MCAFEE FOUNDSTONE FSL UPDATE 2019-SEP-11...Code Execution (CVE-201 Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2019-1306

2019-SEP-11FSL version 7.6.128

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is adetailed summary of the new and updated checks included with this release.

NEW CHECKS

131424 - Debian Linux 10.0, 9.0 DSA-4517-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846

DescriptionThe scan detected that the host is missing the following update:DSA-4517-1

ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

http://www.debian.org/security/2019/dsa-4517

Debian 9.0allexim4_4.89-2+deb9u6

Debian 10.0allexim4_4.92-8+deb10u2

148299 - SuSE Linux 15.0, 15.1 openSUSE-SU-2019:2093-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846

DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2019:2093-1


https://lists.opensuse.org/opensuse-updates/2019-09/msg00051.html

SuSE Linux 15.0x86_64exim-4.88-lp150.3.9.1eximstats-html-4.88-lp150.3.9.1

exim-debugsource-4.88-lp150.3.9.1eximon-debuginfo-4.88-lp150.3.9.1exim-debuginfo-4.88-lp150.3.9.1eximon-4.88-lp150.3.9.1

SuSE Linux 15.1x86_64exim-4.88-lp151.4.9.1eximstats-html-4.88-lp151.4.9.1eximon-debuginfo-4.88-lp151.4.9.1eximon-4.88-lp151.4.9.1exim-debugsource-4.88-lp151.4.9.1exim-debuginfo-4.88-lp151.4.9.1

171139 - Amazon Linux AMI ALAS-2019-1277 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Amazon Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846

DescriptionThe scan detected that the host is missing the following update:ALAS-2019-1277


https://alas.aws.amazon.com/ALAS-2019-1277.html

Amazon Linux AMIx86_64exim-greylist-4.92-1.24.amzn1exim-pgsql-4.92-1.24.amzn1exim-mysql-4.92-1.24.amzn1exim-mon-4.92-1.24.amzn1exim-debuginfo-4.92-1.24.amzn1exim-4.92-1.24.amzn1

i686exim-greylist-4.92-1.24.amzn1exim-pgsql-4.92-1.24.amzn1exim-mysql-4.92-1.24.amzn1exim-mon-4.92-1.24.amzn1exim-debuginfo-4.92-1.24.amzn1exim-4.92-1.24.amzn1

186903 - Ubuntu Linux 16.04, 18.04, 19.04 USN-4124-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846

DescriptionThe scan detected that the host is missing the following update:USN-4124-1


https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005102.html

Ubuntu 16.04

exim4-daemon-light_4.86.2-2ubuntu2.5exim4-daemon-heavy_4.86.2-2ubuntu2.5

Ubuntu 19.04

exim4-daemon-heavy_4.92-4ubuntu1.3exim4-daemon-light_4.92-4ubuntu1.3

Ubuntu 18.04

exim4-daemon-light_4.90.1-1ubuntu1.4exim4-daemon-heavy_4.90.1-1ubuntu1.4

195525 - Fedora Linux 29 FEDORA-2019-ae361e20c2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2019-15846

DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-ae361e20c2


https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=1

Fedora Core 29

exim-4.92.2-1.fc29

195530 - Fedora Linux 30 FEDORA-2019-467fcbb10a Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-467fcbb10a



Fedora Core 30

exim-4.92.2-1.fc30

25653 - (APSB19-46) Vulnerability In Adobe Flash Player

Category: Windows Host Assessment -> Adobe Patches Only (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-8069, CVE-2019-8070

DescriptionMultiple vulnerabilities in some versions of Adobe Flash Player could lead to remote code execution.

ObservationMultiple vulnerabilities in some versions of Adobe Flash Player could lead to remote code execution.

The flaws lie in several components. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

163992 - Oracle Enterprise Linux ELSA-2019-2694 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-11733, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812

DescriptionThe scan detected that the host is missing the following update:ELSA-2019-2694


http://oss.oracle.com/pipermail/el-errata/2019-September/009134.html

OEL6x86_64firefox-60.9.0-1.0.1.el6_10

i386firefox-60.9.0-1.0.1.el6_10


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-11735, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11747, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752, CVE-2019-9812

Description

The scan detected that the host is missing the following update:ELSA-2019-2663



OEL8x86_64firefox-68.1.0-1.0.1.el8_0

195518 - Fedora Linux 29 FEDORA-2019-c1dac1b3b8 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-c1dac1b3b8



Fedora Core 29

lxcfs-3.0.4-1.fc29python3-lxc-3.0.4-1.fc29lxc-3.0.4-1.fc29

195529 - Fedora Linux 30 FEDORA-2019-2baa1f7b19 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-2baa1f7b19


https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=2https://lists.fedoraproject.org/archives/list/[email protected]/2019/9/?count=200&page=3

Fedora Core 30

lxcfs-3.0.4-1.fc30

lxc-3.0.4-1.fc30python3-lxc-3.0.4-1.fc30

196477 - Red Hat Enterprise Linux RHSA-2019-2694 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-11733, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812

DescriptionThe scan detected that the host is missing the following update:RHSA-2019-2694


http://www.redhat.com/archives/rhsa-announce/2019-September/msg00023.html

RHEL6Dx86_64firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10

i386firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10

RHEL6Si386firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10

x86_64firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10

RHEL6WSx86_64firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10

i386firefox-debuginfo-60.9.0-1.el6_10firefox-60.9.0-1.el6_10

25582 - (MSPT-Sep2019) Microsoft Explorer VBScript Remote Code Execution (CVE-2019-1208)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: HighCVE: CVE-2019-1208

DescriptionA vulnerability in some versions of Microsoft Explorer could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft Explorer could lead to remote code execution.

The flaw lies in the VBScript component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25583 - (MSPT-Sep2019) Microsoft VBScript Improperly Handles Objects in Memory Remote Code Execution (CVE-2019-1236)


DescriptionA vulnerability in some versions of Microsoft VBScript could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft VBScript could lead to remote code execution.

The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25591 - (MSPT-Sep2019) Microsoft Exchange Improperly Handles Objects in Memory Denial of Service (CVE-2019-1233)


DescriptionA vulnerability in some versions of Microsoft Exchange could lead to a denial of service.

ObservationA vulnerability in some versions of Microsoft Exchange could lead to a denial of service.

The flaw lies due to Improperly Handles Objects in Memory. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the user to open a vulnerable website, email or document.

25594 - (MSPT-Sep2019) Microsoft Team Foundation Server Improperly Sanitize Input Remote Code Execution (CVE-2019-1305)


DescriptionA vulnerability in some versions of Microsoft Team Foundation Server could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft Team Foundation Server could lead to remote code execution.

The flaw lies due to Improperly Sanitize Input component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25595 - (MSPT-Sep2019) Microsoft Azure DevOps Server and Team Foundation Server Improperly Validate Input RemoteCode Execution (CVE-201


DescriptionA vulnerability in some versions of Microsoft Azure DevOps Server and Team Foundation Server could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft Azure DevOps Server and Team Foundation Server could lead to remote code execution.

The flaw lies due to improperly validate input. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25598 - (MSPT-Sep2019) Microsoft Windows Jet Database Engine Remote Code Execution (CVE-2019-1240)


DescriptionA vulnerability in some versions of Microsoft Windows could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft Windows could lead to remote code execution.

The flaw lies in the Jet Database Engine component. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.







































Observation

A vulnerability in some versions of Microsoft Windows could lead to remote code execution.


25612 - (MSPT-Sep2019) Microsoft Windows .LNK Remote Code Execution (CVE-2019-1280)




The flaw lies in the .LNK file processing. Successful exploitation by an attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25615 - (MSPT-Sep2019) Microsoft Windows Denial of Service Vulnerability (CVE-2019-1292)


DescriptionA vulnerability in some versions of Microsoft Windows could lead to a denial of service.

ObservationA vulnerability in some versions of Microsoft Windows could lead to a denial of service.

The flaw lies due to improperly handle objects in memory. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.

25624 - (MSPT-Sep2019) Microsoft Windows Remote Desktop Services Remote Code Execution (CVE-2019-0787)




The flaw lies in the Remote Desktop Services component. Successful exploitation by a remote attacker could result in the execution of arbitrary code.





The flaw lies in the Remote Desktop Services component. Successful exploitation by a remote attacker could result in the execution of arbitrary code.





The flaw lies in the Remote Desktop Services component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.





The flaw lies in the Remote Desktop Services component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the attacker to have valid credentials to the vulnerable system.

25629 - (MSPT-Sep2019) Microsoft Edge Chakra Remote Code Execution (CVE-2019-1138)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: High

CVE: CVE-2019-1138

DescriptionA vulnerability in some versions of Microsoft Edge could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft Edge could lead to remote code execution.

The flaw lies in the Chakra component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.











25632 - (MSPT-Sep2019) Microsoft Edge Scripting Engine Remote Code Execution (CVE-2019-1298)




The flaw lies in the Scripting Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25634 - (MSPT-Sep2019) Microsoft ChakraCore Scripting Engine Remote Code Execution (CVE-2019-1300)


DescriptionA vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft ChakraCore could lead to remote code execution.

The flaw lies in the Scripting Engine component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25635 - (MSPT-Sep2019) Microsoft Hyper-V Properly Validate Input Denial of Service (CVE-2019-0928)


DescriptionA vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.

ObservationA vulnerability in some versions of Microsoft Hyper-V could lead to a denial of service.

The flaw lies in the Properly Validate Input component. Successful exploitation by a remote attacker could result in a denial of service condition. The exploit requires the attacker to have valid credentials to the vulnerable system.

25638 - (MSPT-Sep2019) Microsoft Excel Improperly Handle Objects in Memory Remote Code Execution (CVE-2019-1297)


DescriptionA vulnerability in some versions of Microsoft Excel could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft Excel could lead to remote code execution.

The flaw lies due to improperly handle objects in memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25642 - (MSPT-Sep2019) Microsoft SharePoint Remote Code Execution (CVE-2019-1257)


DescriptionA vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft SharePoint could lead to remote code execution.

The flaw lies in the Application Package component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25647 - (MSPT-Sep2019) Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1295)




The flaw lies in the Unsafe APIs component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25648 - (MSPT-Sep2019) Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1296)




The flaw lies in the Unsafe APIs component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25649 - (MSPT-Sep2019) Microsoft VBScript Improperly Handles Objects in Memory Remote Code Execution (CVE-2019-1220)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)

Risk Level: HighCVE: CVE-2019-1220

DescriptionA vulnerability in some versions of Microsoft VBScript could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft VBScript could lead to remote code execution.

The flaw lies due to Improperly Handles Objects in Memory. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.

25650 - (MSPT-Sep2019) Microsoft Explorer Improperly Handles Objects in Memory Remote Code Execution (CVE-2019-1221)


DescriptionA vulnerability in some versions of Microsoft Explorer could lead to remote code execution.

ObservationA vulnerability in some versions of Microsoft Explorer could lead to remote code execution.

The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the execution of arbitrary code. The exploit requires the user to open a vulnerable website, email or document.


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2019-9854




Debian 9.0alllibreoffice_1:5.2.7-1+deb9u11

Debian 10.0alllibreoffice_1:6.1.5-3+deb10u4

131419 - Debian Linux 10.0 DSA-4520-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2019-9512, CVE-2019-9514, CVE-2019-9515, CVE-2019-9518




Debian 10.0alltrafficserver_8.0.2+ds-1+deb10u1


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817




Debian 9.0allghostscript_9.26a~dfsg-0+deb9u5

Debian 10.0allghostscript_9.27~dfsg-2+deb10u2


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: HighCVE: CVE-2019-13139, CVE-2019-13509, CVE-2019-14271




Debian 10.0alldocker.io_18.09.1+dfsg1-7.1+deb10u1

148292 - SuSE Linux 15.0 openSUSE-SU-2019:2081-1 Update Is Not Installed





SuSE Linux 15.0x86_64chromedriver-76.0.3809.132-lp150.234.1chromedriver-debuginfo-76.0.3809.132-lp150.234.1chromium-76.0.3809.132-lp150.234.1chromium-debuginfo-76.0.3809.132-lp150.234.1chromium-debugsource-76.0.3809.132-lp150.234.1

148293 - SuSE SLES 12 SP4, SLED 12 SP4 SUSE-SU-2019:2347-1 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2019:2347-1


http://lists.suse.com/pipermail/sle-security-updates/2019-September/005900.html

SuSE SLED 12 SP4x86_64ghostscript-9.26a-23.25.1ghostscript-debugsource-9.26a-23.25.1ghostscript-debuginfo-9.26a-23.25.1

ghostscript-x11-9.26a-23.25.1ghostscript-x11-debuginfo-9.26a-23.25.1

SuSE SLES 12 SP4x86_64ghostscript-9.26a-23.25.1ghostscript-debugsource-9.26a-23.25.1ghostscript-debuginfo-9.26a-23.25.1ghostscript-x11-9.26a-23.25.1ghostscript-x11-debuginfo-9.26a-23.25.1






SuSE Linux 15.1x86_64libsrt1-debuginfo-1.3.4-lp151.2.3.1srt-debuginfo-1.3.4-lp151.2.3.1srt-1.3.4-lp151.2.3.1srt-debugsource-1.3.4-lp151.2.3.1libsrt1-1.3.4-lp151.2.3.1srt-devel-1.3.4-lp151.2.3.1






SuSE Linux 15.1x86_64chromedriver-76.0.3809.132-lp151.2.25.1chromium-debugsource-76.0.3809.132-lp151.2.25.1

chromedriver-debuginfo-76.0.3809.132-lp151.2.25.1chromium-debuginfo-76.0.3809.132-lp151.2.25.1chromium-76.0.3809.132-lp151.2.25.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-14809, CVE-2019-9512, CVE-2019-9514




SuSE Linux 15.1x86_64go1.12-1.12.9-lp151.2.17.1go1.12-race-1.12.9-lp151.2.17.1go1.12-doc-1.12.9-lp151.2.17.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2018-16843, CVE-2018-16844, CVE-2018-16845, CVE-2019-9511, CVE-2019-9513, CVE-2019-9516




SuSE Linux 15.1x86_64nginx-debuginfo-1.14.2-lp151.4.3.1nginx-1.14.2-lp151.4.3.1nginx-debugsource-1.14.2-lp151.4.3.1

noarchnginx-source-1.14.2-lp151.4.3.1vim-plugin-nginx-1.14.2-lp151.4.3.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes

Risk Level: HighCVE: CVE-MAP-NOMATCH




SuSE Linux 15.1i586libblkid-devel-2.33.1-lp151.3.3.2util-linux-systemd-2.33.1-lp151.3.3.2libsmartcols-devel-2.33.1-lp151.3.3.2util-linux-systemd-debugsource-2.33.1-lp151.3.3.2libfdisk1-debuginfo-2.33.1-lp151.3.3.2util-linux-systemd-debuginfo-2.33.1-lp151.3.3.2shadow-4.6-lp151.2.3.2libuuid-devel-2.33.1-lp151.3.3.2libmount1-2.33.1-lp151.3.3.2libfdisk1-2.33.1-lp151.3.3.2util-linux-debugsource-2.33.1-lp151.3.3.2libblkid1-2.33.1-lp151.3.3.2libblkid1-debuginfo-2.33.1-lp151.3.3.2libmount-devel-static-2.33.1-lp151.3.3.2libuuid1-2.33.1-lp151.3.3.2uuidd-debuginfo-2.33.1-lp151.3.3.2libblkid-devel-static-2.33.1-lp151.3.3.2shadow-debugsource-4.6-lp151.2.3.2shadow-debuginfo-4.6-lp151.2.3.2libfdisk-devel-static-2.33.1-lp151.3.3.2libmount1-debuginfo-2.33.1-lp151.3.3.2util-linux-debuginfo-2.33.1-lp151.3.3.2libuuid-devel-static-2.33.1-lp151.3.3.2libsmartcols1-debuginfo-2.33.1-lp151.3.3.2util-linux-2.33.1-lp151.3.3.2uuidd-2.33.1-lp151.3.3.2libsmartcols-devel-static-2.33.1-lp151.3.3.2libuuid1-debuginfo-2.33.1-lp151.3.3.2libmount-devel-2.33.1-lp151.3.3.2libfdisk-devel-2.33.1-lp151.3.3.2libsmartcols1-2.33.1-lp151.3.3.2

noarchutil-linux-lang-2.33.1-lp151.3.3.2

x86_64python3-libmount-debuginfo-2.33.1-lp151.3.3.2libblkid-devel-2.33.1-lp151.3.3.2python3-libmount-debugsource-2.33.1-lp151.3.3.2util-linux-systemd-2.33.1-lp151.3.3.2libsmartcols-devel-2.33.1-lp151.3.3.2util-linux-systemd-debugsource-2.33.1-lp151.3.3.2libfdisk1-debuginfo-2.33.1-lp151.3.3.2python3-libmount-2.33.1-lp151.3.3.2

libblkid-devel-32bit-2.33.1-lp151.3.3.2util-linux-systemd-debuginfo-2.33.1-lp151.3.3.2shadow-4.6-lp151.2.3.2libuuid-devel-2.33.1-lp151.3.3.2libmount1-32bit-debuginfo-2.33.1-lp151.3.3.2libblkid1-32bit-debuginfo-2.33.1-lp151.3.3.2libmount1-2.33.1-lp151.3.3.2libmount-devel-32bit-2.33.1-lp151.3.3.2libfdisk1-2.33.1-lp151.3.3.2util-linux-debugsource-2.33.1-lp151.3.3.2libblkid1-2.33.1-lp151.3.3.2libblkid1-debuginfo-2.33.1-lp151.3.3.2libmount-devel-static-2.33.1-lp151.3.3.2libblkid1-32bit-2.33.1-lp151.3.3.2libuuid1-2.33.1-lp151.3.3.2uuidd-debuginfo-2.33.1-lp151.3.3.2libblkid-devel-static-2.33.1-lp151.3.3.2shadow-debugsource-4.6-lp151.2.3.2shadow-debuginfo-4.6-lp151.2.3.2libfdisk-devel-static-2.33.1-lp151.3.3.2libmount1-debuginfo-2.33.1-lp151.3.3.2util-linux-debuginfo-2.33.1-lp151.3.3.2libuuid-devel-static-2.33.1-lp151.3.3.2libsmartcols1-debuginfo-2.33.1-lp151.3.3.2libuuid1-32bit-debuginfo-2.33.1-lp151.3.3.2util-linux-2.33.1-lp151.3.3.2libmount1-32bit-2.33.1-lp151.3.3.2uuidd-2.33.1-lp151.3.3.2libsmartcols-devel-static-2.33.1-lp151.3.3.2libuuid-devel-32bit-2.33.1-lp151.3.3.2libuuid1-debuginfo-2.33.1-lp151.3.3.2libmount-devel-2.33.1-lp151.3.3.2libfdisk-devel-2.33.1-lp151.3.3.2libuuid1-32bit-2.33.1-lp151.3.3.2libsmartcols1-2.33.1-lp151.3.3.2






SuSE Linux 15.0x86_64libmirage-debuginfo-3.2.2-lp150.2.6.1typelib-1_0-libmirage-3_2-3.2.2-lp150.2.6.1libmirage11-3.2.2-lp150.2.6.1libmirage-devel-3.2.2-lp150.2.6.1

libmirage11-debuginfo-3.2.2-lp150.2.6.1libmirage-3_2-debuginfo-3.2.2-lp150.2.6.1libmirage-3_2-3.2.2-lp150.2.6.1libmirage-debugsource-3.2.2-lp150.2.6.1

noarchlibmirage-data-3.2.2-lp150.2.6.1libmirage-lang-3.2.2-lp150.2.6.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679,CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690




SuSE SLED 12 SP4x86_64typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1libwebkit2gtk-4_0-37-2.24.4-2.47.1libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1libjavascriptcoregtk-4_0-18-2.24.4-2.47.1webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1typelib-1_0-WebKit2-4_0-2.24.4-2.47.1webkit2gtk3-debugsource-2.24.4-2.47.1libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1

noarchlibwebkit2gtk3-lang-2.24.4-2.47.1

SuSE SLES 12 SP4noarchlibwebkit2gtk3-lang-2.24.4-2.47.1

x86_64typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47.1libwebkit2gtk-4_0-37-2.24.4-2.47.1libwebkit2gtk-4_0-37-debuginfo-2.24.4-2.47.1libjavascriptcoregtk-4_0-18-2.24.4-2.47.1webkit2gtk-4_0-injected-bundles-2.24.4-2.47.1typelib-1_0-WebKit2-4_0-2.24.4-2.47.1webkit2gtk3-debugsource-2.24.4-2.47.1libjavascriptcoregtk-4_0-18-debuginfo-2.24.4-2.47.1webkit2gtk-4_0-injected-bundles-debuginfo-2.24.4-2.47.1






SuSE Linux 15.1x86_64libmirage-devel-3.2.2-lp151.3.6.1libmirage-3_2-debuginfo-3.2.2-lp151.3.6.1libmirage11-3.2.2-lp151.3.6.1libmirage-debuginfo-3.2.2-lp151.3.6.1libmirage11-debuginfo-3.2.2-lp151.3.6.1libmirage-debugsource-3.2.2-lp151.3.6.1typelib-1_0-libmirage-3_2-3.2.2-lp151.3.6.1libmirage-3_2-3.2.2-lp151.3.6.1

noarchlibmirage-data-3.2.2-lp151.3.6.1libmirage-lang-3.2.2-lp151.3.6.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518




SuSE Linux 15.0i586nodejs8-debugsource-8.16.1-lp150.2.19.1nodejs8-devel-8.16.1-lp150.2.19.1nodejs8-8.16.1-lp150.2.19.1npm8-8.16.1-lp150.2.19.1nodejs8-debuginfo-8.16.1-lp150.2.19.1

noarchnodejs8-docs-8.16.1-lp150.2.19.1

x86_64nodejs8-debugsource-8.16.1-lp150.2.19.1nodejs8-devel-8.16.1-lp150.2.19.1nodejs8-8.16.1-lp150.2.19.1npm8-8.16.1-lp150.2.19.1nodejs8-debuginfo-8.16.1-lp150.2.19.1

SuSE Linux 15.1i586nodejs8-debugsource-8.16.1-lp151.2.6.1nodejs8-debuginfo-8.16.1-lp151.2.6.1nodejs8-devel-8.16.1-lp151.2.6.1npm8-8.16.1-lp151.2.6.1nodejs8-8.16.1-lp151.2.6.1


x86_64nodejs8-debugsource-8.16.1-lp151.2.6.1nodejs8-debuginfo-8.16.1-lp151.2.6.1nodejs8-devel-8.16.1-lp151.2.6.1npm8-8.16.1-lp151.2.6.1nodejs8-8.16.1-lp151.2.6.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518




SuSE Linux 15.0x86_64nodejs10-10.16.3-lp150.5.1npm10-10.16.3-lp150.5.1nodejs10-debuginfo-10.16.3-lp150.5.1nodejs10-devel-10.16.3-lp150.5.1nodejs10-debugsource-10.16.3-lp150.5.1

noarchnodejs10-docs-10.16.3-lp150.5.1

SuSE Linux 15.1i586

nodejs10-debuginfo-10.16.3-lp151.2.6.1nodejs10-debugsource-10.16.3-lp151.2.6.1nodejs10-devel-10.16.3-lp151.2.6.1npm10-10.16.3-lp151.2.6.1nodejs10-10.16.3-lp151.2.6.1


x86_64nodejs10-debuginfo-10.16.3-lp151.2.6.1nodejs10-debugsource-10.16.3-lp151.2.6.1nodejs10-devel-10.16.3-lp151.2.6.1npm10-10.16.3-lp151.2.6.1nodejs10-10.16.3-lp151.2.6.1






SuSE Linux 15.0noarchpython3-Werkzeug-0.12.2-lp150.2.3.1python2-Werkzeug-0.12.2-lp150.2.3.1python-Werkzeug-doc-0.12.2-lp150.2.3.1






SuSE Linux 15.0x86_64

python2-Twisted-debuginfo-17.9.0-lp150.2.6.1python-Twisted-debuginfo-17.9.0-lp150.2.6.1python3-Twisted-17.9.0-lp150.2.6.1python-Twisted-debugsource-17.9.0-lp150.2.6.1python2-Twisted-17.9.0-lp150.2.6.1python-Twisted-doc-17.9.0-lp150.2.6.1python3-Twisted-debuginfo-17.9.0-lp150.2.6.1

i586python2-Twisted-debuginfo-17.9.0-lp150.2.6.1python-Twisted-debuginfo-17.9.0-lp150.2.6.1python3-Twisted-17.9.0-lp150.2.6.1python-Twisted-debugsource-17.9.0-lp150.2.6.1python2-Twisted-17.9.0-lp150.2.6.1python-Twisted-doc-17.9.0-lp150.2.6.1python3-Twisted-debuginfo-17.9.0-lp150.2.6.1

SuSE Linux 15.1x86_64python-Twisted-doc-17.9.0-lp151.3.6.1python3-Twisted-17.9.0-lp151.3.6.1python2-Twisted-17.9.0-lp151.3.6.1python3-Twisted-debuginfo-17.9.0-lp151.3.6.1python-Twisted-debuginfo-17.9.0-lp151.3.6.1python2-Twisted-debuginfo-17.9.0-lp151.3.6.1python-Twisted-debugsource-17.9.0-lp151.3.6.1

i586python-Twisted-doc-17.9.0-lp151.3.6.1python3-Twisted-17.9.0-lp151.3.6.1python2-Twisted-17.9.0-lp151.3.6.1python3-Twisted-debuginfo-17.9.0-lp151.3.6.1python-Twisted-debuginfo-17.9.0-lp151.3.6.1python2-Twisted-debuginfo-17.9.0-lp151.3.6.1python-Twisted-debugsource-17.9.0-lp151.3.6.1

148311 - SuSE SLES 12 SP4 SUSE-SU-2019:2329-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098, CVE-2019-9517




SuSE SLES 12 SP4noarchapache2-doc-2.4.23-29.43.1

x86_64apache2-worker-2.4.23-29.43.1

apache2-utils-2.4.23-29.43.1apache2-prefork-2.4.23-29.43.1apache2-debugsource-2.4.23-29.43.1apache2-2.4.23-29.43.1apache2-example-pages-2.4.23-29.43.1apache2-utils-debuginfo-2.4.23-29.43.1apache2-prefork-debuginfo-2.4.23-29.43.1apache2-worker-debuginfo-2.4.23-29.43.1apache2-debuginfo-2.4.23-29.43.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-12217, CVE-2019-12218, CVE-2019-12220, CVE-2019-12221, CVE-2019-12222, CVE-2019-13616, CVE-2019-5051, CVE-2019-5052, CVE-2019-5057, CVE-2019-5058, CVE-2019-5059, CVE-2019-5060




SuSE Linux 15.0x86_64libSDL2_image-2_0-0-32bit-debuginfo-2.0.5-lp150.9.1libSDL2_image-2_0-0-2.0.5-lp150.9.1libSDL2_image-2_0-0-debuginfo-2.0.5-lp150.9.1libSDL2_image-2_0-0-32bit-2.0.5-lp150.9.1libSDL2_image-devel-2.0.5-lp150.9.1SDL2_image-debugsource-2.0.5-lp150.9.1libSDL2_image-devel-32bit-2.0.5-lp150.9.1

i586libSDL2_image-2_0-0-debuginfo-2.0.5-lp150.9.1SDL2_image-debugsource-2.0.5-lp150.9.1libSDL2_image-devel-2.0.5-lp150.9.1libSDL2_image-2_0-0-2.0.5-lp150.9.1

SuSE Linux 15.1x86_64libSDL2_image-2_0-0-2.0.5-lp151.2.5.1libSDL2_image-2_0-0-32bit-debuginfo-2.0.5-lp151.2.5.1libSDL2_image-devel-32bit-2.0.5-lp151.2.5.1libSDL2_image-2_0-0-32bit-2.0.5-lp151.2.5.1SDL2_image-debugsource-2.0.5-lp151.2.5.1libSDL2_image-devel-2.0.5-lp151.2.5.1libSDL2_image-2_0-0-debuginfo-2.0.5-lp151.2.5.1

i586libSDL2_image-2_0-0-2.0.5-lp151.2.5.1libSDL2_image-2_0-0-debuginfo-2.0.5-lp151.2.5.1libSDL2_image-devel-2.0.5-lp151.2.5.1SDL2_image-debugsource-2.0.5-lp151.2.5.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: HighCVE: CVE-2019-14809, CVE-2019-9512, CVE-2019-9514




SuSE Linux 15.0x86_64go1.11-1.11.13-lp150.18.1go1.11-race-1.11.13-lp150.18.1go1.11-doc-1.11.13-lp150.18.1

SuSE Linux 15.1x86_64go1.11-doc-1.11.13-lp151.2.9.1go1.11-race-1.11.13-lp151.2.9.1go1.11-1.11.13-lp151.2.9.1


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-1125, CVE-2019-9500




OEL7x86_64kernel-debug-devel-3.10.0-1062.1.1.el7kernel-devel-3.10.0-1062.1.1.el7kernel-3.10.0-1062.1.1.el7perf-3.10.0-1062.1.1.el7kernel-tools-3.10.0-1062.1.1.el7kernel-tools-libs-devel-3.10.0-1062.1.1.el7python-perf-3.10.0-1062.1.1.el7kernel-abi-whitelists-3.10.0-1062.1.1.el7kernel-doc-3.10.0-1062.1.1.el7

bpftool-3.10.0-1062.1.1.el7kernel-tools-libs-3.10.0-1062.1.1.el7kernel-headers-3.10.0-1062.1.1.el7kernel-debug-3.10.0-1062.1.1.el7


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-1125



http://oss.oracle.com/pipermail/el-errata/2019-September/009124.htmlhttp://oss.oracle.com/pipermail/el-errata/2019-September/009123.html

OEL7x86_64kernel-uek-debug-devel-3.8.13-118.38.1.el7uekkernel-uek-3.8.13-118.38.1.el7uekkernel-uek-doc-3.8.13-118.38.1.el7uekdtrace-modules-3.8.13-118.38.1.el7uek-0.4.5-3.el7kernel-uek-devel-3.8.13-118.38.1.el7uekkernel-uek-debug-3.8.13-118.38.1.el7uekkernel-uek-firmware-3.8.13-118.38.1.el7uek

OEL6x86_64kernel-uek-doc-3.8.13-118.38.1.el6uekkernel-uek-devel-3.8.13-118.38.1.el6uekdtrace-modules-3.8.13-118.38.1.el6uek-0.4.5-3.el6kernel-uek-firmware-3.8.13-118.38.1.el6uekkernel-uek-debug-devel-3.8.13-118.38.1.el6uekkernel-uek-3.8.13-118.38.1.el6uekkernel-uek-debug-3.8.13-118.38.1.el6uek


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-1125




OEL6x86_64kernel-uek-2.6.39-400.314.1.el6uekkernel-uek-devel-2.6.39-400.314.1.el6uekkernel-uek-doc-2.6.39-400.314.1.el6uekkernel-uek-debug-devel-2.6.39-400.314.1.el6uekkernel-uek-debug-2.6.39-400.314.1.el6uekkernel-uek-firmware-2.6.39-400.314.1.el6uek

i386kernel-uek-2.6.39-400.314.1.el6uekkernel-uek-devel-2.6.39-400.314.1.el6uekkernel-uek-doc-2.6.39-400.314.1.el6uekkernel-uek-debug-devel-2.6.39-400.314.1.el6uekkernel-uek-debug-2.6.39-400.314.1.el6uekkernel-uek-firmware-2.6.39-400.314.1.el6uek


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-9511, CVE-2019-9513




OEL8x86_64libnghttp2-1.33.0-1.el8_0.1nghttp2-1.33.0-1.el8_0.1libnghttp2-devel-1.33.0-1.el8_0.1


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817




OEL8x86_64ghostscript-9.25-2.el8_0.3ghostscript-tools-printing-9.25-2.el8_0.3libgs-9.25-2.el8_0.3libgs-devel-9.25-2.el8_0.3ghostscript-doc-9.25-2.el8_0.3ghostscript-tools-fonts-9.25-2.el8_0.3ghostscript-tools-dvipdf-9.25-2.el8_0.3ghostscript-x11-9.25-2.el8_0.3

178778 - Gentoo Linux GLSA-201909-06 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: HighCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:GLSA-201909-06


https://security.gentoo.org/glsa/201909-06

Affected packages: mail-mta/exim < 4.92.2

183081 - FreeBSD oniguruma Multiple Vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2019-13224, CVE-2019-13225

DescriptionThe scan detected that the host is missing the following update:oniguruma -- multiple vulnerabilities (a8d87c7a-d1b1-11e9-a616-0992a4564e7c)


http://www.vuxml.org/freebsd/a8d87c7a-d1b1-11e9-a616-0992a4564e7c.html

Affected packages: oniguruma < 6.9.3

183084 - FreeBSD xymon-server Multiple Vulnerabilities (10e1d580-d174-11e9-a87f-a4badb2f4699)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: HighCVE: CVE-2019-13273, CVE-2019-13274, CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13484, CVE-2019-

13485, CVE-2019-13486

DescriptionThe scan detected that the host is missing the following update:xymon-server -- multiple vulnerabilities (10e1d580-d174-11e9-a87f-a4badb2f4699)


http://www.vuxml.org/freebsd/10e1d580-d174-11e9-a87f-a4badb2f4699.html

Affected packages: xymon-server < 4.3.29

186907 - Ubuntu Linux 16.04, 18.04 USN-4115-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: HighCVE: CVE-2018-19985, CVE-2018-20784, CVE-2019-0136, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-3701, CVE-2019-3819, CVE-2019-3900, CVE-2019-9506




Ubuntu 16.04

linux-image-gcp_4.15.0.1042.56linux-image-virtual-hwe-16.04_4.15.0.62.82linux-image-gke_4.15.0.1042.56linux-image-4.15.0-1042-gcp_4.15.0-1042.44linux-image-lowlatency-hwe-16.04_4.15.0.62.82linux-image-4.15.0-1023-oracle_4.15.0-1023.26~16.04.1linux-image-aws-hwe_4.15.0.1048.48linux-image-generic-hwe-16.04_4.15.0.62.82linux-image-4.15.0-62-lowlatency_4.15.0-62.69~16.04.1linux-image-4.15.0-62-generic_4.15.0-62.69~16.04.1linux-image-4.15.0-1048-aws_4.15.0-1048.50~16.04.1linux-image-oem_4.15.0.62.82linux-image-azure_4.15.0.1057.60linux-image-4.15.0-62-generic-lpae_4.15.0-62.69~16.04.1linux-image-generic-lpae-hwe-16.04_4.15.0.62.82linux-image-4.15.0-1057-azure_4.15.0-1057.62linux-image-oracle_4.15.0.1023.17

Ubuntu 18.04

linux-image-powerpc64-smp_4.15.0.62.64

linux-image-gke-4.15_4.15.0.1042.45linux-image-4.15.0-1044-kvm_4.15.0-1044.44linux-image-oracle_4.15.0.1023.26linux-image-4.15.0-1042-gke_4.15.0-1042.44linux-image-aws_4.15.0.1048.47linux-image-4.15.0-62-generic_4.15.0-62.69linux-image-4.15.0-1045-raspi2_4.15.0-1045.49linux-image-lowlatency_4.15.0.62.64linux-image-powerpc64-emb_4.15.0.62.64linux-image-gke_4.15.0.1042.45linux-image-virtual_4.15.0.62.64linux-image-4.15.0-1023-oracle_4.15.0-1023.26linux-image-generic_4.15.0.62.64linux-image-generic-lpae_4.15.0.62.64linux-image-4.15.0-62-lowlatency_4.15.0-62.69linux-image-4.15.0-62-generic-lpae_4.15.0-62.69linux-image-powerpc-e500mc_4.15.0.62.64linux-image-4.15.0-1048-aws_4.15.0-1048.50linux-image-powerpc-smp_4.15.0.62.64linux-image-raspi2_4.15.0.1045.43linux-image-kvm_4.15.0.1044.44

195507 - Fedora Linux 29 FEDORA-2019-59d60bd1fa Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2019-10691, CVE-2019-11500, CVE-2019-7524

DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-59d60bd1fa



Fedora Core 29

dovecot-2.3.7.2-1.fc29

195512 - Fedora Linux 30 FEDORA-2019-55d101a740 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-55d101a740



Fedora Core 30

golang-1.12.9-1.fc30

195513 - Fedora Linux 29 FEDORA-2019-6fa01d12b4 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-6fa01d12b4



Fedora Core 29

pdfbox-2.0.16-1.fc29

195521 - Fedora Linux 30 FEDORA-2019-96fe76e02b Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-96fe76e02b



Fedora Core 30

nsd-4.2.2-1.fc30

195523 - Fedora Linux 29 FEDORA-2019-65db7ad6c7 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-16873, CVE-2018-16874, CVE-2018-16875, CVE-2019-14809, CVE-2019-6486, CVE-2019-9512, CVE-2019-9514,CVE-2019-9741

Description

The scan detected that the host is missing the following update:FEDORA-2019-65db7ad6c7



Fedora Core 29

golang-1.11.13-1.fc29

195524 - Fedora Linux 29 FEDORA-2019-a457303ffc Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: HighCVE: CVE-2018-20174, CVE-2018-20175, CVE-2018-20176, CVE-2018-20177, CVE-2018-20178, CVE-2018-20179, CVE-2018-20180, CVE-2018-20181, CVE-2018-20182, CVE-2018-8791, CVE-2018-8792, CVE-2018-8793, CVE-2018-8794, CVE-2018-8795,CVE-2018-8796, CVE-2018-8797, CVE-2018-8798, CVE-2018-8799, CVE-2018-8800

DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-a457303ffc



Fedora Core 29

rdesktop-1.8.6-1.fc29

195531 - Fedora Linux 30 FEDORA-2019-9e91afa2be Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-9e91afa2be



Fedora Core 30

pdfbox-2.0.16-1.fc30


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-9512, CVE-2019-9514




RHEL7Snoarchgo-toolset-1.11-golang-docs-1.11.13-2.el7

RHEL7WSx86_64go-toolset-1.11-1.11.13-1.el7go-toolset-1.11-golang-src-1.11.13-2.el7go-toolset-1.11-scldevel-1.11.13-1.el7go-toolset-1.11-golang-race-1.11.13-2.el7go-toolset-1.11-build-1.11.13-1.el7go-toolset-1.11-golang-misc-1.11.13-2.el7go-toolset-1.11-runtime-1.11.13-1.el7go-toolset-1.11-golang-bin-1.11.13-2.el7go-toolset-1.11-golang-tests-1.11.13-2.el7go-toolset-1.11-golang-1.11.13-2.el7

noarchgo-toolset-1.11-golang-docs-1.11.13-2.el7


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and HotfixesRisk Level: HighCVE: CVE-2019-5869




RHEL6Di386chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10

i686chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10

x86_64chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10

RHEL6Si386chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10



RHEL6WSi386chromium-browser-76.0.3809.132-1.el6_10chromium-browser-debuginfo-76.0.3809.132-1.el6_10



25643 - (MSPT-Sep2019) Microsoft SharePoint Spoofing Vulnerability (CVE-2019-1259)

Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)Risk Level: MediumCVE: CVE-2019-1259

DescriptionA vulnerability in some versions of Microsoft SharePoint could lead to spoofing.

ObservationA vulnerability in some versions of Microsoft SharePoint could lead to spoofing.

The flaw is due to Improper Handling of Requests To Authorize Applications. Successful exploitation by a remote attacker could result in spoofing The exploit requires the user to open a vulnerable website, email or document.


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2019-13616, CVE-2019-5052, CVE-2019-5057, CVE-2019-5058, CVE-2019-5059, CVE-2019-5060, CVE-2019-7635




SuSE Linux 15.0x86_64libSDL_image-1_2-0-32bit-1.2.12+hg695-lp150.2.3.1libSDL_image-devel-32bit-1.2.12+hg695-lp150.2.3.1SDL_image-debugsource-1.2.12+hg695-lp150.2.3.1libSDL_image-1_2-0-32bit-debuginfo-1.2.12+hg695-lp150.2.3.1libSDL_image-1_2-0-1.2.12+hg695-lp150.2.3.1libSDL_image-devel-1.2.12+hg695-lp150.2.3.1libSDL_image-1_2-0-debuginfo-1.2.12+hg695-lp150.2.3.1

i586libSDL_image-devel-1.2.12+hg695-lp150.2.3.1SDL_image-debugsource-1.2.12+hg695-lp150.2.3.1libSDL_image-1_2-0-debuginfo-1.2.12+hg695-lp150.2.3.1libSDL_image-1_2-0-1.2.12+hg695-lp150.2.3.1

SuSE Linux 15.1x86_64libSDL_image-devel-32bit-1.2.12+hg695-lp151.3.3.1libSDL_image-1_2-0-debuginfo-1.2.12+hg695-lp151.3.3.1libSDL_image-1_2-0-32bit-1.2.12+hg695-lp151.3.3.1SDL_image-debugsource-1.2.12+hg695-lp151.3.3.1libSDL_image-devel-1.2.12+hg695-lp151.3.3.1libSDL_image-1_2-0-32bit-debuginfo-1.2.12+hg695-lp151.3.3.1libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1

i586libSDL_image-1_2-0-debuginfo-1.2.12+hg695-lp151.3.3.1libSDL_image-devel-1.2.12+hg695-lp151.3.3.1SDL_image-debugsource-1.2.12+hg695-lp151.3.3.1libSDL_image-1_2-0-1.2.12+hg695-lp151.3.3.1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2018-20406, CVE-2018-20852, CVE-2019-10160, CVE-2019-5010, CVE-2019-9636, CVE-2019-9740, CVE-2019-9947,CVE-2019-9948




Ubuntu 12.04

python2.7-minimal_2.7.3-0ubuntu3.14python2.7_2.7.3-0ubuntu3.14

Ubuntu 14.04

python2.7-minimal_2.7.6-8ubuntu0.6+esm2python3.4_3.4.3-1ubuntu1~14.04.7+esm2python3.4-minimal_3.4.3-1ubuntu1~14.04.7+esm2python2.7_2.7.6-8ubuntu0.6+esm2


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2019-13173




Ubuntu 19.04

node-fstream_1.0.10-1ubuntu0.19.04.2

Ubuntu 18.04

node-fstream_1.0.10-1ubuntu0.18.04.1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2018-20406, CVE-2018-20852, CVE-2019-10160, CVE-2019-5010, CVE-2019-9636, CVE-2019-9740, CVE-2019-9947,CVE-2019-9948




Ubuntu 16.04

python3.5-minimal_3.5.2-2ubuntu0~16.04.8python3.5_3.5.2-2ubuntu0~16.04.8python2.7_2.7.12-1ubuntu0~16.04.8python2.7-minimal_2.7.12-1ubuntu0~16.04.8

Ubuntu 19.04

python3.7-minimal_3.7.3-2ubuntu0.1python2.7-minimal_2.7.16-2ubuntu0.1python2.7_2.7.16-2ubuntu0.1python3.7_3.7.3-2ubuntu0.1

Ubuntu 18.04

python3.6-minimal_3.6.8-1~18.04.2python3.6_3.6.8-1~18.04.2python2.7-minimal_2.7.15-4ubuntu4~18.04.1python2.7_2.7.15-4ubuntu4~18.04.1

195509 - Fedora Linux 29 FEDORA-2019-e08f78d4a6 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-13616, CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577,CVE-2019-7578, CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638

DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-e08f78d4a6



Fedora Core 29

SDL-1.2.15-40.fc29

195510 - Fedora Linux 30 FEDORA-2019-644ef7ebec Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2018-7999

DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-644ef7ebec



Fedora Core 30

graphite2-1.3.13-1.fc30

195517 - Fedora Linux 29 FEDORA-2019-80e5e20cf8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: MediumCVE: CVE-2019-14267, CVE-2019-14934

DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-80e5e20cf8



Fedora Core 29

pdfresurrect-0.18-1.fc29

195520 - Fedora Linux 29 FEDORA-2019-d0b1feb995 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-d0b1feb995



Fedora Core 29

graphite2-1.3.13-1.fc29

195522 - Fedora Linux 30 FEDORA-2019-e01bc28777 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-e01bc28777



Fedora Core 30

pdfresurrect-0.18-1.fc30

195534 - Fedora Linux 30 FEDORA-2019-446ca9f695 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-446ca9f695



Fedora Core 30

SDL-1.2.15-41.fc30

25571 - (MSPT-Sep2019) Microsoft DirectWrite Improperly Discloses the Contents of Its Memory Information Disclosure(CVE-2019-1244)


DescriptionA vulnerability in some versions of Microsoft DirectWrite could lead to information disclosure.

ObservationA vulnerability in some versions of Microsoft DirectWrite could lead to information disclosure.

The flaw lies in the Improperly Discloses the Contents of Its Memory component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.

25572 - (MSPT-Sep2019) Microsoft DirectWrite Improperly Discloses the Contents of Its Memory Information Disclosure(CVE-2019-1245)




The flaw lies in the Improperly Discloses the Contents of Its Memory component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.

25573 - (MSPT-Sep2019) Microsoft DirectWrite Improperly Handles Objects in Memory Information Disclosure (CVE-2019-1251)




The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.

25574 - (MSPT-Sep2019) Microsoft Windows Win32k Privilege Escalation (CVE-2019-1256)


DescriptionA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

ObservationA vulnerability in some versions of Microsoft Windows could lead to privilege escalation.

The flaw lies in the Win32k component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25575 - (MSPT-Sep2019) Microsoft Windows Win32k Privilege Escalation (CVE-2019-1285)




The flaw lies in the Win32k component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25576 - (MSPT-Sep2019) Microsoft Windows ALPC Privilege Escalation (CVE-2019-1269)




The flaw lies in the ALPC component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25577 - (MSPT-Sep2019) Microsoft Windows ALPC Privilege Escalation (CVE-2019-1272)




The flaw lies in the ALPC component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25578 - (MSPT-Sep2019) Microsoft Windows AppX Deployment Server Privilege Escalation (CVE-2019-1253)




The flaw lies in the AppX Deployment Server component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25579 - (MSPT-Sep2019) Microsoft Windows AppX Deployment Server Privilege Escalation (CVE-2019-1303)




The flaw lies in the AppX Deployment Server component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25580 - (MSPT-Sep2019) Microsoft Windows GDI Information Disclosure (CVE-2019-1252)


DescriptionA vulnerability in some versions of Microsoft Windows could lead to information disclosure.

ObservationA vulnerability in some versions of Microsoft Windows could lead to information disclosure.

The flaw lies in the GDI component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.

25581 - (MSPT-Sep2019) Microsoft Windows GDI Information Disclosure (CVE-2019-1286)




The flaw lies in the GDI component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.

25584 - (MSPT-Sep2019) Microsoft Windows Secure Boot Security Bypass (CVE-2019-1294)


Risk Level: MediumCVE: CVE-2019-1294

DescriptionA vulnerability in some versions of Microsoft Windows could lead to security bypass.

ObservationA vulnerability in some versions of Microsoft Windows could lead to security bypass.

The flaw lies in the Secure Boot component. Successful exploitation by a remote attacker could result in the bypass of intended access restrictions. The exploit requires the attacker to have valid credentials to the vulnerable system.

25585 - (MSPT-Sep2019) Microsoft Windows Store Installer Privilege Escalation (CVE-2019-1270)




The flaw lies in the Store Installer component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25586 - (MSPT-Sep2019) Microsoft Windows IME Privilege Escalation (CVE-2019-1235)


DescriptionA vulnerability in some versions of Microsoft IME could lead to privilege escalation.

ObservationA vulnerability in some versions of Microsoft IME could lead to privilege escalation.

The flaw lies in the IME component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25587 - (MSPT-Sep2019) Microsoft Windows Update Delivery Optimization Privilege Escalation (CVE-2019-1289)




The flaw lies in the Update Delivery Optimization component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25589 - (MSPT-Sep2019) Microsoft Winlogon Improperly Handle File Privilege Escalation (CVE-2019-1268)


DescriptionA vulnerability in some versions of Microsoft Winlogon could lead to privilege escalation.

ObservationA vulnerability in some versions of Microsoft Winlogon could lead to privilege escalation.

The flaw lies due to improperly handle file. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25590 - (MSPT-Sep2019) Microsoft ws2ifsl.sys Improperly Handles Objects in Memory Privilege Escalation (CVE-2019-1215)


DescriptionA vulnerability in some versions of Microsoft ws2ifsl.sys could lead to privilege escalation.

ObservationA vulnerability in some versions of Microsoft ws2ifsl.sys could lead to privilege escalation.

The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25592 - (MSPT-Sep2019) Microsoft Exchange Server Outlook Web Access Spoofing (CVE-2019-1266)


DescriptionA vulnerability in some versions of Microsoft Exchange Server could lead to spoofing.

ObservationA vulnerability in some versions of Microsoft Exchange Server could lead to spoofing.

The flaw lies in the Outlook Web Access component. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the user to open a vulnerable website, email or document.

25593 - (MSPT-Sep2019) Microsoft Windows Lync 2013 Information Disclosure (CVE-2019-1209)




The flaw lies in the Lync 2013 component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.

25607 - (MSPT-Sep2019) Microsoft Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability (CVE-2019-1232)


DescriptionA vulnerability in some versions of Microsoft Diagnostics Hub Standard Collector Service could lead to privilege escalation.

ObservationA vulnerability in some versions of Microsoft Diagnostics Hub Standard Collector Service could lead to privilege escalation.

The flaw lies in the Improperly Impersonates File Operations. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25608 - (MSPT-Sep2019) Microsoft Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability (CVE-2019-1267)


DescriptionA vulnerability in some versions of Microsoft Compatibility Appraiser could lead to privilege escalation.

ObservationA vulnerability in some versions of Microsoft Compatibility Appraiser could lead to privilege escalation.

The flaw lies in the Symbolic Hardlink Attack component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25609 - (MSPT-Sep2019) Microsoft Windows Media Elevation of Privilege Vulnerability (CVE-2019-1271)




The flaw lies in the hdAudio.sys component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25610 - (MSPT-Sep2019) Microsoft Active Directory Federation Services XSS Vulnerability (CVE-2019-1273)


DescriptionA vulnerability in some versions of Microsoft ADFS could lead to XSS.

ObservationA vulnerability in some versions of Microsoft ADFS could lead to XSS.

The flaw lies due to improperly sanitize error messages. Successful exploitation by a remote attacker could result in XSS attacks. The exploit requires the attacker to have valid credentials to the vulnerable system.

25611 - (MSPT-Sep2019) Microsoft Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1277)




The flaw lies in the Audio Service component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25613 - (MSPT-Sep2019) Microsoft Graphics Components Information Disclosure Vulnerability (CVE-2019-1283)


DescriptionA vulnerability in some versions of Microsoft Graphics Components could lead to information disclosure.

ObservationA vulnerability in some versions of Microsoft Graphics Components could lead to information disclosure.

The flaw lies due to improper handling of objects in memory. Successful exploitation by an attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.

25614 - (MSPT-Sep2019) Microsoft Windows Network Connectivity Assistant Privilege Escalation (CVE-2019-1287)




The flaw lies in the Network Connectivity Assistant component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25616 - (MSPT-Sep2019) Microsoft .NET Framework CLR Privilege Escalation (CVE-2019-1142)


DescriptionA vulnerability in some versions of Microsoft .NET Framework could lead to privilege escalation.

ObservationA vulnerability in some versions of Microsoft .NET Framework could lead to privilege escalation.

The flaw lies in the CLR component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25617 - (MSPT-Sep2019) Microsoft CLFS Improperly Handles Objects in Memory Privilege Escalation (CVE-2019-1214)


DescriptionA vulnerability in some versions of Microsoft CLFS could lead to privilege escalation.

Observation

A vulnerability in some versions of Microsoft CLFS could lead to privilege escalation.

The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25618 - (MSPT-Sep2019) Microsoft CLFS Improperly Handles Objects in Memory Improperly Handles Objects in MemoryInformation Disclosure (


DescriptionA vulnerability in some versions of Microsoft CLFS could lead to information disclosure.

ObservationA vulnerability in some versions of Microsoft CLFS could lead to information disclosure.

The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

25619 - (MSPT-Sep2019) Microsoft Windows CLFS Security Bypass (CVE-2019-1282)


DescriptionA vulnerability in some versions of Microsoft Windows could lead to security bypass.

ObservationA vulnerability in some versions of Microsoft Windows could lead to security bypass.

The flaw lies in the CLFS component. Successful exploitation by a remote attacker could result in the bypass of intended access restrictions. The exploit requires the attacker to have valid credentials to the vulnerable system.

25620 - (MSPT-Sep2019) Microsoft DirectX Improperly Handles Objects in Memory Information Disclosure (CVE-2019-1216)


DescriptionA vulnerability in some versions of Microsoft DirectX could lead to information disclosure.

ObservationA vulnerability in some versions of Microsoft DirectX could lead to information disclosure.

The flaw lies in the Improperly Handles Objects in Memory component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

25621 - (MSPT-Sep2019) Microsoft DirectX Improperly Handle Objects in Memory Privilege Escalation (CVE-2019-1284)


DescriptionA vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.

ObservationA vulnerability in some versions of Microsoft DirectX could lead to privilege escalation.

The flaw lies due to improperly handle objects in memory. Successful exploitation could allow a local user to gain elevated privileges. The exploit requires the attacker to have valid credentials to the vulnerable system.

25622 - (MSPT-Sep2019) Microsoft Windows Kernel Information Disclosure (CVE-2019-1274)




The flaw lies in the Kernel component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

25623 - (MSPT-Sep2019) Microsoft Windows Kernel Information Disclosure (CVE-2019-1293)




The flaw lies in the Kernel component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

25633 - (MSPT-Sep2019) Microsoft ChakraCore Improperly Handle Objects in Memory Information Disclosure (CVE-2019-1299)



DescriptionA vulnerability in some versions of Microsoft ChakraCore could lead to information disclosure.

ObservationA vulnerability in some versions of Microsoft ChakraCore could lead to information disclosure.

The flaw lies due to improperly handle objects in memory. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.

25636 - (MSPT-Sep2019) Microsoft Windows Hyper-V Information Disclosure (CVE-2019-1254)




The flaw lies in the Hyper-V component. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the attacker to have valid credentials to the vulnerable system.

25639 - (MSPT-Sep2019) Microsoft Excel Improperly Handle Objects in Memory Information Disclosure (CVE-2019-1263)


DescriptionA vulnerability in some versions of Microsoft Excel could lead to information disclosure.

ObservationA vulnerability in some versions of Microsoft Excel could lead to information disclosure.

The flaw lies due to improperly handle objects in memory. Successful exploitation by a remote attacker could result in the disclosure of sensitive information. The exploit requires the user to open a vulnerable website, email or document.

25640 - (MSPT-Sep2019) Microsoft Office Improperly Handles Input Security Bypass (CVE-2019-1264)


DescriptionA vulnerability in some versions of Microsoft Office could lead to security bypass.

ObservationA vulnerability in some versions of Microsoft Office could lead to security bypass.

The flaw lies due to improperly handles input. Successful exploitation by a remote attacker could result in the bypass of intended access restrictions. The exploit requires the user to open a vulnerable website, email or document.

25644 - (MSPT-Sep2019) Microsoft SharePoint Privilege Escalation (CVE-2019-1260)


DescriptionA vulnerability in some versions of Microsoft SharePoint could lead to privilege escalation.

ObservationA vulnerability in some versions of Microsoft SharePoint could lead to privilege escalation.

The flaw lies in the Sanitation of user input. Successful exploitation could allow a user to gain elevated privileges. The exploit requires the user to open a vulnerable website, email or document.

25645 - (MSPT-Sep2019) Microsoft SharePoint Spoofing Vulnerability (CVE-2019-1261)




The flaw lies due to improperly handles requests. Successful exploitation by a remote attacker could result in spoofing. The exploit requires the user to open a vulnerable website, email or document.

25646 - (MSPT-Sep2019) Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1262)




The flaw lies due to improperly sanitize web request. Successful exploitation by a remote attacker could result in spoofing. The exploit

requires the user to open a vulnerable website, email or document.


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixesRisk Level: MediumCVE: CVE-MAP-NOMATCH




Affected packages: x11-libs/pango < 1.42.4-r2






Affected packages: media-libs/libsdl2 < 2.0.10






Affected packages: dev-lang/perl < 5.28.2






Affected packages: media-video/vlc < 3.0.8






Affected packages: sys-apps/dbus < 1.12.16




Observation

Updates often remediate critical security problems that should be quickly addressed.For more information see:


Affected packages: net-libs/webkit-gtk < 2.24.4






Affected packages: www-servers/apache < 2.4.41


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2019-0199, CVE-2019-0221, CVE-2019-10072




Ubuntu 16.04

libtomcat8-java_8.0.32-1ubuntu1.10tomcat8_8.0.32-1ubuntu1.10

Ubuntu 18.04

tomcat8_8.5.39-1ubuntu1~18.04.3libtomcat8-java_8.5.39-1ubuntu1~18.04.3


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: MediumCVE: CVE-2019-15026




Ubuntu 16.04

memcached_1.4.25-2ubuntu1.5

Ubuntu 19.04

memcached_1.5.10-0ubuntu1.19.04.2

Ubuntu 18.04

memcached_1.5.6-0ubuntu1.2

195504 - Fedora Linux 30 FEDORA-2019-0bb6b876da Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-0bb6b876da



Fedora Core 30

grafana-6.3.4-1.fc30

195505 - Fedora Linux 29 FEDORA-2019-d58eb75449 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-d58eb75449



Fedora Core 29

python38-3.8.0~b4-1.fc29

195514 - Fedora Linux 30 FEDORA-2019-4954d8773c Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-4954d8773c



Fedora Core 30

python38-3.8.0~b4-1.fc30

195533 - Fedora Linux 29 FEDORA-2019-77d612eab4 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-77d612eab4



Fedora Core 29

grafana-6.3.4-1.fc29


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes





RHEL6_5Sx86_64kernel-debuginfo-2.6.32-431.96.1.el6perf-2.6.32-431.96.1.el6kernel-debug-debuginfo-2.6.32-431.96.1.el6kernel-debug-devel-2.6.32-431.96.1.el6kernel-devel-2.6.32-431.96.1.el6kernel-debug-2.6.32-431.96.1.el6perf-debuginfo-2.6.32-431.96.1.el6python-perf-2.6.32-431.96.1.el6python-perf-debuginfo-2.6.32-431.96.1.el6kernel-2.6.32-431.96.1.el6kernel-debuginfo-common-x86_64-2.6.32-431.96.1.el6kernel-headers-2.6.32-431.96.1.el6

noarchkernel-abi-whitelists-2.6.32-431.96.1.el6kernel-firmware-2.6.32-431.96.1.el6kernel-doc-2.6.32-431.96.1.el6


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2019-2614, CVE-2019-2627, CVE-2019-2628




SuSE SLED 12 SP4x86_64mariadb-debuginfo-10.2.25-3.19.2mariadb-debugsource-10.2.25-3.19.2libmariadb_plugins-debuginfo-3.1.2-2.6.6mariadb-client-10.2.25-3.19.2libmariadb3-3.1.2-2.6.6mariadb-10.2.25-3.19.2

libmariadb_plugins-3.1.2-2.6.6mariadb-client-debuginfo-10.2.25-3.19.2libmariadb3-debuginfo-3.1.2-2.6.6mariadb-connector-c-debugsource-3.1.2-2.6.6

noarchmariadb-errormessages-10.2.25-3.19.2

SuSE SLES 12 SP4noarchmariadb-errormessages-10.2.25-3.19.2

x86_64mariadb-debuginfo-10.2.25-3.19.2mariadb-debugsource-10.2.25-3.19.2libmariadb_plugins-debuginfo-3.1.2-2.6.6mariadb-client-10.2.25-3.19.2mariadb-tools-debuginfo-10.2.25-3.19.2libmariadb3-3.1.2-2.6.6mariadb-10.2.25-3.19.2libmariadb_plugins-3.1.2-2.6.6mariadb-client-debuginfo-10.2.25-3.19.2libmariadb3-debuginfo-3.1.2-2.6.6mariadb-tools-10.2.25-3.19.2mariadb-connector-c-debugsource-3.1.2-2.6.6


Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: MediumCVE: CVE-2019-1010319, CVE-2019-11498




SuSE Linux 15.0x86_64libwavpack1-32bit-debuginfo-5.1.0-lp150.3.6.1wavpack-debuginfo-5.1.0-lp150.3.6.1wavpack-5.1.0-lp150.3.6.1libwavpack1-32bit-5.1.0-lp150.3.6.1wavpack-debugsource-5.1.0-lp150.3.6.1wavpack-devel-5.1.0-lp150.3.6.1libwavpack1-5.1.0-lp150.3.6.1libwavpack1-debuginfo-5.1.0-lp150.3.6.1

i586wavpack-debuginfo-5.1.0-lp150.3.6.1wavpack-5.1.0-lp150.3.6.1wavpack-debugsource-5.1.0-lp150.3.6.1wavpack-devel-5.1.0-lp150.3.6.1

libwavpack1-5.1.0-lp150.3.6.1libwavpack1-debuginfo-5.1.0-lp150.3.6.1

SuSE Linux 15.1x86_64wavpack-debugsource-5.1.0-lp151.5.3.1wavpack-5.1.0-lp151.5.3.1libwavpack1-32bit-debuginfo-5.1.0-lp151.5.3.1libwavpack1-debuginfo-5.1.0-lp151.5.3.1libwavpack1-5.1.0-lp151.5.3.1libwavpack1-32bit-5.1.0-lp151.5.3.1wavpack-debuginfo-5.1.0-lp151.5.3.1wavpack-devel-5.1.0-lp151.5.3.1

i586wavpack-debugsource-5.1.0-lp151.5.3.1wavpack-5.1.0-lp151.5.3.1libwavpack1-debuginfo-5.1.0-lp151.5.3.1libwavpack1-5.1.0-lp151.5.3.1wavpack-debuginfo-5.1.0-lp151.5.3.1wavpack-devel-5.1.0-lp151.5.3.1

195515 - Fedora Linux 30 FEDORA-2019-24e1d561e5 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-24e1d561e5



Fedora Core 30

systemd-241-12.git1e19bcd.fc30

195532 - Fedora Linux 29 FEDORA-2019-d9c2f1ec70 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-d9c2f1ec70



Fedora Core 29

roundcubemail-1.3.10-1.fc29

89039 - Slackware Linux 14.2 SSA:2019-247-01 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Slackware Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:SSA:2019-247-01


http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.416944

Slackware 14.2x86_64seamonkey-solibs-2.49.5-x86_64-1seamonkey-2.49.5-x86_64-1

i586seamonkey-2.49.5-i586-1seamonkey-solibs-2.49.5-i586-1


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683,CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690




Debian 10.0alllibwebkit2gtk-4.0-37-gtk2_2.24.4-1~deb10u1gir1.2-webkit2-4.0_2.24.4-1~deb10u1libjavascriptcoregtk-4.0-bin_2.24.4-1~deb10u1libwebkit2gtk-4.0-dev_2.24.4-1~deb10u1libjavascriptcoregtk-4.0-dev_2.24.4-1~deb10u1

libwebkit2gtk-4.0-doc_2.24.4-1~deb10u1libwebkit2gtk-4.0-37_2.24.4-1~deb10u1gir1.2-javascriptcoregtk-4.0_2.24.4-1~deb10u1libjavascriptcoregtk-4.0-18_2.24.4-1~deb10u1webkit2gtk-driver_2.24.4-1~deb10u1


Category: SSH Module -> NonIntrusive -> Debian Patches and HotfixesRisk Level: LowCVE: CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812




Debian 9.0allfirefox-esr_60.9.0esr-1~deb9u1

Debian 10.0allfirefox-esr_60.9.0esr-1~deb10u1


Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and HotfixesRisk Level: LowCVE: CVE-2019-12155, CVE-2019-14378




OEL7x86_64qemu-kvm-1.5.3-167.el7_7.1qemu-kvm-tools-1.5.3-167.el7_7.1qemu-img-1.5.3-167.el7_7.1qemu-kvm-common-1.5.3-167.el7_7.1

183082 - FreeBSD Flash Player Multiple Vulnerabilities (c6f19fe6-d42a-11e9-b4f9-6451062f0f7a)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2019-8069, CVE-2019-8070

DescriptionThe scan detected that the host is missing the following update:Flash Player -- multiple vulnerabilities (c6f19fe6-d42a-11e9-b4f9-6451062f0f7a)


http://www.vuxml.org/freebsd/c6f19fe6-d42a-11e9-b4f9-6451062f0f7a.html

Affected packages: linux-flashplayer < 32.0.0.255

183083 - FreeBSD Exim RCE With Root Privileges In TLS SNI Handler (61db9b88-d091-11e9-8d41-97657151f8c2)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:Exim -- RCE with root privileges in TLS SNI handler (61db9b88-d091-11e9-8d41-97657151f8c2)


http://www.vuxml.org/freebsd/61db9b88-d091-11e9-8d41-97657151f8c2.html

Affected packages: exim < 4.92.2

183085 - FreeBSD wordpress Multiple Issues (8a9f86de-d080-11e9-9051-4c72b94353b5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:wordpress -- multiple issues (8a9f86de-d080-11e9-9051-4c72b94353b5)


http://www.vuxml.org/freebsd/8a9f86de-d080-11e9-9051-4c72b94353b5.html

Affected packages: wordpress < 5.2.3,1

fr-wordpress < 5.2.3,1de-wordpress < 5.2.3zh_CN-wordpress < 5.2.3zh_TW-wordpress < 5.2.3ja-wordpress < 5.2.3ru-wordpress < 5.2.3

183086 - FreeBSD asterisk Crash When Negotiating For T.38 With A Declined Stream (d94c08d2-d079-11e9-8f1a-001999f8d30b)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2019-15297

DescriptionThe scan detected that the host is missing the following update:asterisk -- Crash when negotiating for T.38 with a declined stream (d94c08d2-d079-11e9-8f1a-001999f8d30b)


http://www.vuxml.org/freebsd/d94c08d2-d079-11e9-8f1a-001999f8d30b.html

Affected packages: asterisk15 < 15.7.4asterisk16 < 16.5.1

183087 - FreeBSD asterisk Remote Crash Vulnerability In Audio Transcoding (7d53d8da-d07a-11e9-8f1a-001999f8d30b)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and HotfixesRisk Level: LowCVE: CVE-2019-15639

DescriptionThe scan detected that the host is missing the following update:asterisk -- Remote Crash Vulnerability in audio transcoding (7d53d8da-d07a-11e9-8f1a-001999f8d30b)


http://www.vuxml.org/freebsd/7d53d8da-d07a-11e9-8f1a-001999f8d30b.html

Affected packages: asterisk13 < 13.28.1asterisk16 < 16.5.1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2019-11734, CVE-2019-11735, CVE-2019-11737, CVE-2019-11738, CVE-2019-11740, CVE-2019-11741, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11747, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752, CVE-2019-5849, CVE-2019-9812




Ubuntu 16.04

firefox_69.0+build2-0ubuntu0.16.04.4

Ubuntu 19.04


Ubuntu 18.04


186900 - Ubuntu Linux 16.04 USN-4126-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2015-9383




Ubuntu 16.04

libfreetype6_2.6.1-0.1ubuntu2.4


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-2015-9381, CVE-2015-9382, CVE-2015-9383


ObservationUpdates often remediate critical security problems that should be quickly addressed.

For more information see:


Ubuntu 12.04

libfreetype6_2.4.8-1ubuntu2.7

Ubuntu 14.04

libfreetype6_2.5.2-1ubuntu2.8+esm1


Category: SSH Module -> NonIntrusive -> Ubuntu Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH




Ubuntu 19.04

systemd_240-6ubuntu5.7

Ubuntu 18.04

systemd_237-3ubuntu10.29

195506 - Fedora Linux 29 FEDORA-2019-5e4316109b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-5e4316109b



Fedora Core 29

qt5-qtwebengine-5.12.4-5.fc29

195508 - Fedora Linux 30 FEDORA-2019-5d2420030c Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2019-5847, CVE-2019-5848, CVE-2019-5850, CVE-2019-5851, CVE-2019-5852, CVE-2019-5853, CVE-2019-5854, CVE-2019-5855, CVE-2019-5856, CVE-2019-5857, CVE-2019-5858, CVE-2019-5859, CVE-2019-5860, CVE-2019-5861, CVE-2019-5862,CVE-2019-5864, CVE-2019-5865

DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-5d2420030c



Fedora Core 30

chromium-76.0.3809.132-2.fc30

195511 - Fedora Linux 29 FEDORA-2019-e31c2f7d87 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-e31c2f7d87



Fedora Core 29

seamonkey-2.49.5-1.fc29

195519 - Fedora Linux 30 FEDORA-2019-baff775841 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-baff775841

ObservationUpdates often remediate critical security problems that should be quickly addressed.

For more information see:


Fedora Core 30

rdesktop-1.8.6-1.fc30

195526 - Fedora Linux 30 FEDORA-2019-7f7489dc8c Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-7f7489dc8c



Fedora Core 30

seamonkey-2.49.5-1.fc30

195527 - Fedora Linux 30 FEDORA-2019-0811a88d77 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2019-6472, CVE-2019-6473, CVE-2019-6474

DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-0811a88d77



Fedora Core 30

kea-1.5.0-9.fc30

195528 - Fedora Linux 30 FEDORA-2019-1f05925d82 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-1f05925d82



Fedora Core 30

libgcrypt-1.8.5-1.fc30

148308 - SuSE SLES 12 SP4, 12 SP5 SUSE-SU-2019:2336-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and HotfixesRisk Level: LowCVE: CVE-2019-11771, CVE-2019-11775, CVE-2019-2762, CVE-2019-2766, CVE-2019-2769, CVE-2019-2816, CVE-2019-4473,CVE-2019-7317




SuSE SLES 12 SP4x86_64java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-1.7.1_sr4.50-38.41.1

SuSE SLES 12 SP5x86_64java-1_7_1-ibm-plugin-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-jdbc-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-alsa-1.7.1_sr4.50-38.41.1java-1_7_1-ibm-1.7.1_sr4.50-38.41.1

195516 - Fedora Linux 31 FEDORA-2019-d5bd5f0aa4 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and HotfixesRisk Level: LowCVE: CVE-2019-15718

DescriptionThe scan detected that the host is missing the following update:FEDORA-2019-d5bd5f0aa4



Fedora Core 31

systemd-243-1.fc31

HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we stronglyurge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download anycritical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting"FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerabilityscripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability categoryand checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts willbe automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.comMulti-National Phone Support available here:

http://www.mcafee.com/us/about/contact/index.htmlNon-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution byothers is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2019 McAfee, Inc.McAfee is a registered trademark of McAfee, Inc. and/or its affiliates

https://mysupport.mcafee.com/

http://www.mcafee.com/us/about/contact/index.html

Documents

MCAFEE FOUNDSTONE FSL UPDATE 2019-SEP-11...Code Execution (CVE-201 Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2019-1306