0+deb9u5
Debian 10.0allghostscript_9.27~dfsg-2+deb10u2
131422 - Debian Linux 10.0 DSA-4521-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2019-13139, CVE-2019-13509, CVE-2019-14271
DescriptionThe scan detected that the host is missing the following update:DSA-4521-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2019/dsa-4521
Debian 10.0alldocker.io_18.09.1+dfsg1-7.1+deb10u1
148292 - SuSE Linux 15.0 openSUSE-SU-2019:2081-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-5869
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2081-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00039.html
SuSE Linux 15.0x86_64chromedriver-76.0.3809.132-lp150.234.1chromedriver-debuginfo-76.0.3809.132-lp150.234.1chromium-76.0.3809.132-lp150.234.1chromium-debuginfo-76.0.3809.132-lp150.234.1chromium-debugsource-76.0.3809.132-lp150.234.1
148293 - SuSE SLES 12 SP4, SLED 12 SP4 SUSE-SU-2019:2347-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-10216
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2019:2347-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2019-September/005900.html
SuSE SLED 12 SP4x86_64ghostscript-9.26a-23.25.1ghostscript-debugsource-9.26a-23.25.1ghostscript-debuginfo-9.26a-23.25.1
ghostscript-x11-9.26a-23.25.1ghostscript-x11-debuginfo-9.26a-23.25.1
SuSE SLES 12 SP4x86_64ghostscript-9.26a-23.25.1ghostscript-debugsource-9.26a-23.25.1ghostscript-debuginfo-9.26a-23.25.1ghostscript-x11-9.26a-23.25.1ghostscript-x11-debuginfo-9.26a-23.25.1
148294 - SuSE Linux 15.1 openSUSE-SU-2019:2083-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-15784
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2083-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00040.html
SuSE Linux 15.1x86_64libsrt1-debuginfo-1.3.4-lp151.2.3.1srt-debuginfo-1.3.4-lp151.2.3.1srt-1.3.4-lp151.2.3.1srt-debugsource-1.3.4-lp151.2.3.1libsrt1-1.3.4-lp151.2.3.1srt-devel-1.3.4-lp151.2.3.1
148295 - SuSE Linux 15.1 openSUSE-SU-2019:2080-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-5869
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2080-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00038.html
SuSE Linux 15.1x86_64chromedriver-76.0.3809.132-lp151.2.25.1chromium-debugsource-76.0.3809.132-lp151.2.25.1
chromedriver-debuginfo-76.0.3809.132-lp151.2.25.1chromium-debuginfo-76.0.3809.132-lp151.2.25.1chromium-76.0.3809.132-lp151.2.25.1
148296 - SuSE Linux 15.1 openSUSE-SU-2019:2085-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-14809, CVE-2019-9512, CVE-2019-9514
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2085-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00043.html
SuSE Linux 15.1x86_64go1.12-1.12.9-lp151.2.17.1go1.12-race-1.12.9-lp151.2.17.1go1.12-doc-1.12.9-lp151.2.17.1
148297 - SuSE Linux 15.1 openSUSE-SU-2019:2120-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-16843, CVE-2018-16844, CVE-2018-16845, CVE-2019-9511, CVE-2019-9513, CVE-2019-9516
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2120-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00077.html
SuSE Linux 15.1x86_64nginx-debuginfo-1.14.2-lp151.4.3.1nginx-1.14.2-lp151.4.3.1nginx-debugsource-1.14.2-lp151.4.3.1
noarchnginx-source-1.14.2-lp151.4.3.1vim-plugin-nginx-1.14.2-lp151.4.3.1
148298 - SuSE Linux 15.1 openSUSE-SU-2019:2121-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes
Risk Level: HighCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2121-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00075.html
SuSE Linux 15.1i586libblkid-devel-2.33.1-lp151.3.3.2util-linux-systemd-2.33.1-lp151.3.3.2libsmartcols-devel-2.33.1-lp151.3.3.2util-linux-systemd-debugsource-2.33.1-lp151.3.3.2libfdisk1-debuginfo-2.33.1-lp151.3.3.2util-linux-systemd-debuginfo-2.33.1-lp151.3.3.2shadow-4.6-lp151.2.3.2libuuid-devel-2.33.1-lp151.3.3.2libmount1-2.33.1-lp151.3.3.2libfdisk1-2.33.1-lp151.3.3.2util-linux-debugsource-2.33.1-lp151.3.3.2libblkid1-2.33.1-lp151.3.3.2libblkid1-debuginfo-2.33.1-lp151.3.3.2libmount-devel-static-2.33.1-lp151.3.3.2libuuid1-2.33.1-lp151.3.3.2uuidd-debuginfo-2.33.1-lp151.3.3.2libblkid-devel-static-2.33.1-lp151.3.3.2shadow-debugsource-4.6-lp151.2.3.2shadow-debuginfo-4.6-lp151.2.3.2libfdisk-devel-static-2.33.1-lp151.3.3.2libmount1-debuginfo-2.33.1-lp151.3.3.2util-linux-debuginfo-2.33.1-lp151.3.3.2libuuid-devel-static-2.33.1-lp151.3.3.2libsmartcols1-debuginfo-2.33.1-lp151.3.3.2util-linux-2.33.1-lp151.3.3.2uuidd-2.33.1-lp151.3.3.2libsmartcols-devel-static-2.33.1-lp151.3.3.2libuuid1-debuginfo-2.33.1-lp151.3.3.2libmount-devel-2.33.1-lp151.3.3.2libfdisk-devel-2.33.1-lp151.3.3.2libsmartcols1-2.33.1-lp151.3.3.2
noarchutil-linux-lang-2.33.1-lp151.3.3.2
x86_64python3-libmount-debuginfo-2.33.1-lp151.3.3.2libblkid-devel-2.33.1-lp151.3.3.2python3-libmount-debugsource-2.33.1-lp151.3.3.2util-linux-systemd-2.33.1-lp151.3.3.2libsmartcols-devel-2.33.1-lp151.3.3.2util-linux-systemd-debugsource-2.33.1-lp151.3.3.2libfdisk1-debuginfo-2.33.1-lp151.3.3.2python3-libmount-2.33.1-lp151.3.3.2
libblkid-devel-32bit-2.33.1-lp151.3.3.2util-linux-systemd-debuginfo-2.33.1-lp151.3.3.2shadow-4.6-lp151.2.3.2libuuid-devel-2.33.1-lp151.3.3.2libmount1-32bit-debuginfo-2.33.1-lp151.3.3.2libblkid1-32bit-debuginfo-2.33.1-lp151.3.3.2libmount1-2.33.1-lp151.3.3.2libmount-devel-32bit-2.33.1-lp151.3.3.2libfdisk1-2.33.1-lp151.3.3.2util-linux-debugsource-2.33.1-lp151.3.3.2libblkid1-2.33.1-lp151.3.3.2libblkid1-debuginfo-2.33.1-lp151.3.3.2libmount-devel-static-2.33.1-lp151.3.3.2libblkid1-32bit-2.33.1-lp151.3.3.2libuuid1-2.33.1-lp151.3.3.2uuidd-debuginfo-2.33.1-lp151.3.3.2libblkid-devel-static-2.33.1-lp151.3.3.2shadow-debugsource-4.6-lp151.2.3.2shadow-debuginfo-4.6-lp151.2.3.2libfdisk-devel-static-2.33.1-lp151.3.3.2libmount1-debuginfo-2.33.1-lp151.3.3.2util-linux-debuginfo-2.33.1-lp151.3.3.2libuuid-devel-static-2.33.1-lp151.3.3.2libsmartcols1-debuginfo-2.33.1-lp151.3.3.2libuuid1-32bit-debuginfo-2.33.1-lp151.3.3.2util-linux-2.33.1-lp151.3.3.2libmount1-32bit-2.33.1-lp151.3.3.2uuidd-2.33.1-lp151.3.3.2libsmartcols-devel-static-2.33.1-lp151.3.3.2libuuid-devel-32bit-2.33.1-lp151.3.3.2libuuid1-debuginfo-2.33.1-lp151.3.3.2libmount-devel-2.33.1-lp151.3.3.2libfdisk-devel-2.33.1-lp151.3.3.2libuuid1-32bit-2.33.1-lp151.3.3.2libsmartcols1-2.33.1-lp151.3.3.2
148300 - SuSE Linux 15.0 openSUSE-SU-2019:2095-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-15757
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2095-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00052.html
SuSE Linux 15.0x86_64libmirage-debuginfo-3.2.2-lp150.2.6.1typelib-1_0-libmirage-3_2-3.2.2-lp150.2.6.1libmirage11-3.2.2-lp150.2.6.1libmirage-devel-3.2.2-lp150.2.6.1
libmirage11-debuginfo-3.2.2-lp150.2.6.1libmirage-3_2-debuginfo-3.2.2-lp150.2.6.1libmirage-3_2-3.2.2-lp150.2.6.1libmirage-debugsource-3.2.2-lp150.2.6.1
noarchlibmirage-data-3.2.2-lp150.2.6.1libmirage-lang-3.2.2-lp150.2.6.1
148301 - SuSE SLES 12 SP4, SLED 12 SP4 SUSE-SU-2019:2345-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679,CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2019:2345-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2019-September/005904.html
SuSE SLED 12 SP4x86_64typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1libwebkit2gtk-4_0-37-2.24.4-2.47.1libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1libjavascriptcoregtk-4_0-18-2.24.4-2.47.1webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1typelib-1_0-WebKit2-4_0-2.24.4-2.47.1webkit2gtk3-debugsource-2.24.4-2.47.1libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1
noarchlibwebkit2gtk3-lang-2.24.4-2.47.1
SuSE SLES 12 SP4noarchlibwebkit2gtk3-lang-2.24.4-2.47.1
x86_64typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1libwebkit2gtk-4_0-37-2.24.4-2.47.1libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1libjavascriptcoregtk-4_0-18-2.24.4-2.47.1webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1typelib-1_0-WebKit2-4_0-2.24.4-2.47.1webkit2gtk3-debugsource-2.24.4-2.47.1libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1
148302 - SuSE Linux 15.1 openSUSE-SU-2019:2096-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-15757
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2096-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00053.html
SuSE Linux 15.1x86_64libmirage-devel-3.2.2-lp151.3.6.1libmirage-3_2-debuginfo-3.2.2-lp151.3.6.1libmirage11-3.2.2-lp151.3.6.1libmirage-debuginfo-3.2.2-lp151.3.6.1libmirage11-debuginfo-3.2.2-lp151.3.6.1libmirage-debugsource-3.2.2-lp151.3.6.1typelib-1_0-libmirage-3_2-3.2.2-lp151.3.6.1libmirage-3_2-3.2.2-lp151.3.6.1
noarchlibmirage-data-3.2.2-lp151.3.6.1libmirage-lang-3.2.2-lp151.3.6.1
148303 - SuSE Linux 15.0, 15.1 openSUSE-SU-2019:2115-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2115-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00070.html
SuSE Linux 15.0i586nodejs8-debugsource-8.16.1-lp150.2.19.1nodejs8-devel-8.16.1-lp150.2.19.1nodejs8-8.16.1-lp150.2.19.1npm8-8.16.1-lp150.2.19.1nodejs8-debuginfo-8.16.1-lp150.2.19.1
noarchnodejs8-docs-8.16.1-lp150.2.19.1
x86_64nodejs8-debugsource-8.16.1-lp150.2.19.1nodejs8-devel-8.16.1-lp150.2.19.1nodejs8-8.16.1-lp150.2.19.1npm8-8.16.1-lp150.2.19.1nodejs8-debuginfo-8.16.1-lp150.2.19.1
SuSE Linux 15.1i586nodejs8-debugsource-8.16.1-lp151.2.6.1nodejs8-debuginfo-8.16.1-lp151.2.6.1nodejs8-devel-8.16.1-lp151.2.6.1npm8-8.16.1-lp151.2.6.1nodejs8-8.16.1-lp151.2.6.1
noarchnodejs8-docs-8.16.1-lp151.2.6.1
x86_64nodejs8-debugsource-8.16.1-lp151.2.6.1nodejs8-debuginfo-8.16.1-lp151.2.6.1nodejs8-devel-8.16.1-lp151.2.6.1npm8-8.16.1-lp151.2.6.1nodejs8-8.16.1-lp151.2.6.1
148304 - SuSE Linux 15.0, 15.1 openSUSE-SU-2019:2114-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2114-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00072.html
SuSE Linux 15.0x86_64nodejs10-10.16.3-lp150.5.1npm10-10.16.3-lp150.5.1nodejs10-debuginfo-10.16.3-lp150.5.1nodejs10-devel-10.16.3-lp150.5.1nodejs10-debugsource-10.16.3-lp150.5.1
noarchnodejs10-docs-10.16.3-lp150.5.1
SuSE Linux 15.1i586
nodejs10-debuginfo-10.16.3-lp151.2.6.1nodejs10-debugsource-10.16.3-lp151.2.6.1nodejs10-devel-10.16.3-lp151.2.6.1npm10-10.16.3-lp151.2.6.1nodejs10-10.16.3-lp151.2.6.1
noarchnodejs10-docs-10.16.3-lp151.2.6.1
x86_64nodejs10-debuginfo-10.16.3-lp151.2.6.1nodejs10-debugsource-10.16.3-lp151.2.6.1nodejs10-devel-10.16.3-lp151.2.6.1npm10-10.16.3-lp151.2.6.1nodejs10-10.16.3-lp151.2.6.1
148305 - SuSE Linux 15.0 openSUSE-SU-2019:2118-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-14806
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2118-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00076.html
SuSE Linux 15.0noarchpython3-Werkzeug-0.12.2-lp150.2.3.1python2-Werkzeug-0.12.2-lp150.2.3.1python-Werkzeug-doc-0.12.2-lp150.2.3.1
148309 - SuSE Linux 15.0, 15.1 openSUSE-SU-2019:2068-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-12855
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2068-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00028.html
SuSE Linux 15.0x86_64
python2-Twisted-debuginfo-17.9.0-lp150.2.6.1python-Twisted-debuginfo-17.9.0-lp150.2.6.1python3-Twisted-17.9.0-lp150.2.6.1python-Twisted-debugsource-17.9.0-lp150.2.6.1python2-Twisted-17.9.0-lp150.2.6.1python-Twisted-doc-17.9.0-lp150.2.6.1python3-Twisted-debuginfo-17.9.0-lp150.2.6.1
i586python2-Twisted-debuginfo-17.9.0-lp150.2.6.1python-Twisted-debuginfo-17.9.0-lp150.2.6.1python3-Twisted-17.9.0-lp150.2.6.1python-Twisted-debugsource-17.9.0-lp150.2.6.1python2-Twisted-17.9.0-lp150.2.6.1python-Twisted-doc-17.9.0-lp150.2.6.1python3-Twisted-debuginfo-17.9.0-lp150.2.6.1
SuSE Linux 15.1x86_64python-Twisted-doc-17.9.0-lp151.3.6.1python3-Twisted-17.9.0-lp151.3.6.1python2-Twisted-17.9.0-lp151.3.6.1python3-Twisted-debuginfo-17.9.0-lp151.3.6.1python-Twisted-debuginfo-17.9.0-lp151.3.6.1python2-Twisted-debuginfo-17.9.0-lp151.3.6.1python-Twisted-debugsource-17.9.0-lp151.3.6.1
i586python-Twisted-doc-17.9.0-lp151.3.6.1python3-Twisted-17.9.0-lp151.3.6.1python2-Twisted-17.9.0-lp151.3.6.1python3-Twisted-debuginfo-17.9.0-lp151.3.6.1python-Twisted-debuginfo-17.9.0-lp151.3.6.1python2-Twisted-debuginfo-17.9.0-lp151.3.6.1python-Twisted-debugsource-17.9.0-lp151.3.6.1
148311 - SuSE SLES 12 SP4 SUSE-SU-2019:2329-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098, CVE-2019-9517
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2019:2329-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2019-September/005889.html
SuSE SLES 12 SP4noarchapache2-doc-2.4.23-29.43.1
x86_64apache2-worker-2.4.23-29.43.1
apache2-utils-2.4.23-29.43.1apache2-prefork-2.4.23-29.43.1apache2-debugsource-2.4.23-29.43.1apache2-2.4.23-29.43.1apache2-example-pages-2.4.23-29.43.1apache2-utils-debuginfo-2.4.23-29.43.1apache2-prefork-debuginfo-2.4.23-29.43.1apache2-worker-debuginfo-2.4.23-29.43.1apache2-debuginfo-2.4.23-29.43.1
148312 - SuSE Linux 15.0, 15.1 openSUSE-SU-2019:2070-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-12217, CVE-2019-12218, CVE-2019-12220, CVE-2019-12221, CVE-2019-12222, CVE-2019-13616, CVE-2019-5051, CVE-2019-5052, CVE-2019-5057, CVE-2019-5058, CVE-2019-5059, CVE-2019-5060
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2070-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00027.html
SuSE Linux 15.0x86_64libSDL2_image-2_0-0-32bit-debuginfo-2.0.5-lp150.9.1libSDL2_image-2_0-0-2.0.5-lp150.9.1libSDL2_image-2_0-0-debuginfo-2.0.5-lp150.9.1libSDL2_image-2_0-0-32bit-2.0.5-lp150.9.1libSDL2_image-devel-2.0.5-lp150.9.1SDL2_image-debugsource-2.0.5-lp150.9.1libSDL2_image-devel-32bit-2.0.5-lp150.9.1
i586libSDL2_image-2_0-0-debuginfo-2.0.5-lp150.9.1SDL2_image-debugsource-2.0.5-lp150.9.1libSDL2_image-devel-2.0.5-lp150.9.1libSDL2_image-2_0-0-2.0.5-lp150.9.1
SuSE Linux 15.1x86_64libSDL2_image-2_0-0-2.0.5-lp151.2.5.1libSDL2_image-2_0-0-32bit-debuginfo-2.0.5-lp151.2.5.1libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1SDL2_image-debugsource-2.0.5-lp151.2.5.1libSDL2_image-devel-2.0.5-lp151.2.5.1libSDL2_image-2_0-0-debuginfo-2.0.5-lp151.2.5.1
i586libSDL2_image-2_0-0-2.0.5-lp151.2.5.1libSDL2_image-2_0-0-debuginfo-2.0.5-lp151.2.5.1libSDL2_image-devel-2.0.5-lp151.2.5.1SDL2_image-debugsource-2.0.5-lp151.2.5.1
148313 - SuSE Linux 15.0, 15.1 openSUSE-SU-2019:2072-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-14809, CVE-2019-9512, CVE-2019-9514
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2072-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00025.html
SuSE Linux 15.0x86_64go1.11-1.11.13-lp150.18.1go1.11-race-1.11.13-lp150.18.1go1.11-doc-1.11.13-lp150.18.1
SuSE Linux 15.1x86_64go1.11-doc-1.11.13-lp151.2.9.1go1.11-race-1.11.13-lp151.2.9.1go1.11-1.11.13-lp151.2.9.1
163988 - Oracle Enterprise Linux ELSA-2019-2600 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-1125, CVE-2019-9500
DescriptionThe scan detected that the host is missing the following update:ELSA-2019-2600
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2019-September/009115.html
OEL7x86_64kernel-debug-devel-3.10.0-1062.1.1.el7kernel-devel-3.10.0-1062.1.1.el7kernel-3.10.0-1062.1.1.el7perf-3.10.0-1062.1.1.el7kernel-tools-3.10.0-1062.1.1.el7kernel-tools-libs-devel-3.10.0-1062.1.1.el7python-perf-3.10.0-1062.1.1.el7kernel-abi-whitelists-3.10.0-1062.1.1.el7kernel-doc-3.10.0-1062.1.1.el7
bpftool-3.10.0-1062.1.1.el7kernel-tools-libs-3.10.0-1062.1.1.el7kernel-headers-3.10.0-1062.1.1.el7kernel-debug-3.10.0-1062.1.1.el7
163989 - Oracle Enterprise Linux ELSA-2019-4775 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-1125
DescriptionThe scan detected that the host is missing the following update:ELSA-2019-4775
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2019-September/009124.htmlhttp://oss.oracle.com/pipermail/el-errata/2019-September/009123.html
OEL7x86_64kernel-uek-debug-devel-3.8.13-118.38.1.el7uekkernel-uek-3.8.13-118.38.1.el7uekkernel-uek-doc-3.8.13-118.38.1.el7uekdtrace-modules-3.8.13-118.38.1.el7uek-0.4.5-3.el7kernel-uek-devel-3.8.13-118.38.1.el7uekkernel-uek-debug-3.8.13-118.38.1.el7uekkernel-uek-firmware-3.8.13-118.38.1.el7uek
OEL6x86_64kernel-uek-doc-3.8.13-118.38.1.el6uekkernel-uek-devel-3.8.13-118.38.1.el6uekdtrace-modules-3.8.13-118.38.1.el6uek-0.4.5-3.el6kernel-uek-firmware-3.8.13-118.38.1.el6uekkernel-uek-debug-devel-3.8.13-118.38.1.el6uekkernel-uek-3.8.13-118.38.1.el6uekkernel-uek-debug-3.8.13-118.38.1.el6uek
163991 - Oracle Enterprise Linux ELSA-2019-4777 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-1125
DescriptionThe scan detected that the host is missing the following update:ELSA-2019-4777
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2019-September/009131.html
OEL6x86_64kernel-uek-2.6.39-400.314.1.el6uekkernel-uek-devel-2.6.39-400.314.1.el6uekkernel-uek-doc-2.6.39-400.314.1.el6uekkernel-uek-debug-devel-2.6.39-400.314.1.el6uekkernel-uek-debug-2.6.39-400.314.1.el6uekkernel-uek-firmware-2.6.39-400.314.1.el6uek
i386kernel-uek-2.6.39-400.314.1.el6uekkernel-uek-devel-2.6.39-400.314.1.el6uekkernel-uek-doc-2.6.39-400.314.1.el6uekkernel-uek-debug-devel-2.6.39-400.314.1.el6uekkernel-uek-debug-2.6.39-400.314.1.el6uekkernel-uek-firmware-2.6.39-400.314.1.el6uek
163994 - Oracle Enterprise Linux ELSA-2019-2692 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-9511, CVE-2019-9513
DescriptionThe scan detected that the host is missing the following update:ELSA-2019-2692
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2019-September/009136.html
OEL8x86_64libnghttp2-1.33.0-1.el8_0.1nghttp2-1.33.0-1.el8_0.1libnghttp2-devel-1.33.0-1.el8_0.1
163995 - Oracle Enterprise Linux ELSA-2019-2591 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817
DescriptionThe scan detected that the host is missing the following update:ELSA-2019-2591
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2019-September/009130.html
OEL8x86_64ghostscript-9.25-2.el8_0.3ghostscript-tools-printing-9.25-2.el8_0.3libgs-9.25-2.el8_0.3libgs-devel-9.25-2.el8_0.3ghostscript-doc-9.25-2.el8_0.3ghostscript-tools-fonts-9.25-2.el8_0.3ghostscript-tools-dvipdf-9.25-2.el8_0.3ghostscript-x11-9.25-2.el8_0.3
178778 - Gentoo Linux GLSA-201909-06 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: HighCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:GLSA-201909-06
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://security.gentoo.org/glsa/201909-06
Affected packages: mail-mta/exim < 4.92.2
183081 - FreeBSD oniguruma Multiple Vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2019-13224, CVE-2019-13225
DescriptionThe scan detected that the host is missing the following update:oniguruma -- multiple vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/a8d87c7a-d1b1-11e9-a616-0992a4564e7c.html
Affected packages: oniguruma < 6.9.3
183084 - FreeBSD xymon-server Multiple Vulnerabilities (10e1d580-d174-11e9-a87f-a4badb2f4699)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2019-13273, CVE-2019-13274, CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13484, CVE-2019-
13485, CVE-2019-13486
DescriptionThe scan detected that the host is missing the following update:xymon-server -- multiple vulnerabilities (10e1d580-d174-11e9-a87f-a4badb2f4699)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/10e1d580-d174-11e9-a87f-a4badb2f4699.html
Affected packages: xymon-server < 4.3.29
186907 - Ubuntu Linux 16.04, 18.04 USN-4115-2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2018-19985, CVE-2018-20784, CVE-2019-0136, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-3701, CVE-2019-3819, CVE-2019-3900, CVE-2019-9506
DescriptionThe scan detected that the host is missing the following update:USN-4115-2
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005111.html
Ubuntu 16.04
linux-image-gcp_4.15.0.1042.56linux-image-virtual-hwe-16.04_4.15.0.62.82linux-image-gke_4.15.0.1042.56linux-image-4.15.0-1042-gcp_4.15.0-1042.44linux-image-lowlatency-hwe-16.04_4.15.0.62.82linux-image-4.15.0-1023-oracle_4.15.0-1023.26~16.04.1linux-image-aws-hwe_4.15.0.1048.48linux-image-generic-hwe-16.04_4.15.0.62.82linux-image-4.15.0-62-lowlatency_4.15.0-62.69~16.04.1linux-image-4.15.0-62-generic_4.15.0-62.69~16.04.1linux-image-4.15.0-1048-aws_4.15.0-1048.50~16.04.1linux-image-oem_4.15.0.62.82linux-image-azure_4.15.0.1057.60linux-image-4.15.0-62-generic-lpae_4.15.0-62.69~16.04.1linux-image-generic-lpae-hwe-16.04_4.15.0.62.82linux-image-4.15.0-1057-azure_4.15.0-1057.62linux-image-oracle_4.15.0.1023.17
Ubuntu 18.04
linux-image-powerpc64-smp_4.15.0.62.64
linux-image-gke-4.15_4.15.0.1042.45linux-image-4.15.0-1044-kvm_4.15.0-1044.44linux-image-oracle_4.15.0.1023.26linux-image-4.15.0-1042-gke_4.15.0-1042.44linux-image-aws_4.15.0.1048.47linux-image-4.15.0-62-generic_4.15.0-62.69linux-image-4.15.0-1045-raspi2_4.15.0-1045.49linux-image-lowlatency_4.15.0.62.64linux-image-powerpc64-emb_4.15.0.62.64linux-image-gke_4.15.0.1042.45linux-image-virtual_4.15.0.62.64linux-image-4.15.0-1023-oracle_4.15.0-1023.26linux-image-generic_4.15.0.62.64linux-image-generic-lpae_4.15.0.62.64linux-image-4.15.0-62-lowlatency_4.15.0-62.69linux-image-4.15.0-62-generic-lpae_4.15.0-62.69linux-image-powerpc-e500mc_4.15.0.62.64linux-image-4.15.0-1048-aws_4.15.0-1048.50linux-image-powerpc-smp_4.15.0.62.64linux-image-raspi2_4.15.0.1045.43linux-image-kvm_4.15.0.1044.44
195507 - Fedora Linux 29 FEDORA-2019-59d60bd1fa Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2019-10691, CVE-2019-11500, CVE-2019-7524
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-59d60bd1fa
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 29
dovecot-2.3.7.2-1.fc29
195512 - Fedora Linux 30 FEDORA-2019-55d101a740 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2019-14809, CVE-2019-9512, CVE-2019-9514
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-55d101a740
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=3
Fedora Core 30
golang-1.12.9-1.fc30
195513 - Fedora Linux 29 FEDORA-2019-6fa01d12b4 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-11797, CVE-2018-8036, CVE-2019-0228
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-6fa01d12b4
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 29
pdfbox-2.0.16-1.fc29
195521 - Fedora Linux 30 FEDORA-2019-96fe76e02b Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2019-13207
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-96fe76e02b
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 30
nsd-4.2.2-1.fc30
195523 - Fedora Linux 29 FEDORA-2019-65db7ad6c7 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-16873, CVE-2018-16874, CVE-2018-16875, CVE-2019-14809, CVE-2019-6486, CVE-2019-9512, CVE-2019-9514,CVE-2019-9741
Description
The scan detected that the host is missing the following update:FEDORA-2019-65db7ad6c7
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 29
golang-1.11.13-1.fc29
195524 - Fedora Linux 29 FEDORA-2019-a457303ffc Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-20174, CVE-2018-20175, CVE-2018-20176, CVE-2018-20177, CVE-2018-20178, CVE-2018-20179, CVE-2018-20180, CVE-2018-20181, CVE-2018-20182, CVE-2018-8791, CVE-2018-8792, CVE-2018-8793, CVE-2018-8794, CVE-2018-8795,CVE-2018-8796, CVE-2018-8797, CVE-2018-8798, CVE-2018-8799, CVE-2018-8800
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-a457303ffc
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 29
rdesktop-1.8.6-1.fc29
195531 - Fedora Linux 30 FEDORA-2019-9e91afa2be Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-11797, CVE-2018-8036, CVE-2019-0228
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-9e91afa2be
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 30
pdfbox-2.0.16-1.fc30
196476 - Red Hat Enterprise Linux RHSA-2019-2682 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-9512, CVE-2019-9514
DescriptionThe scan detected that the host is missing the following update:RHSA-2019-2682
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2019-September/msg00021.html
RHEL7Snoarchgo-toolset-1.11-golang-docs-1.11.13-2.el7
RHEL7WSx86_64go-toolset-1.11-1.11.13-1.el7go-toolset-1.11-golang-src-1.11.13-2.el7go-toolset-1.11-scldevel-1.11.13-1.el7go-toolset-1.11-golang-race-1.11.13-2.el7go-toolset-1.11-build-1.11.13-1.el7go-toolset-1.11-golang-misc-1.11.13-2.el7go-toolset-1.11-runtime-1.11.13-1.el7go-toolset-1.11-golang-bin-1.11.13-2.el7go-toolset-1.11-golang-tests-1.11.13-2.el7go-toolset-1.11-golang-1.11.13-2.el7
noarchgo-toolset-1.11-golang-docs-1.11.13-2.el7
196479 - Red Hat Enterprise Linux RHSA-2019-2670 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-5869
DescriptionThe scan detected that the host is missing the following update:RHSA-2019-2670
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2019-September/msg00020.html
RHEL6Di386chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10
i686chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10
x86_64chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10
RHEL6Si386chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10
i686chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10
x86_64chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10
RHEL6WSi386chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10
i686chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10
x86_64chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10
25643 - (MSPT-Sep2019) Microsoft SharePoint Spoofing Vulnerability (CVE-2019-1259)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1259
DescriptionA vulnerability in some versions of Microsoft SharePoint could lead to spoofing.
ObservationA vulnerability in some versions of Microsoft SharePoint could lead to spoofing.
The flaw is due to Improper Handling of Requests To Authorize Applications. Successful exploitation by a remote attacker could result in spoofing The exploit requires the user to open a vulnerable website, email or document.
148310 - SuSE Linux 15.0, 15.1 openSUSE-SU-2019:2071-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2019-13616, CVE-2019-5052, CVE-2019-5057, CVE-2019-5058, CVE-2019-5059, CVE-2019-5060, CVE-2019-7635
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2071-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00031.html
SuSE Linux 15.0x86_64libSDL_image-1_2-0-32bit-1.2.12+hg695-lp150.2.3.1libSDL_image-devel-32bit-1.2.12+hg695-lp150.2.3.1SDL_image-debugsource-1.2.12+hg695-lp150.2.3.1libSDL_image-1_2-0-32bit-debuginfo-1.2.12+hg695-lp150.2.3.1libSDL_image-1_2-0-1.2.12+hg695-lp150.2.3.1libSDL_image-devel-1.2.12+hg695-lp150.2.3.1libSDL_image-1_2-0-debuginfo-1.2.12+hg695-lp150.2.3.1
i586libSDL_image-devel-1.2.12+hg695-lp150.2.3.1SDL_image-debugsource-1.2.12+hg695-lp150.2.3.1libSDL_image-1_2-0-debuginfo-1.2.12+hg695-lp150.2.3.1libSDL_image-1_2-0-1.2.12+hg695-lp150.2.3.1
SuSE Linux 15.1x86_64libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1libSDL_image-1_2-0-debuginfo-1.2.12+hg695-lp151.3.3.1libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1SDL_image-debugsource-1.2.12+hg695-lp151.3.3.1libSDL_image-devel-1.2.12+hg695-lp151.3.3.1libSDL_image-1_2-0-32bit-debuginfo-1.2.12+hg695-lp151.3.3.1libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1
i586libSDL_image-1_2-0-debuginfo-1.2.12+hg695-lp151.3.3.1libSDL_image-devel-1.2.12+hg695-lp151.3.3.1SDL_image-debugsource-1.2.12+hg695-lp151.3.3.1libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1
186898 - Ubuntu Linux 12.04, 14.04 USN-4127-2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2018-20406, CVE-2018-20852, CVE-2019-10160, CVE-2019-5010, CVE-2019-9636, CVE-2019-9740, CVE-2019-9947,CVE-2019-9948
DescriptionThe scan detected that the host is missing the following update:USN-4127-2
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005108.html
Ubuntu 12.04
python2.7-minimal_2.7.3-0ubuntu3.14python2.7_2.7.3-0ubuntu3.14
Ubuntu 14.04
python2.7-minimal_2.7.6-8ubuntu0.6+esm2python3.4_3.4.3-1ubuntu1~14.04.7+esm2python3.4-minimal_3.4.3-1ubuntu1~14.04.7+esm2python2.7_2.7.6-8ubuntu0.6+esm2
186899 - Ubuntu Linux 18.04, 19.04 USN-4123-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2019-13173
DescriptionThe scan detected that the host is missing the following update:USN-4123-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005101.html
Ubuntu 19.04
node-fstream_1.0.10-1ubuntu0.19.04.2
Ubuntu 18.04
node-fstream_1.0.10-1ubuntu0.18.04.1
186906 - Ubuntu Linux 16.04, 18.04, 19.04 USN-4127-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2018-20406, CVE-2018-20852, CVE-2019-10160, CVE-2019-5010, CVE-2019-9636, CVE-2019-9740, CVE-2019-9947,CVE-2019-9948
DescriptionThe scan detected that the host is missing the following update:USN-4127-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005105.html
Ubuntu 16.04
python3.5-minimal_3.5.2-2ubuntu0~16.04.8python3.5_3.5.2-2ubuntu0~16.04.8python2.7_2.7.12-1ubuntu0~16.04.8python2.7-minimal_2.7.12-1ubuntu0~16.04.8
Ubuntu 19.04
python3.7-minimal_3.7.3-2ubuntu0.1python2.7-minimal_2.7.16-2ubuntu0.1python2.7_2.7.16-2ubuntu0.1python3.7_3.7.3-2ubuntu0.1
Ubuntu 18.04
python3.6-minimal_3.6.8-1~18.04.2python3.6_3.6.8-1~18.04.2python2.7-minimal_2.7.15-4ubuntu4~18.04.1python2.7_2.7.15-4ubuntu4~18.04.1
195509 - Fedora Linux 29 FEDORA-2019-e08f78d4a6 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-13616, CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577,CVE-2019-7578, CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-e08f78d4a6
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 29
SDL-1.2.15-40.fc29
195510 - Fedora Linux 30 FEDORA-2019-644ef7ebec Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-7999
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-644ef7ebec
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=3
Fedora Core 30
graphite2-1.3.13-1.fc30
195517 - Fedora Linux 29 FEDORA-2019-80e5e20cf8 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-14267, CVE-2019-14934
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-80e5e20cf8
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 29
pdfresurrect-0.18-1.fc29
195520 - Fedora Linux 29 FEDORA-2019-d0b1feb995 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-7999
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-d0b1feb995
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 29
graphite2-1.3.13-1.fc29
195522 - Fedora Linux 30 FEDORA-2019-e01bc28777 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-14267, CVE-2019-14934
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-e01bc28777
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 30
pdfresurrect-0.18-1.fc30
195534 - Fedora Linux 30 FEDORA-2019-446ca9f695 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-13616, CVE-2019-7637
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-446ca9f695
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 30
SDL-1.2.15-41.fc30
25571 - (MSPT-Sep2019) Microsoft DirectWrite Improperly Discloses the Contents of Its Memory Information Disclosure(CVE-2019-1244)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1244
DescriptionA vulnerability in some versions of Microsoft DirectWrite could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft DirectWrite could lead to information disclosure.
The flaw lies in the Improperly Discloses the Contents of Its Memory component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
25572 - (MSPT-Sep2019) Microsoft DirectWrite Improperly Discloses the Contents of Its Memory Information Disclosure(CVE-2019-1245)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1245
DescriptionA vulnerability in some versions of Microsoft DirectWrite could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft DirectWrite could lead to information disclosure.
The flaw lies in the Improperly Discloses the Contents of Its Memory component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
25573 - (MSPT-Sep2019) Microsoft DirectWrite Improperly Handles Objects in Memory Information Disclosure (CVE-2019-1251)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1251
DescriptionA vulnerability in some versions of Microsoft DirectWrite could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft DirectWrite could lead to information disclosure.
The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
25574 - (MSPT-Sep2019) Microsoft Windows Win32k Privilege Escalation (CVE-2019-1256)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1256
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Win32k component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25575 - (MSPT-Sep2019) Microsoft Windows Win32k Privilege Escalation (CVE-2019-1285)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1285
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Win32k component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25576 - (MSPT-Sep2019) Microsoft Windows ALPC Privilege Escalation (CVE-2019-1269)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1269
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the ALPC component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25577 - (MSPT-Sep2019) Microsoft Windows ALPC Privilege Escalation (CVE-2019-1272)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1272
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the ALPC component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25578 - (MSPT-Sep2019) Microsoft Windows AppX Deployment Server Privilege Escalation (CVE-2019-1253)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1253
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the AppX Deployment Server component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25579 - (MSPT-Sep2019) Microsoft Windows AppX Deployment Server Privilege Escalation (CVE-2019-1303)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1303
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the AppX Deployment Server component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25580 - (MSPT-Sep2019) Microsoft Windows GDI Information Disclosure (CVE-2019-1252)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1252
DescriptionA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the GDI component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
25581 - (MSPT-Sep2019) Microsoft Windows GDI Information Disclosure (CVE-2019-1286)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1286
DescriptionA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the GDI component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
25584 - (MSPT-Sep2019) Microsoft Windows Secure Boot Security Bypass (CVE-2019-1294)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)
Risk Level: MediumCVE: CVE-2019-1294
DescriptionA vulnerability in some versions of Microsoft Windows could lead to security bypass.
ObservationA vulnerability in some versions of Microsoft Windows could lead to security bypass.
The flaw lies in the Secure Boot component. Successful exploitation by a remote attacker could result in the bypass of intended access restrictions. The exploit requires the attacker to have valid credentials to the vulnerable system.
25585 - (MSPT-Sep2019) Microsoft Windows Store Installer Privilege Escalation (CVE-2019-1270)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1270
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Store Installer component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25586 - (MSPT-Sep2019) Microsoft Windows IME Privilege Escalation (CVE-2019-1235)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1235
DescriptionA vulnerability in some versions of Microsoft IME could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft IME could lead to privilege escalation.
The flaw lies in the IME component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25587 - (MSPT-Sep2019) Microsoft Windows Update Delivery Optimization Privilege Escalation (CVE-2019-1289)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1289
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Update Delivery Optimization component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25589 - (MSPT-Sep2019) Microsoft Winlogon Improperly Handle File Privilege Escalation (CVE-2019-1268)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1268
DescriptionA vulnerability in some versions of Microsoft Winlogon could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Winlogon could lead to privilege escalation.
The flaw lies due to improperly handle file. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25590 - (MSPT-Sep2019) Microsoft ws2ifsl.sys Improperly Handles Objects in Memory Privilege Escalation (CVE-2019-1215)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1215
DescriptionA vulnerability in some versions of Microsoft ws2ifsl.sys could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft ws2ifsl.sys could lead to privilege escalation.
The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25592 - (MSPT-Sep2019) Microsoft Exchange Server Outlook Web Access Spoofing (CVE-2019-1266)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1266
DescriptionA vulnerability in some versions of Microsoft Exchange Server could lead to spoofing.
ObservationA vulnerability in some versions of Microsoft Exchange Server could lead to spoofing.
The flaw lies in the Outlook Web Access component. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the user to open a vulnerable website, email or document.
25593 - (MSPT-Sep2019) Microsoft Windows Lync 2013 Information Disclosure (CVE-2019-1209)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1209
DescriptionA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Lync 2013 component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
25607 - (MSPT-Sep2019) Microsoft Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability (CVE-2019-1232)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1232
DescriptionA vulnerability in some versions of Microsoft Diagnostics Hub Standard Collector Service could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Diagnostics Hub Standard Collector Service could lead to privilege escalation.
The flaw lies in the Improperly Impersonates File Operations. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25608 - (MSPT-Sep2019) Microsoft Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability (CVE-2019-1267)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1267
DescriptionA vulnerability in some versions of Microsoft Compatibility Appraiser could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Compatibility Appraiser could lead to privilege escalation.
The flaw lies in the Symbolic Hardlink Attack component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25609 - (MSPT-Sep2019) Microsoft Windows Media Elevation of Privilege Vulnerability (CVE-2019-1271)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1271
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the hdAudio.sys component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25610 - (MSPT-Sep2019) Microsoft Active Directory Federation Services XSS Vulnerability (CVE-2019-1273)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1273
DescriptionA vulnerability in some versions of Microsoft ADFS could lead to XSS.
ObservationA vulnerability in some versions of Microsoft ADFS could lead to XSS.
The flaw lies due to improperly sanitize error messages. Successful exploitation by a remote attacker could result in XSS attacks. The exploit requires the attacker to have valid credentials to the vulnerable system.
25611 - (MSPT-Sep2019) Microsoft Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1277)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1277
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Audio Service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25613 - (MSPT-Sep2019) Microsoft Graphics Components Information Disclosure Vulnerability (CVE-2019-1283)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1283
DescriptionA vulnerability in some versions of Microsoft Graphics Components could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft Graphics Components could lead to information disclosure.
The flaw lies due to improper handling of objects in memory. Successful exploitation by an attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
25614 - (MSPT-Sep2019) Microsoft Windows Network Connectivity Assistant Privilege Escalation (CVE-2019-1287)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1287
DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.
The flaw lies in the Network Connectivity Assistant component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25616 - (MSPT-Sep2019) Microsoft .NET Framework CLR Privilege Escalation (CVE-2019-1142)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1142
DescriptionA vulnerability in some versions of Microsoft .NET Framework could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft .NET Framework could lead to privilege escalation.
The flaw lies in the CLR component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25617 - (MSPT-Sep2019) Microsoft CLFS Improperly Handles Objects in Memory Privilege Escalation (CVE-2019-1214)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1214
DescriptionA vulnerability in some versions of Microsoft CLFS could lead to privilege escalation.
Observation
A vulnerability in some versions of Microsoft CLFS could lead to privilege escalation.
The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25618 - (MSPT-Sep2019) Microsoft CLFS Improperly Handles Objects in Memory Improperly Handles Objects in MemoryInformation Disclosure (
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1219
DescriptionA vulnerability in some versions of Microsoft CLFS could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft CLFS could lead to information disclosure.
The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
25619 - (MSPT-Sep2019) Microsoft Windows CLFS Security Bypass (CVE-2019-1282)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1282
DescriptionA vulnerability in some versions of Microsoft Windows could lead to security bypass.
ObservationA vulnerability in some versions of Microsoft Windows could lead to security bypass.
The flaw lies in the CLFS component. Successful exploitation by a remote attacker could result in the bypass of intended access restrictions. The exploit requires the attacker to have valid credentials to the vulnerable system.
25620 - (MSPT-Sep2019) Microsoft DirectX Improperly Handles Objects in Memory Information Disclosure (CVE-2019-1216)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1216
DescriptionA vulnerability in some versions of Microsoft DirectX could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft DirectX could lead to information disclosure.
The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
25621 - (MSPT-Sep2019) Microsoft DirectX Improperly Handle Objects in Memory Privilege Escalation (CVE-2019-1284)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1284
DescriptionA vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.
The flaw lies due to improperly handle objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.
25622 - (MSPT-Sep2019) Microsoft Windows Kernel Information Disclosure (CVE-2019-1274)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1274
DescriptionA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Kernel component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
25623 - (MSPT-Sep2019) Microsoft Windows Kernel Information Disclosure (CVE-2019-1293)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1293
DescriptionA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Kernel component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
25633 - (MSPT-Sep2019) Microsoft ChakraCore Improperly Handle Objects in Memory Information Disclosure (CVE-2019-1299)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)
Risk Level: MediumCVE: CVE-2019-1299
DescriptionA vulnerability in some versions of Microsoft ChakraCore could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft ChakraCore could lead to information disclosure.
The flaw lies due to improperly handle objects in memory. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
25636 - (MSPT-Sep2019) Microsoft Windows Hyper-V Information Disclosure (CVE-2019-1254)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1254
DescriptionA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft Windows could lead to information disclosure.
The flaw lies in the Hyper-V component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.
25639 - (MSPT-Sep2019) Microsoft Excel Improperly Handle Objects in Memory Information Disclosure (CVE-2019-1263)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1263
DescriptionA vulnerability in some versions of Microsoft Excel could lead to information disclosure.
ObservationA vulnerability in some versions of Microsoft Excel could lead to information disclosure.
The flaw lies due to improperly handle objects in memory. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.
25640 - (MSPT-Sep2019) Microsoft Office Improperly Handles Input Security Bypass (CVE-2019-1264)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1264
DescriptionA vulnerability in some versions of Microsoft Office could lead to security bypass.
ObservationA vulnerability in some versions of Microsoft Office could lead to security bypass.
The flaw lies due to improperly handles input. Successful exploitation by a remote attacker could result in the bypass of intended access restrictions. The exploit requires the user to open a vulnerable website, email or document.
25644 - (MSPT-Sep2019) Microsoft SharePoint Privilege Escalation (CVE-2019-1260)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1260
DescriptionA vulnerability in some versions of Microsoft SharePoint could lead to privilege escalation.
ObservationA vulnerability in some versions of Microsoft SharePoint could lead to privilege escalation.
The flaw lies in the Sanitation of user input. Successful exploitation could allow a user to gain elevated privileges. The exploit requires the user to open a vulnerable website, email or document.
25645 - (MSPT-Sep2019) Microsoft SharePoint Spoofing Vulnerability (CVE-2019-1261)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1261
DescriptionA vulnerability in some versions of Microsoft SharePoint could lead to spoofing.
ObservationA vulnerability in some versions of Microsoft SharePoint could lead to spoofing.
The flaw lies due to improperly handles requests. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the user to open a vulnerable website, email or document.
25646 - (MSPT-Sep2019) Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1262)
Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1262
DescriptionA vulnerability in some versions of Microsoft SharePoint could lead to spoofing.
ObservationA vulnerability in some versions of Microsoft SharePoint could lead to spoofing.
The flaw lies due to improperly sanitize web request. Successful exploitation by a remote attacker could result in spoofing. The exploit
requires the user to open a vulnerable website, email or document.
178775 - Gentoo Linux GLSA-201909-03 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:GLSA-201909-03
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://security.gentoo.org/glsa/201909-03
Affected packages: x11-libs/pango < 1.42.4-r2
178776 - Gentoo Linux GLSA-201909-07 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:GLSA-201909-07
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://security.gentoo.org/glsa/201909-07
Affected packages: media-libs/libsdl2 < 2.0.10
178777 - Gentoo Linux GLSA-201909-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:GLSA-201909-01
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://security.gentoo.org/glsa/201909-01
Affected packages: dev-lang/perl < 5.28.2
178779 - Gentoo Linux GLSA-201909-02 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:GLSA-201909-02
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://security.gentoo.org/glsa/201909-02
Affected packages: media-video/vlc < 3.0.8
178780 - Gentoo Linux GLSA-201909-08 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:GLSA-201909-08
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://security.gentoo.org/glsa/201909-08
Affected packages: sys-apps/dbus < 1.12.16
178781 - Gentoo Linux GLSA-201909-05 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:GLSA-201909-05
Observation
Updates often remediate critical security problems that should be quickly addressed.For more information see:
https://security.gentoo.org/glsa/201909-05
Affected packages: net-libs/webkit-gtk < 2.24.4
178782 - Gentoo Linux GLSA-201909-04 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:GLSA-201909-04
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://security.gentoo.org/glsa/201909-04
Affected packages: www-servers/apache < 2.4.41
186901 - Ubuntu Linux 16.04, 18.04 USN-4128-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2019-0199, CVE-2019-0221, CVE-2019-10072
DescriptionThe scan detected that the host is missing the following update:USN-4128-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005109.html
Ubuntu 16.04
libtomcat8-java_8.0.32-1ubuntu1.10tomcat8_8.0.32-1ubuntu1.10
Ubuntu 18.04
tomcat8_8.5.39-1ubuntu1~18.04.3libtomcat8-java_8.5.39-1ubuntu1~18.04.3
186905 - Ubuntu Linux 16.04, 18.04, 19.04 USN-4125-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2019-15026
DescriptionThe scan detected that the host is missing the following update:USN-4125-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005103.html
Ubuntu 16.04
memcached_1.4.25-2ubuntu1.5
Ubuntu 19.04
memcached_1.5.10-0ubuntu1.19.04.2
Ubuntu 18.04
memcached_1.5.6-0ubuntu1.2
195504 - Fedora Linux 30 FEDORA-2019-0bb6b876da Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-15043
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-0bb6b876da
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 30
grafana-6.3.4-1.fc30
195505 - Fedora Linux 29 FEDORA-2019-d58eb75449 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-16056
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-d58eb75449
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 29
python38-3.8.0~b4-1.fc29
195514 - Fedora Linux 30 FEDORA-2019-4954d8773c Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-16056
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-4954d8773c
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 30
python38-3.8.0~b4-1.fc30
195533 - Fedora Linux 29 FEDORA-2019-77d612eab4 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-15043
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-77d612eab4
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 29
grafana-6.3.4-1.fc29
196478 - Red Hat Enterprise Linux RHSA-2019-2695 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes
Risk Level: MediumCVE: CVE-2019-1125
DescriptionThe scan detected that the host is missing the following update:RHSA-2019-2695
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.redhat.com/archives/rhsa-announce/2019-September/msg00024.html
RHEL6_5Sx86_64kernel-debuginfo-2.6.32-431.96.1.el6perf-2.6.32-431.96.1.el6kernel-debug-debuginfo-2.6.32-431.96.1.el6kernel-debug-devel-2.6.32-431.96.1.el6kernel-devel-2.6.32-431.96.1.el6kernel-debug-2.6.32-431.96.1.el6perf-debuginfo-2.6.32-431.96.1.el6python-perf-2.6.32-431.96.1.el6python-perf-debuginfo-2.6.32-431.96.1.el6kernel-2.6.32-431.96.1.el6kernel-debuginfo-common-x86_64-2.6.32-431.96.1.el6kernel-headers-2.6.32-431.96.1.el6
noarchkernel-abi-whitelists-2.6.32-431.96.1.el6kernel-firmware-2.6.32-431.96.1.el6kernel-doc-2.6.32-431.96.1.el6
148306 - SuSE SLES 12 SP4, SLED 12 SP4 SUSE-SU-2019:2330-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2019-2614, CVE-2019-2627, CVE-2019-2628
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2019:2330-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2019-September/005890.html
SuSE SLED 12 SP4x86_64mariadb-debuginfo-10.2.25-3.19.2mariadb-debugsource-10.2.25-3.19.2libmariadb_plugins-debuginfo-3.1.2-2.6.6mariadb-client-10.2.25-3.19.2libmariadb3-3.1.2-2.6.6mariadb-10.2.25-3.19.2
libmariadb_plugins-3.1.2-2.6.6mariadb-client-debuginfo-10.2.25-3.19.2libmariadb3-debuginfo-3.1.2-2.6.6mariadb-connector-c-debugsource-3.1.2-2.6.6
noarchmariadb-errormessages-10.2.25-3.19.2
SuSE SLES 12 SP4noarchmariadb-errormessages-10.2.25-3.19.2
x86_64mariadb-debuginfo-10.2.25-3.19.2mariadb-debugsource-10.2.25-3.19.2libmariadb_plugins-debuginfo-3.1.2-2.6.6mariadb-client-10.2.25-3.19.2mariadb-tools-debuginfo-10.2.25-3.19.2libmariadb3-3.1.2-2.6.6mariadb-10.2.25-3.19.2libmariadb_plugins-3.1.2-2.6.6mariadb-client-debuginfo-10.2.25-3.19.2libmariadb3-debuginfo-3.1.2-2.6.6mariadb-tools-10.2.25-3.19.2mariadb-connector-c-debugsource-3.1.2-2.6.6
148307 - SuSE Linux 15.0, 15.1 openSUSE-SU-2019:2067-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2019-1010319, CVE-2019-11498
DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2067-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.opensuse.org/opensuse-updates/2019-09/msg00033.html
SuSE Linux 15.0x86_64libwavpack1-32bit-debuginfo-5.1.0-lp150.3.6.1wavpack-debuginfo-5.1.0-lp150.3.6.1wavpack-5.1.0-lp150.3.6.1libwavpack1-32bit-5.1.0-lp150.3.6.1wavpack-debugsource-5.1.0-lp150.3.6.1wavpack-devel-5.1.0-lp150.3.6.1libwavpack1-5.1.0-lp150.3.6.1libwavpack1-debuginfo-5.1.0-lp150.3.6.1
i586wavpack-debuginfo-5.1.0-lp150.3.6.1wavpack-5.1.0-lp150.3.6.1wavpack-debugsource-5.1.0-lp150.3.6.1wavpack-devel-5.1.0-lp150.3.6.1
libwavpack1-5.1.0-lp150.3.6.1libwavpack1-debuginfo-5.1.0-lp150.3.6.1
SuSE Linux 15.1x86_64wavpack-debugsource-5.1.0-lp151.5.3.1wavpack-5.1.0-lp151.5.3.1libwavpack1-32bit-debuginfo-5.1.0-lp151.5.3.1libwavpack1-debuginfo-5.1.0-lp151.5.3.1libwavpack1-5.1.0-lp151.5.3.1libwavpack1-32bit-5.1.0-lp151.5.3.1wavpack-debuginfo-5.1.0-lp151.5.3.1wavpack-devel-5.1.0-lp151.5.3.1
i586wavpack-debugsource-5.1.0-lp151.5.3.1wavpack-5.1.0-lp151.5.3.1libwavpack1-debuginfo-5.1.0-lp151.5.3.1libwavpack1-5.1.0-lp151.5.3.1wavpack-debuginfo-5.1.0-lp151.5.3.1wavpack-devel-5.1.0-lp151.5.3.1
195515 - Fedora Linux 30 FEDORA-2019-24e1d561e5 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-15718, CVE-2019-3843
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-24e1d561e5
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=3
Fedora Core 30
systemd-241-12.git1e19bcd.fc30
195532 - Fedora Linux 29 FEDORA-2019-d9c2f1ec70 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-10740, CVE-2019-15237
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-d9c2f1ec70
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 29
roundcubemail-1.3.10-1.fc29
89039 - Slackware Linux 14.2 SSA:2019-247-01 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:SSA:2019-247-01
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.416944
Slackware 14.2x86_64seamonkey-solibs-2.49.5-x86_64-1seamonkey-2.49.5-x86_64-1
i586seamonkey-2.49.5-i586-1seamonkey-solibs-2.49.5-i586-1
131421 - Debian Linux 10.0 DSA-4515-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683,CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690
DescriptionThe scan detected that the host is missing the following update:DSA-4515-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2019/dsa-4515
Debian 10.0alllibwebkit2gtk-4.0-37-gtk2_2.24.4-1~deb10u1gir1.2-webkit2-4.0_2.24.4-1~deb10u1libjavascriptcoregtk-4.0-bin_2.24.4-1~deb10u1libwebkit2gtk-4.0-dev_2.24.4-1~deb10u1libjavascriptcoregtk-4.0-dev_2.24.4-1~deb10u1
libwebkit2gtk-4.0-doc_2.24.4-1~deb10u1libwebkit2gtk-4.0-37_2.24.4-1~deb10u1gir1.2-javascriptcoregtk-4.0_2.24.4-1~deb10u1libjavascriptcoregtk-4.0-18_2.24.4-1~deb10u1webkit2gtk-driver_2.24.4-1~deb10u1
131423 - Debian Linux 10.0, 9.0 DSA-4516-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812
DescriptionThe scan detected that the host is missing the following update:DSA-4516-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.debian.org/security/2019/dsa-4516
Debian 9.0allfirefox-esr_60.9.0esr-1~deb9u1
Debian 10.0allfirefox-esr_60.9.0esr-1~deb10u1
163990 - Oracle Enterprise Linux ELSA-2019-2607 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: LowCVE: CVE-2019-12155, CVE-2019-14378
DescriptionThe scan detected that the host is missing the following update:ELSA-2019-2607
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://oss.oracle.com/pipermail/el-errata/2019-September/009116.html
OEL7x86_64qemu-kvm-1.5.3-167.el7_7.1qemu-kvm-tools-1.5.3-167.el7_7.1qemu-img-1.5.3-167.el7_7.1qemu-kvm-common-1.5.3-167.el7_7.1
183082 - FreeBSD Flash Player Multiple Vulnerabilities (c6f19fe6-d42a-11e9-b4f9-6451062f0f7a)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2019-8069, CVE-2019-8070
DescriptionThe scan detected that the host is missing the following update:Flash Player -- multiple vulnerabilities (c6f19fe6-d42a-11e9-b4f9-6451062f0f7a)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/c6f19fe6-d42a-11e9-b4f9-6451062f0f7a.html
Affected packages: linux-flashplayer < 32.0.0.255
183083 - FreeBSD Exim RCE With Root Privileges In TLS SNI Handler (61db9b88-d091-11e9-8d41-97657151f8c2)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:Exim -- RCE with root privileges in TLS SNI handler (61db9b88-d091-11e9-8d41-97657151f8c2)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/61db9b88-d091-11e9-8d41-97657151f8c2.html
Affected packages: exim < 4.92.2
183085 - FreeBSD wordpress Multiple Issues (8a9f86de-d080-11e9-9051-4c72b94353b5)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:wordpress -- multiple issues (8a9f86de-d080-11e9-9051-4c72b94353b5)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/8a9f86de-d080-11e9-9051-4c72b94353b5.html
Affected packages: wordpress < 5.2.3,1
fr-wordpress < 5.2.3,1de-wordpress < 5.2.3zh_CN-wordpress < 5.2.3zh_TW-wordpress < 5.2.3ja-wordpress < 5.2.3ru-wordpress < 5.2.3
183086 - FreeBSD asterisk Crash When Negotiating For T.38 With A Declined Stream (d94c08d2-d079-11e9-8f1a-001999f8d30b)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2019-15297
DescriptionThe scan detected that the host is missing the following update:asterisk -- Crash when negotiating for T.38 with a declined stream (d94c08d2-d079-11e9-8f1a-001999f8d30b)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/d94c08d2-d079-11e9-8f1a-001999f8d30b.html
Affected packages: asterisk15 < 15.7.4asterisk16 < 16.5.1
183087 - FreeBSD asterisk Remote Crash Vulnerability In Audio Transcoding (7d53d8da-d07a-11e9-8f1a-001999f8d30b)
Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2019-15639
DescriptionThe scan detected that the host is missing the following update:asterisk -- Remote Crash Vulnerability in audio transcoding (7d53d8da-d07a-11e9-8f1a-001999f8d30b)
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://www.vuxml.org/freebsd/7d53d8da-d07a-11e9-8f1a-001999f8d30b.html
Affected packages: asterisk13 < 13.28.1asterisk16 < 16.5.1
186897 - Ubuntu Linux 16.04, 18.04, 19.04 USN-4122-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11741, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11747, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752, CVE-2019-5849, CVE-2019-9812
DescriptionThe scan detected that the host is missing the following update:USN-4122-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005100.html
Ubuntu 16.04
firefox_69.0+build2-0ubuntu0.16.04.4
Ubuntu 19.04
firefox_69.0+build2-0ubuntu0.19.04.1
Ubuntu 18.04
firefox_69.0+build2-0ubuntu0.18.04.1
186900 - Ubuntu Linux 16.04 USN-4126-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2015-9383
DescriptionThe scan detected that the host is missing the following update:USN-4126-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005104.html
Ubuntu 16.04
libfreetype6_2.6.1-0.1ubuntu2.4
186902 - Ubuntu Linux 12.04, 14.04 USN-4126-2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2015-9381, CVE-2015-9382, CVE-2015-9383
DescriptionThe scan detected that the host is missing the following update:USN-4126-2
ObservationUpdates often remediate critical security problems that should be quickly addressed.
For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005107.html
Ubuntu 12.04
libfreetype6_2.4.8-1ubuntu2.7
Ubuntu 14.04
libfreetype6_2.5.2-1ubuntu2.8+esm1
186904 - Ubuntu Linux 18.04, 19.04 USN-4120-2 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:USN-4120-2
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005110.html
Ubuntu 19.04
systemd_240-6ubuntu5.7
Ubuntu 18.04
systemd_237-3ubuntu10.29
195506 - Fedora Linux 29 FEDORA-2019-5e4316109b Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-5e4316109b
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 29
qt5-qtwebengine-5.12.4-5.fc29
195508 - Fedora Linux 30 FEDORA-2019-5d2420030c Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2019-5847, CVE-2019-5848, CVE-2019-5850, CVE-2019-5851, CVE-2019-5852, CVE-2019-5853, CVE-2019-5854, CVE-2019-5855, CVE-2019-5856, CVE-2019-5857, CVE-2019-5858, CVE-2019-5859, CVE-2019-5860, CVE-2019-5861, CVE-2019-5862,CVE-2019-5864, CVE-2019-5865
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-5d2420030c
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1
Fedora Core 30
chromium-76.0.3809.132-2.fc30
195511 - Fedora Linux 29 FEDORA-2019-e31c2f7d87 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-e31c2f7d87
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 29
seamonkey-2.49.5-1.fc29
195519 - Fedora Linux 30 FEDORA-2019-baff775841 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-baff775841
ObservationUpdates often remediate critical security problems that should be quickly addressed.
For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 30
rdesktop-1.8.6-1.fc30
195526 - Fedora Linux 30 FEDORA-2019-7f7489dc8c Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-7f7489dc8c
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=3
Fedora Core 30
seamonkey-2.49.5-1.fc30
195527 - Fedora Linux 30 FEDORA-2019-0811a88d77 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2019-6472, CVE-2019-6473, CVE-2019-6474
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-0811a88d77
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 30
kea-1.5.0-9.fc30
195528 - Fedora Linux 30 FEDORA-2019-1f05925d82 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-1f05925d82
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2
Fedora Core 30
libgcrypt-1.8.5-1.fc30
148308 - SuSE SLES 12 SP4, 12 SP5 SUSE-SU-2019:2336-1 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: LowCVE: CVE-2019-11771, CVE-2019-11775, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2816, CVE-2019-4473,CVE-2019-7317
DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2019:2336-1
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
http://lists.suse.com/pipermail/sle-security-updates/2019-September/005896.html
SuSE SLES 12 SP4x86_64java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-1.7.1_sr4.50-38.41.1
SuSE SLES 12 SP5x86_64java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-1.7.1_sr4.50-38.41.1
195516 - Fedora Linux 31 FEDORA-2019-d5bd5f0aa4 Update Is Not Installed
Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2019-15718
DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-d5bd5f0aa4
ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:
https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=3
Fedora Core 31
systemd-243-1.fc31
HOW TO UPDATE
FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we stronglyurge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download anycritical updates but will wait for your explicit authorization before installing.
FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting"FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerabilityscripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability categoryand checking the "Run New Checks" checkbox.
MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts willbe automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.
MCAFEE TECHNICAL SUPPORT
ServicePortal: https://mysupport.mcafee.comMulti-National Phone Support available here:
http://www.mcafee.com/us/about/contact/index.htmlNon-US customers - Select your country from the list of Worldwide Offices.
This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution byothers is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.
Copyright 2019 McAfee, Inc.McAfee is a registered trademark of McAfee, Inc. and/or its affiliates