MCAFEE FOUNDSTONE FSL UPDATE 2016-JAN-07 · openSUSE-SU-2015:2406-1 Observation Updates often...

2016-JAN-07FSL version 7.5.783

MCAFEE FOUNDSTONE FSL UPDATE

To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release.

NEW CHECKS

19476 - IBM WebSphere Application Server Multiple Vulerabilities Prior To 8.5.5.8

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2015-2017, CVE-2015-7450

DescriptionMultiple vulnerabilities are present in some versions of IBM WebSphere Application Server.

ObservationIBM WebSphere Application Server is a Java application server.

Multiple vulnerabilities are present in some versions of IBM WebSphere Application Server. The flaws occur due to a Java object deserialization issue and an HTTP response splitting issue. Successful exploitation could allow an attacker to obtain sensitive information or to execute arbitrary code.

91990 - Oracle Enterprise Linux ELSA-2016-0001 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Oracle Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2015-7201, CVE-2015-7205, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214

DescriptionThe scan detected that the host is missing the following update:ELSA-2016-0001

ObservationUpdates often remediate critical security problems that should be quickly addressed.For more information see:

http://oss.oracle.com/pipermail/el-errata/2016-January/005656.htmlhttp://oss.oracle.com/pipermail/el-errata/2016-January/005657.html

OEL7x86_64thunderbird-38.5.0-1.0.1.el7_2

OEL6x86_64thunderbird-38.5.0-1.0.1.el6_7

i386thunderbird-38.5.0-1.0.1.el6_7

130351 - Debian Linux 7.0, 8.0 DSA-3432-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2015-7201, CVE-2015-7205, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214

DescriptionThe scan detected that the host is missing the following update:DSA-3432-1


http://www.debian.org/security/2016/dsa-3432

Debian 8.0allicedove_38.5.0-1~deb8u1

Debian 7.0allicedove_38.5.0-1~deb7u1

141050 - Red Hat Enterprise Linux RHSA-2016-0001 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2015-7201, CVE-2015-7205, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214

DescriptionThe scan detected that the host is missing the following update:RHSA-2016-0001


https://rhn.redhat.com/errata/RHSA-2016-0001.html

RHEL6Si386thunderbird-38.5.0-1.el6_7thunderbird-debuginfo-38.5.0-1.el6_7

x86_64thunderbird-38.5.0-1.el6_7thunderbird-debuginfo-38.5.0-1.el6_7

RHEL6WSx86_64thunderbird-38.5.0-1.el6_7thunderbird-debuginfo-38.5.0-1.el6_7

i386

thunderbird-38.5.0-1.el6_7thunderbird-debuginfo-38.5.0-1.el6_7

RHEL5Dx86_64thunderbird-debuginfo-38.5.0-1.el5_11thunderbird-38.5.0-1.el5_11

i386thunderbird-debuginfo-38.5.0-1.el5_11thunderbird-38.5.0-1.el5_11

RHEL7Dx86_64thunderbird-38.5.0-1.el7_2thunderbird-debuginfo-38.5.0-1.el7_2

RHEL6Dx86_64thunderbird-38.5.0-1.el6_7thunderbird-debuginfo-38.5.0-1.el6_7

i386thunderbird-38.5.0-1.el6_7thunderbird-debuginfo-38.5.0-1.el6_7

RHEL7WSx86_64thunderbird-38.5.0-1.el7_2thunderbird-debuginfo-38.5.0-1.el7_2

144120 - SuSE Linux 13.1, 13.2 openSUSE-SU-2015:2406-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-7201, CVE-2015-7205, CVE-2015-7210, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214, CVE-2015-7222

DescriptionThe scan detected that the host is missing the following update:openSUSE-SU-2015:2406-1


http://lists.opensuse.org/opensuse-updates/2015-12/msg00140.html

SuSE Linux 13.1x86_64MozillaThunderbird-38.5.0-70.71.1MozillaThunderbird-translations-common-38.5.0-70.71.1MozillaThunderbird-devel-38.5.0-70.71.1MozillaThunderbird-debuginfo-38.5.0-70.71.1MozillaThunderbird-debugsource-38.5.0-70.71.1MozillaThunderbird-translations-other-38.5.0-70.71.1MozillaThunderbird-buildsymbols-38.5.0-70.71.1

i586

MozillaThunderbird-38.5.0-70.71.1MozillaThunderbird-translations-common-38.5.0-70.71.1MozillaThunderbird-devel-38.5.0-70.71.1MozillaThunderbird-debuginfo-38.5.0-70.71.1MozillaThunderbird-debugsource-38.5.0-70.71.1MozillaThunderbird-translations-other-38.5.0-70.71.1MozillaThunderbird-buildsymbols-38.5.0-70.71.1

SuSE Linux 13.2x86_64MozillaThunderbird-translations-common-38.5.0-34.2MozillaThunderbird-buildsymbols-38.5.0-34.2MozillaThunderbird-38.5.0-34.2MozillaThunderbird-debuginfo-38.5.0-34.2MozillaThunderbird-debugsource-38.5.0-34.2MozillaThunderbird-translations-other-38.5.0-34.2MozillaThunderbird-devel-38.5.0-34.2

i586MozillaThunderbird-translations-common-38.5.0-34.2MozillaThunderbird-buildsymbols-38.5.0-34.2MozillaThunderbird-38.5.0-34.2MozillaThunderbird-debuginfo-38.5.0-34.2MozillaThunderbird-debugsource-38.5.0-34.2MozillaThunderbird-translations-other-38.5.0-34.2MozillaThunderbird-devel-38.5.0-34.2

144121 - SuSE Linux 11.4 openSUSE-SU-2015:2403-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651




SuSE Linux 11.4x86_64flash-player-11.2.202.559-179.1flash-player-gnome-11.2.202.559-179.1flash-player-kde4-11.2.202.559-179.1

i586flash-player-11.2.202.559-179.1flash-player-gnome-11.2.202.559-179.1flash-player-kde4-11.2.202.559-179.1

144122 - SuSE SLED 12 SUSE-SU-2015:2401-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651

DescriptionThe scan detected that the host is missing the following update:SUSE-SU-2015:2401-1


http://lists.suse.com/pipermail/sle-security-updates/2015-December/001772.html

SuSE SLED 12x86_64flash-player-gnome-11.2.202.559-117.1flash-player-11.2.202.559-117.1

178144 - Gentoo Linux GLSA-201512-10 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: High CVE: CVE-2015-0798, CVE-2015-0799, CVE-2015-0801, CVE-2015-0802, CVE-2015-0803, CVE-2015-0804, CVE-2015-0805, CVE-2015-0806, CVE-2015-0807, CVE-2015-0808, CVE-2015-0810, CVE-2015-0811, CVE-2015-0812, CVE-2015-0813, CVE-2015-0814, CVE-2015-0815, CVE-2015-0816, CVE-2015-2706, CVE-2015-2721, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2726, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2730, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2742, CVE-2015-2743, CVE-2015-2808, CVE-2015-4000, CVE-2015-4153, CVE-2015-4495, CVE-2015-4513, CVE-2015-4514, CVE-2015-4515, CVE-2015-4518, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7187, CVE-2015-7188, CVE-2015-7189, CVE-2015-7191, CVE-2015-7192, CVE-2015-7193, CVE-2015-7194, CVE-2015-7195, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200, CVE-2015-7201, CVE-2015-7202, CVE-2015-7203, CVE-2015-7204, CVE-2015-7205, CVE-2015-7207, CVE-2015-7208, CVE-2015-7210, CVE-2015-7211, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214, CVE-2015-7215, CVE-2015-7216, CVE-2015-7217, CVE-2015-7218, CVE-2015-7219, CVE-2015-7220, CVE-2015-7221, CVE-2015-7222, CVE-2015-7223

DescriptionThe scan detected that the host is missing the following update:GLSA-201512-10


https://security.gentoo.org/glsa/201512-10

Affected packages: www-client/firefox < 38.5.0www-client/firefox-bin < 38.5.0mail-client/thunderbird < 38.5.0mail-client/thunderbird-bin < 38.5.0

181757 - FreeBSD qemu Denial Of Service Vulnerability In IDE Disk/CD/DVD-ROM Emulation (bbc97005-b14e-11e5-9728-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: High CVE: CVE-2015-6855

DescriptionThe scan detected that the host is missing the following update:qemu -- denial of service vulnerability in IDE disk/CD/DVD-ROM emulation (bbc97005-b14e-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/bbc97005-b14e-11e5-9728-002590263bf5.html

Affected packages: qemu < 2.4.1qemu-devel < 2.4.1qemu-sbruno < 2.5.50.g20151224qemu-user-static < 2.5.50.g20151224

190153 - Fedora Linux 22 FEDORA-2015-eb896290d3 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-eb896290d3


http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html

Fedora Core 22

pcre-8.38-1.fc22

19481 - Open Automation Software OPC Systems.NET DLL Hijacking Vulnerability

Category: Windows Host Assessment -> SCADA (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2015-7917

DescriptionA DLL Hijacking vulnerability is present in some versions of Open Automation Software OPC Systems.NET.

ObservationOpen Automation Software OPC Systems.NET is a complete suite for SCADA and HMI applications.

A DLL Hijacking vulnerability is present in some versions of OPC Systems.NET. This flaw is caused when a local user runs the application and loads a malicious DLL file. Successful exploitation could allow an attacker to execute of arbitrary code with the same privilege level as the affected software.

19489 - (VMSA-2015-0009) VMware vRealize Orchestrator (vCenter Orchestrator) Apache Commons-Collections Deserialization Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2015-6934

DescriptionA deserialization vulnerability is present in some versions of VMware vCenter Orchestrator.

ObservationVMware vCenter Orchestrator integrates with VMware vCloud Suite and automates IT tasks.

A deserialization vulnerability is present in some versions of VMware vCenter Orchestrator. The flaw lies in Apache Commons-collections. Successful exploitation could allow an attacker to execute remote code.

19490 - (VMSA-2015-0009) VMware vRealize Orchestrator (vCenter Orchestrator) Apache Commons-Collections Deserialization Vulnerability

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High CVE: CVE-2015-6934

DescriptionA deserialization vulnerability is present in some versions of VMware vCenter Orchestrator.

ObservationVMware vCenter Orchestrator integrates with VMware vCloud Suite and automates IT tasks.

A deserialization vulnerability is present in some versions of VMware vCenter Orchestrator. The flaw lies in Apache Commons-collections. Successful exploitation could allow an attacker to execute remote code.

19486 - Joomla! Remote Code Execution Vulnerability (20151201)

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: High CVE: CVE-2015-8562

DescriptionA vulnerability is present in some versions of Joomla!.

ObservationJoomla! is a content management system.

A vulnerability is present in some versions of Joomla!. The flaw is due to improper handling of the HTTP User-Agent header. Successful exploitation could allow an attacker to inject arbitrary PHP code.

19488 - Joomla Directory Traversal Vulnerability (20151203)




A vulnerability is present in some versions of Joomla!. The flaw is due to improper sanitization of input data from the XML install file included in an extension's package archive. Successful exploitation could allow an attacker to perform a directory traversal attack.

19491 - Joomla CSRF Vulnerability (20151202)




A vulnerability is present in some versions of Joomla!. The flaw lies in the com_templates component. Successful exploitation could allow an attacker to hijack the authentication of a user.

19497 - Cisco Prime Network Services Controller Arbitrary Command Execution Privilege Escalation

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: High CVE: CVE-2015-6426

DescriptionA vulnerability in some versions of Cisco Prime Network Service could lead to privilege escalation.

ObservationA vulnerability in some versions of Cisco Prime Network Service could lead to privilege escalation.

The flaw is due to insufficient validation of local commands. Successful exploitation could allow a local user to gain elevated privileges.

19498 - Joomla! Directory Traversal Vulnerability (20151204)




A vulnerability is present in some versions of Joomla!. The flaw is due to improper handling of request data. Successful exploitation could allow an attacker to launch a directory traversal attack.


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-7575




SuSE Linux 13.1x86_64mozilla-nss-sysinit-3.20.2-65.1mozilla-nss-3.20.2-65.1libsoftokn3-debuginfo-32bit-3.20.2-65.1libfreebl3-debuginfo-3.20.2-65.1mozilla-nss-devel-3.20.2-65.1mozilla-nss-certs-3.20.2-65.1mozilla-nss-sysinit-debuginfo-3.20.2-65.1libsoftokn3-3.20.2-65.1libfreebl3-debuginfo-32bit-3.20.2-65.1mozilla-nss-tools-3.20.2-65.1libsoftokn3-32bit-3.20.2-65.1mozilla-nss-certs-debuginfo-32bit-3.20.2-65.1mozilla-nss-debuginfo-32bit-3.20.2-65.1mozilla-nss-tools-debuginfo-3.20.2-65.1libsoftokn3-debuginfo-3.20.2-65.1mozilla-nss-32bit-3.20.2-65.1mozilla-nss-certs-32bit-3.20.2-65.1libfreebl3-3.20.2-65.1libfreebl3-32bit-3.20.2-65.1mozilla-nss-sysinit-32bit-3.20.2-65.1mozilla-nss-certs-debuginfo-3.20.2-65.1mozilla-nss-sysinit-debuginfo-32bit-3.20.2-65.1mozilla-nss-debugsource-3.20.2-65.1mozilla-nss-debuginfo-3.20.2-65.1

i586mozilla-nss-sysinit-3.20.2-65.1mozilla-nss-3.20.2-65.1libfreebl3-debuginfo-3.20.2-65.1mozilla-nss-devel-3.20.2-65.1mozilla-nss-certs-3.20.2-65.1mozilla-nss-sysinit-debuginfo-3.20.2-65.1libsoftokn3-3.20.2-65.1mozilla-nss-tools-3.20.2-65.1

mozilla-nss-tools-debuginfo-3.20.2-65.1libsoftokn3-debuginfo-3.20.2-65.1libfreebl3-3.20.2-65.1mozilla-nss-certs-debuginfo-3.20.2-65.1mozilla-nss-debugsource-3.20.2-65.1mozilla-nss-debuginfo-3.20.2-65.1

SuSE Linux 13.2x86_64libfreebl3-debuginfo-3.20.2-22.1mozilla-nss-3.20.2-22.1mozilla-nss-certs-3.20.2-22.1mozilla-nss-tools-3.20.2-22.1mozilla-nss-sysinit-debuginfo-3.20.2-22.1mozilla-nss-certs-32bit-3.20.2-22.1libsoftokn3-debuginfo-3.20.2-22.1libfreebl3-debuginfo-32bit-3.20.2-22.1mozilla-nss-debuginfo-32bit-3.20.2-22.1mozilla-nss-certs-debuginfo-32bit-3.20.2-22.1libsoftokn3-32bit-3.20.2-22.1libsoftokn3-3.20.2-22.1libsoftokn3-debuginfo-32bit-3.20.2-22.1mozilla-nss-sysinit-32bit-3.20.2-22.1mozilla-nss-32bit-3.20.2-22.1mozilla-nss-debuginfo-3.20.2-22.1mozilla-nss-debugsource-3.20.2-22.1mozilla-nss-tools-debuginfo-3.20.2-22.1mozilla-nss-certs-debuginfo-3.20.2-22.1libfreebl3-32bit-3.20.2-22.1mozilla-nss-sysinit-debuginfo-32bit-3.20.2-22.1libfreebl3-3.20.2-22.1mozilla-nss-devel-3.20.2-22.1mozilla-nss-sysinit-3.20.2-22.1

i586libfreebl3-debuginfo-3.20.2-22.1mozilla-nss-3.20.2-22.1mozilla-nss-certs-3.20.2-22.1mozilla-nss-tools-3.20.2-22.1mozilla-nss-sysinit-debuginfo-3.20.2-22.1libsoftokn3-debuginfo-3.20.2-22.1libsoftokn3-3.20.2-22.1mozilla-nss-debuginfo-3.20.2-22.1mozilla-nss-debugsource-3.20.2-22.1mozilla-nss-tools-debuginfo-3.20.2-22.1mozilla-nss-certs-debuginfo-3.20.2-22.1libfreebl3-3.20.2-22.1mozilla-nss-devel-3.20.2-22.1mozilla-nss-sysinit-3.20.2-22.1

144125 - SuSE SLES 12, SLED 12 SUSE-SU-2016:0027-1 Update Is Not Installed




http://lists.suse.com/pipermail/sle-security-updates/2016-January/001779.html

SuSE SLED 12x86_64libpng16-debugsource-1.6.8-11.1libpng16-16-debuginfo-1.6.8-11.1libpng16-16-debuginfo-32bit-1.6.8-11.1libpng16-16-1.6.8-11.1libpng16-16-32bit-1.6.8-11.1

SuSE SLES 12x86_64libpng16-debugsource-1.6.8-11.1libpng16-16-debuginfo-1.6.8-11.1libpng16-16-32bit-1.6.8-11.1libpng16-16-1.6.8-11.1libpng16-16-debuginfo-32bit-1.6.8-11.1






SuSE Linux 13.1i586claws-mail-debuginfo-3.10.1-3.8.1claws-mail-3.10.1-3.8.1claws-mail-debugsource-3.10.1-3.8.1claws-mail-devel-3.10.1-3.8.1

noarchclaws-mail-lang-3.10.1-3.8.1

x86_64claws-mail-debuginfo-3.10.1-3.8.1claws-mail-3.10.1-3.8.1claws-mail-debugsource-3.10.1-3.8.1claws-mail-devel-3.10.1-3.8.1

SuSE Linux 13.2i586claws-mail-debugsource-3.11.0-2.7.1

claws-mail-devel-3.11.0-2.7.1claws-mail-3.11.0-2.7.1claws-mail-debuginfo-3.11.0-2.7.1

noarchclaws-mail-lang-3.11.0-2.7.1

x86_64claws-mail-debugsource-3.11.0-2.7.1claws-mail-devel-3.11.0-2.7.1claws-mail-3.11.0-2.7.1claws-mail-debuginfo-3.11.0-2.7.1


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: High CVE: CVE-2015-7512, CVE-2015-8345




SuSE SLED 12x86_64qemu-kvm-2.0.2-48.12.1qemu-debugsource-2.0.2-48.12.1qemu-2.0.2-48.12.1qemu-x86-debuginfo-2.0.2-48.12.1qemu-block-curl-2.0.2-48.12.1qemu-tools-debuginfo-2.0.2-48.12.1qemu-x86-2.0.2-48.12.1qemu-block-curl-debuginfo-2.0.2-48.12.1qemu-tools-2.0.2-48.12.1

noarchqemu-sgabios-8-48.12.1qemu-seabios-1.7.4-48.12.1qemu-ipxe-1.0.0-48.12.1qemu-vgabios-1.7.4-48.12.1

SuSE SLES 12noarchqemu-sgabios-8-48.12.1qemu-seabios-1.7.4-48.12.1qemu-ipxe-1.0.0-48.12.1qemu-vgabios-1.7.4-48.12.1

x86_64qemu-x86-2.0.2-48.12.1qemu-2.0.2-48.12.1qemu-kvm-2.0.2-48.12.1

qemu-guest-agent-debuginfo-2.0.2-48.12.1qemu-guest-agent-2.0.2-48.12.1qemu-tools-debuginfo-2.0.2-48.12.1qemu-debugsource-2.0.2-48.12.1qemu-x86-debuginfo-2.0.2-48.12.1qemu-block-rbd-debuginfo-2.0.2-48.12.1qemu-block-rbd-2.0.2-48.12.1qemu-tools-2.0.2-48.12.1qemu-lang-2.0.2-48.12.1qemu-block-curl-2.0.2-48.12.1qemu-block-curl-debuginfo-2.0.2-48.12.1






SuSE Linux 13.1x86_64MozillaFirefox-translations-other-43.0.3-100.1MozillaFirefox-translations-common-43.0.3-100.1MozillaFirefox-43.0.3-100.1MozillaFirefox-debugsource-43.0.3-100.1MozillaFirefox-branding-upstream-43.0.3-100.1MozillaFirefox-debuginfo-43.0.3-100.1MozillaFirefox-buildsymbols-43.0.3-100.1MozillaFirefox-devel-43.0.3-100.1

i586MozillaFirefox-translations-other-43.0.3-100.1MozillaFirefox-translations-common-43.0.3-100.1MozillaFirefox-43.0.3-100.1MozillaFirefox-debugsource-43.0.3-100.1MozillaFirefox-branding-upstream-43.0.3-100.1MozillaFirefox-debuginfo-43.0.3-100.1MozillaFirefox-buildsymbols-43.0.3-100.1MozillaFirefox-devel-43.0.3-100.1

SuSE Linux 13.2x86_64MozillaFirefox-debugsource-43.0.3-56.1MozillaFirefox-translations-common-43.0.3-56.1MozillaFirefox-devel-43.0.3-56.1MozillaFirefox-branding-upstream-43.0.3-56.1MozillaFirefox-translations-other-43.0.3-56.1MozillaFirefox-debuginfo-43.0.3-56.1MozillaFirefox-buildsymbols-43.0.3-56.1

MozillaFirefox-43.0.3-56.1

i586MozillaFirefox-debugsource-43.0.3-56.1MozillaFirefox-translations-common-43.0.3-56.1MozillaFirefox-devel-43.0.3-56.1MozillaFirefox-branding-upstream-43.0.3-56.1MozillaFirefox-translations-other-43.0.3-56.1MozillaFirefox-debuginfo-43.0.3-56.1MozillaFirefox-buildsymbols-43.0.3-56.1MozillaFirefox-43.0.3-56.1


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: High CVE: CVE-2014-8651




Affected packages: kde-base/systemsettings < 4.11.13-r1


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: High CVE: CVE-2014-9328, CVE-2015-1461, CVE-2015-1462, CVE-2015-1463, CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2668




Affected packages: app-antivirus/clamav < 0.98.7

181744 - FreeBSD xen-tools Libxl Leak Of Pv Kernel And Initrd On Error (5d1d4473-b40d-11e5-9728-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: High

CVE: CVE-2015-8341

DescriptionThe scan detected that the host is missing the following update:xen-tools -- libxl leak of pv kernel and initrd on error (5d1d4473-b40d-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/5d1d4473-b40d-11e5-9728-002590263bf5.html

Affected packages: 4.1 <= xen-tools < 4.5.2_1

181749 - FreeBSD qemu Buffer Overflow Vulnerability In VNC (2b3b4c27-b0c7-11e5-8d13-bc5ff45d0f28)


DescriptionThe scan detected that the host is missing the following update:qemu -- buffer overflow vulnerability in VNC (2b3b4c27-b0c7-11e5-8d13-bc5ff45d0f28)


http://www.vuxml.org/freebsd/2b3b4c27-b0c7-11e5-8d13-bc5ff45d0f28.html

Affected packages: qemu < 2.4.0.1qemu-devel < 2.4.0.1qemu-sbruno < 2.4.50.g20151011qemu-user-static < 2.4.50.g20151011

181753 - FreeBSD kea Unexpected Termination While Handling A Malformed Packet (59e7eb28-b309-11e5-af83-80ee73b5dcf5)


DescriptionThe scan detected that the host is missing the following update:kea -- unexpected termination while handling a malformed packet (59e7eb28-b309-11e5-af83-80ee73b5dcf5)


http://www.vuxml.org/freebsd/59e7eb28-b309-11e5-af83-80ee73b5dcf5.html

Affected packages:

kea < 1.0.0

181756 - FreeBSD qemu Denial Of Service Vulnerabilities In NE2000 NIC Support (6aa3322f-b150-11e5-9728-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: High CVE: CVE-2015-5278, CVE-2015-5279

DescriptionThe scan detected that the host is missing the following update:qemu -- denial of service vulnerabilities in NE2000 NIC support (6aa3322f-b150-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/6aa3322f-b150-11e5-9728-002590263bf5.html


181759 - FreeBSD cacti SQL Injection Vulnerabilities (bb961ff3-b3a4-11e5-8255-5453ed2e2b49)


DescriptionThe scan detected that the host is missing the following update:cacti -- SQL injection vulnerabilities (bb961ff3-b3a4-11e5-8255-5453ed2e2b49)


http://www.vuxml.org/freebsd/bb961ff3-b3a4-11e5-8255-5453ed2e2b49.html

Affected packages: cacti <= 0.8.8f_1

185108 - Ubuntu Linux 14.04 USN-2858-2 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: High CVE: CVE-2015-8660

DescriptionThe scan detected that the host is missing the following update:USN-2858-2

Observation

Updates often remediate critical security problems that should be quickly addressed.For more information see:

https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-January/003249.html

Ubuntu 14.04

linux-image-4.2.0-23-powerpc64-smp_4.2.0-23.28~14.04.1linux-image-4.2.0-23-lowlatency_4.2.0-23.28~14.04.1linux-image-4.2.0-23-generic-lpae_4.2.0-23.28~14.04.1linux-image-4.2.0-23-generic_4.2.0-23.28~14.04.1linux-image-4.2.0-23-powerpc-smp_4.2.0-23.28~14.04.1linux-image-4.2.0-23-powerpc-e500mc_4.2.0-23.28~14.04.1linux-image-4.2.0-23-powerpc64-emb_4.2.0-23.28~14.04.1






Ubuntu 15.10

linux-image-4.2.0-1018-raspi2_4.2.0-1018.25






Ubuntu 15.04

linux-image-3.19.0-43-powerpc64-smp_3.19.0-43.49linux-image-3.19.0-43-powerpc-smp_3.19.0-43.49linux-image-3.19.0-43-powerpc64-emb_3.19.0-43.49

linux-image-3.19.0-43-generic-lpae_3.19.0-43.49linux-image-3.19.0-43-powerpc-e500mc_3.19.0-43.49linux-image-3.19.0-43-generic_3.19.0-43.49linux-image-3.19.0-43-lowlatency_3.19.0-43.49






Ubuntu 14.04

linux-image-3.19.0-43-lowlatency_3.19.0-43.49~14.04.1linux-image-3.19.0-43-powerpc-smp_3.19.0-43.49~14.04.1linux-image-3.19.0-43-powerpc64-smp_3.19.0-43.49~14.04.1linux-image-3.19.0-43-powerpc-e500mc_3.19.0-43.49~14.04.1linux-image-3.19.0-43-powerpc64-emb_3.19.0-43.49~14.04.1linux-image-3.19.0-43-generic-lpae_3.19.0-43.49~14.04.1linux-image-3.19.0-43-generic_3.19.0-43.49~14.04.1






Ubuntu 15.10

linux-image-4.2.0-23-generic-lpae_4.2.0-23.28linux-image-4.2.0-23-powerpc64-emb_4.2.0-23.28linux-image-4.2.0-23-generic_4.2.0-23.28linux-image-4.2.0-23-powerpc64-smp_4.2.0-23.28linux-image-4.2.0-23-powerpc-smp_4.2.0-23.28linux-image-4.2.0-23-powerpc-e500mc_4.2.0-23.28linux-image-4.2.0-23-lowlatency_4.2.0-23.28

190156 - Fedora Linux 23 FEDORA-2015-39499d9af8 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-39499d9af8



Fedora Core 23

libpng12-1.2.56-1.fc23

190157 - Fedora Linux 22 FEDORA-2015-ac8100927a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-7981, CVE-2015-8126, CVE-2015-8472, CVE-2015-8540

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-ac8100927a



Fedora Core 22

libpng12-1.2.56-1.fc22

190160 - Fedora Linux 22 FEDORA-2015-233750b6ab Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-8126, CVE-2015-8472

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-233750b6ab



Fedora Core 22

libpng15-1.5.25-1.fc22

190167 - Fedora Linux 23 FEDORA-2015-c80ec85542 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: High CVE: CVE-2015-8126, CVE-2015-8472

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-c80ec85542



Fedora Core 23

libpng15-1.5.25-1.fc23

19487 - Joomla! SQL Injection Vulnerability (20151207)

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-MAP-NOMATCH



A vulnerability is present in some versions of Joomla!. The flaw is due to improper handling of request data. Successful exploitation could allow an attacker to inject arbitrary SQL code.


Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7513, CVE-2015-7550, CVE-2015-8543, CVE-2015-8550, CVE-2015-8551, CVE-2015-8552, CVE-2015-8569, CVE-2015-8575, CVE-2015-8709


Observation

Updates often remediate critical security problems that should be quickly addressed.For more information see:


Debian 8.0allfuse-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt20-1+deb8u2virtio-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u2isofs-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u2scsi-core-modules-3.16.0-4-orion5x-di_3.16.7-ckt20-1+deb8u2jfs-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u2crypto-dm-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u2usb-serial-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u2virtio-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u2firewire-core-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u2crc-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u2nic-wireless-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u2fuse-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u2linux-headers-3.16.0-4-all-ppc64el_3.16.7-ckt20-1+deb8u2usb-storage-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u2kernel-image-3.16.0-4-arm64-di_3.16.7-ckt20-1+deb8u2fat-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u2kernel-image-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u2efi-modules-3.16.0-4-arm64-di_3.16.7-ckt20-1+deb8u2fuse-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u2core-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u2usb-storage-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u2virtio-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u2nbd-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u2fb-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u2nic-shared-modules-3.16.0-4-r4k-ip22-di_3.16.7-ckt20-1+deb8u2kernel-image-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u2crypto-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u2mouse-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u2crypto-dm-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u2isofs-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u2ntfs-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u2speakup-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u2udf-modules-3.16.0-4-orion5x-di_3.16.7-ckt20-1+deb8u2nic-shared-modules-3.16.0-4-r5k-ip32-di_3.16.7-ckt20-1+deb8u2linux-headers-3.16.0-4-sb1-bcm91250a_3.16.7-ckt20-1+deb8u2scsi-extra-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u2pcmcia-storage-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u2fat-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u2sata-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u2pcmcia-storage-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u2fuse-modules-3.16.0-4-r4k-ip22-di_3.16.7-ckt20-1+deb8u2crypto-dm-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u2crypto-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u2zlib-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u2ppp-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u2crypto-dm-modules-3.16.0-4-arm64-di_3.16.7-ckt20-1+deb8u2md-modules-3.16.0-4-s390x-di_3.16.7-ckt20-1+deb8u2fuse-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u2squashfs-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt20-1+deb8u2mmc-core-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u2input-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u2md-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u2fb-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u2

core-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u2mmc-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u2scsi-core-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u2zlib-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u2affs-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u2btrfs-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u2fuse-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u2mouse-modules-3.16.0-4-powerpc-di_3.16.7-ckt20-1+deb8u2virtio-modules-3.16.0-4-s390x-di_3.16.7-ckt20-1+deb8u2event-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u2xfs-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u2loop-modules-3.16.0-4-powerpc64-di_3.16.7-ckt20-1+deb8u2linux-image-3.16.0-4-r4k-ip22_3.16.7-ckt20-1+deb8u2nic-wireless-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u2virtio-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u2udf-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u2mouse-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u2crypto-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u2event-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt20-1+deb8u2crypto-dm-modules-3.16.0-4-orion5x-di_3.16.7-ckt20-1+deb8u2linux-headers-3.16.0-4-powerpc-smp_3.16.7-ckt20-1+deb8u2event-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u2crc-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u2nic-modules-3.16.0-4-kirkwood-di_3.16.7-ckt20-1+deb8u2multipath-modules-3.16.0-4-versatile-di_3.16.7-ckt20-1+deb8u2linux-image-3.16.0-4-r5k-ip32_3.16.7-ckt20-1+deb8u2usb-serial-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u2pcmcia-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u2ata-modules-3.16.0-4-arm64-di_3.16.7-ckt20-1+deb8u2btrfs-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u2fat-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u2squashfs-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u2udf-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u2crypto-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u2ata-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u2squashfs-modules-3.16.0-4-r4k-ip22-di_3.16.7-ckt20-1+deb8u2scsi-core-modules-3.16.0-4-s390x-di_3.16.7-ckt20-1+deb8u2xfs-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u2crc-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u2linux-headers-3.16.0-4-all-i386_3.16.7-ckt20-1+deb8u2jfs-modules-3.16.0-4-loongson-2e-di_3.16.7-ckt20-1+deb8u2firewire-core-modules-3.16.0-4-loongson-3-di_3.16.7-ckt20-1+deb8u2nic-usb-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u2nic-modules-3.16.0-4-s390x-di_3.16.7-ckt20-1+deb8u2sata-modules-3.16.0-4-orion5x-di_3.16.7-ckt20-1+deb8u2i2c-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u2ppp-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u2minix-modules-3.16.0-4-orion5x-di_3.16.7-ckt20-1+deb8u2linux-image-3.16.0-4-amd64-dbg_3.16.7-ckt20-1+deb8u2jfs-modules-3.16.0-4-octeon-di_3.16.7-ckt20-1+deb8u2hfs-modules-3.16.0-4-4kc-malta-di_3.16.7-ckt20-1+deb8u2sata-modules-3.16.0-4-loongson-3-di_3.16.7-ckt20-1+deb8u2linux-headers-3.16.0-4-loongson-2f_3.16.7-ckt20-1+deb8u2ext4-modules-3.16.0-4-powerpc64le-di_3.16.7-ckt20-1+deb8u2mtd-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u2nic-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u2usb-serial-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u2md-modules-3.16.0-4-amd64-di_3.16.7-ckt20-1+deb8u2jfs-modules-3.16.0-4-r5k-ip32-di_3.16.7-ckt20-1+deb8u2speakup-modules-3.16.0-4-loongson-2f-di_3.16.7-ckt20-1+deb8u2

core-modules-3.16.0-4-s390x-di_3.16.7-ckt20-1+deb8u2mmc-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u2nic-pcmcia-modules-3.16.0-4-686-pae-di_3.16.7-ckt20-1+deb8u2linux-support-3.16.0-4_3.16.7-ckt20-1+deb8u2btrfs-modules-3.16.0-4-586-di_3.16.7-ckt20-1+deb8u2rtc-modules-3.16.0-4-sb1-bcm91250a-di_3.16.7-ckt20-1+deb8u2multipath-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u2scsi-core-modules-3.16.0-4-armmp-di_3.16.7-ckt20-1+deb8u2

Debian 7.0allinput-modules-3.2.0-4-4kc-malta-di_3.2.73-2+deb7u2


Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467




Debian 8.0allsamba_2:4.1.17+dfsg-2+deb8u1

Debian 7.0allsamba_2:3.6.6-6+deb7u6


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-8370



http://lists.suse.com/pipermail/sle-security-updates/2015-December/001770.html

SuSE SLED 12x86_64grub2-x86_64-efi-2.02~beta2-56.9.4

grub2-x86_64-xen-2.02~beta2-56.9.4grub2-2.02~beta2-56.9.4grub2-debuginfo-2.02~beta2-56.9.4grub2-i386-pc-2.02~beta2-56.9.4

noarchgrub2-snapper-plugin-2.02~beta2-56.9.4

SuSE SLES 12noarchgrub2-snapper-plugin-2.02~beta2-56.9.4

x86_64grub2-x86_64-efi-2.02~beta2-56.9.4grub2-x86_64-xen-2.02~beta2-56.9.4grub2-2.02~beta2-56.9.4grub2-debuginfo-2.02~beta2-56.9.4grub2-i386-pc-2.02~beta2-56.9.4


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2014-9732, CVE-2015-4467, CVE-2015-4468, CVE-2015-4469, CVE-2015-4470, CVE-2015-4471, CVE-2015-4472




SuSE SLED 12x86_64libmspack-debugsource-0.4-14.4libmspack0-0.4-14.4libmspack0-debuginfo-0.4-14.4

SuSE SLES 12x86_64libmspack-debugsource-0.4-14.4libmspack0-0.4-14.4libmspack0-debuginfo-0.4-14.4


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2015-0797




Affected packages: media-libs/gstreamer < 1.4.5






Affected packages: dev-db/firebird < 2.5.3.26780.0-r3

181746 - FreeBSD unzip Multiple Vulnerabilities (86c3c66e-b2f5-11e5-863a-b499baebfeaf)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7696, CVE-2015-7697

DescriptionThe scan detected that the host is missing the following update:unzip -- multiple vulnerabilities (86c3c66e-b2f5-11e5-863a-b499baebfeaf)


http://www.vuxml.org/freebsd/86c3c66e-b2f5-11e5-863a-b499baebfeaf.html

Affected packages: unzip < 6.0_7

181747 - FreeBSD qemu Code Execution On Host Machine (aea8d90e-b0c1-11e5-8d13-bc5ff45d0f28)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3214

Description

The scan detected that the host is missing the following update:qemu -- code execution on host machine (aea8d90e-b0c1-11e5-8d13-bc5ff45d0f28)


http://www.vuxml.org/freebsd/aea8d90e-b0c1-11e5-8d13-bc5ff45d0f28.html


181752 - FreeBSD mono DoS And Code Execution (4b3a7e70-afce-11e5-b864-14dae9d210b8)


DescriptionThe scan detected that the host is missing the following update:mono -- DoS and code execution (4b3a7e70-afce-11e5-b864-14dae9d210b8)


http://www.vuxml.org/freebsd/4b3a7e70-afce-11e5-b864-14dae9d210b8.html

Affected packages: mono < 4.2

185110 - Ubuntu Linux 12.04, 14.04, 15.04, 15.10 USN-2855-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467




Ubuntu 12.04

samba_3.6.3-2ubuntu2.13

Ubuntu 15.04

samba_4.1.13+dfsg-4ubuntu3.1

Ubuntu 15.10

samba_4.1.17+dfsg-4ubuntu3.1

Ubuntu 14.04

samba_4.1.6+dfsg-1ubuntu2.14.04.11

19477 - IBM WebSphere Application Server Apache HTTPComponents Vulnerabilities

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2012-6153, CVE-2014-3577

DescriptionMultiple vulnerabilities are present in some versions of IBM WebSphere Application Server.

ObservationIBM WebSphere Application Server is a Java application server.

Multiple vulnerabilities are present in some versions of IBM WebSphere Application Server. The flaws lie in Apache HTTPComponents. Successful exploitation could allow an attacker to perform man-in-the-middle attacks.

19482 - Cisco IOS/IOS XE Software IKEv1 State Machine Denial of Service

Category: SSH Module -> NonIntrusive -> Cisco IOS Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-6429

DescriptionA vulnerability in some versions of Cisco IOS and IOS XE could lead to a denial of service.

ObservationA vulnerability in some versions of Cisco IOS and IOS XE could lead to a denial of service.

The flaw is due to insufficient condition checks in the IKEv1 state machine. Successful exploitation by a remote attacker could result in a denial of service condition.

19485 - IBM WebSphere Portal Information Disclosure Vulnerability (CVE-2015-7447)

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2015-7447

DescriptionA vulnerability is present in some versions of IBM WebSphere Portal.

ObservationIBM WebSphere Portal is a set of software tools that is used to build and manage web portals.

A vulnerability is present in some versions of IBM WebSphere Portal. The flaw lies in Portal AccessControl REST API. Successful exploitation could allow a remote attacker to obtain sensitive information.






Affected packages: sys-fs/encfs < 1.7.5






Affected packages: dev-libs/mpfr < 3.1.3_p4


Category: SSH Module -> NonIntrusive -> Gentoo Linux Patches and HotFixes Risk Level: Medium CVE: CVE-2012-6697, CVE-2015-6674, CVE-2015-8702


ObservationUpdates often remediate critical security problems that should be quickly addressed.

For more information see:


Affected packages: net-irc/inspircd < 2.0.20

181740 - FreeBSD qemu Denial Of Service Vulnerability In Virtio-net Support (42cbd1e8-b152-11e5-9728-002590263bf5)


DescriptionThe scan detected that the host is missing the following update:qemu -- denial of service vulnerability in virtio-net support (42cbd1e8-b152-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/42cbd1e8-b152-11e5-9728-002590263bf5.html


181754 - FreeBSD mini_httpd Buffer Overflow Via Snprintf (84dc49b0-b267-11e5-8a5b-00262d5ed8ee)


DescriptionThe scan detected that the host is missing the following update:mini_httpd -- buffer overflow via snprintf (84dc49b0-b267-11e5-8a5b-00262d5ed8ee)


http://www.vuxml.org/freebsd/84dc49b0-b267-11e5-8a5b-00262d5ed8ee.html

Affected packages: mini_httpd < 1.23

185114 - Ubuntu Linux 12.04, 14.04, 15.04, 15.10 USN-2856-1 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Ubuntu Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3223, CVE-2015-5330




Ubuntu 12.04

libldb1_1.1.4-1ubuntu0.1

Ubuntu 15.04


Ubuntu 15.10


Ubuntu 14.04


190146 - Fedora Linux 22 FEDORA-2015-323274d412 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-5963, CVE-2015-5964, CVE-2015-8213

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-323274d412


http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html

Fedora Core 22

python-django-1.8.7-1.fc22

190158 - Fedora Linux 22 FEDORA-2015-7d95466eda Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-7940

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-7d95466eda



Fedora Core 22

bouncycastle-1.50-8.fc22

190162 - Fedora Linux 23 FEDORA-2015-5eb2131441 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-5eb2131441



Fedora Core 23

conntrack-tools-1.4.2-9.fc23

190165 - Fedora Linux 22 FEDORA-2015-1aee5e6f0b Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-1aee5e6f0b



Fedora Core 22

conntrack-tools-1.4.2-9.fc22

19484 - Cisco Nexus 5000 Series USB Driver Denial Of Service Vulnerability

Category: SSH Module -> NonIntrusive -> SSH Miscellaneous Risk Level: Medium

CVE: CVE-2015-6394

DescriptionA vulnerability is present in some versions of Cisco NX-OS.

ObservationCisco NX-OS is a networking software.

A vulnerability is present in some versions of Cisco NX-OS. The flaw lies in the USB driver. Successful exploitation could allow a local user to cause a denial of service condition.

19495 - Wireshark Multiple Vulnerabilities Prior To 2.0.1

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2015-8711, CVE-2015-8718, CVE-2015-8720, CVE-2015-8721, CVE-2015-8722, CVE-2015-8723, CVE-2015-8724, CVE-2015-8725, CVE-2015-8726, CVE-2015-8727, CVE-2015-8728, CVE-2015-8729, CVE-2015-8730, CVE-2015-8731, CVE-2015-8732, CVE-2015-8733, CVE-2015-8734, CVE-2015-8735, CVE-2015-8736, CVE-2015-8737, CVE-2015-8738, CVE-2015-8739, CVE-2015-8740, CVE-2015-8741, CVE-2015-8742

DescriptionMultiple vulnerabilities are present in some versions of Wireshark.

ObservationWireshark is a network data packets analyzer.

Multiple vulnerabilities are present in some versions of Wireshark. The flaws lie in multiple dissectors and components. Successful exploitation could allow an attacker to cause a denial of service.

19496 - Wireshark Multiple Vulnerabilities Prior To 1.12.9

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium CVE: CVE-2015-8711, CVE-2015-8712, CVE-2015-8713, CVE-2015-8714, CVE-2015-8715, CVE-2015-8716, CVE-2015-8717, CVE-2015-8718, CVE-2015-8719, CVE-2015-8720, CVE-2015-8721, CVE-2015-8722, CVE-2015-8723, CVE-2015-8724, CVE-2015-8725, CVE-2015-8726, CVE-2015-8727, CVE-2015-8728, CVE-2015-8729, CVE-2015-8730, CVE-2015-8731, CVE-2015-8732, CVE-2015-8733, CVE-2015-8741

DescriptionMultiple vulnerabilities are present in some versions of Wireshark.

ObservationWireshark is a network data packets analyzer.

Multiple vulnerabilities are present in some versions of Wireshark. The flaws lie in multiple dissectors and components. Successful exploitation could allow an attacker to cause a denial of service.

181761 - FreeBSD xen-kernel XENMEM_exchange Error Handling Issues (bcad3faa-b40c-11e5-9728-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium

CVE: CVE-2015-8339, CVE-2015-8340

DescriptionThe scan detected that the host is missing the following update:xen-kernel -- XENMEM_exchange error handling issues (bcad3faa-b40c-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/bcad3faa-b40c-11e5-9728-002590263bf5.html

Affected packages: xen-kernel < 4.5.2_1

19465 - McAfee VirusScan Enterprise RWX BOP Security Bypass

Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low CVE: CVE-2015-8577

DescriptionA vulnerability in some versions of McAfee VirusScan Enterprise could lead to a security bypass.

ObservationA vulnerability in some versions of McAfee VirusScan Enterprise could lead to a security bypass.

The flaw lies in the Buffer Overflow Protection feature. Successful exploitation could allow a local attacker to bypass intended access restrictions.


Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2015-7545




Debian 8.0allgit_1:2.1.4-2.1+deb8u1

Debian 7.0allgit_1:1.7.10.4-1+wheezy2


Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: Low CVE: CVE-2015-7944, CVE-2015-7945




Debian 8.0allganeti_2.12.4-1+deb8u2

Debian 7.0allganeti-htools_2.5.2-1+deb7u1ganeti2_2.5.2-1+deb7u1

181738 - FreeBSD qemu Denial Of Service Vulnerability In USB EHCI Emulation Support (60cb2055-b1b8-11e5-9728-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2015-8558

DescriptionThe scan detected that the host is missing the following update:qemu -- denial of service vulnerability in USB EHCI emulation support (60cb2055-b1b8-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/60cb2055-b1b8-11e5-9728-002590263bf5.html

Affected packages: qemu-sbruno < 2.5.50.g20151224qemu-user-static < 2.5.50.g20151224

181739 - FreeBSD xen-kernel Ioreq Handling Possibly Susceptible To Multiple Read Issue (6aa2d135-b40e-11e5-9728-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

Description

The scan detected that the host is missing the following update:xen-kernel -- ioreq handling possibly susceptible to multiple read issue (6aa2d135-b40e-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/6aa2d135-b40e-11e5-9728-002590263bf5.html


181741 - FreeBSD qemu Denial Of Service Vulnerability In E1000 NIC Support (10bf8eed-b14d-11e5-9728-002590263bf5)


DescriptionThe scan detected that the host is missing the following update:qemu -- denial of service vulnerability in e1000 NIC support (10bf8eed-b14d-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/10bf8eed-b14d-11e5-9728-002590263bf5.html


181742 - FreeBSD tiff Out-of-bounds Read In Tif_getimage.c (bd349f7a-b3b9-11e5-8255-5453ed2e2b49)


DescriptionThe scan detected that the host is missing the following update:tiff -- out-of-bounds read in tif_getimage.c (bd349f7a-b3b9-11e5-8255-5453ed2e2b49)


http://www.vuxml.org/freebsd/bd349f7a-b3b9-11e5-8255-5453ed2e2b49.html

Affected packages: tiff <= 4.0.6

181743 - FreeBSD qemu Denial Of Service Vulnerability In Q35 Chipset Emulation (152acff3-b1bd-11e5-9728-

002590263bf5)


DescriptionThe scan detected that the host is missing the following update:qemu -- denial of service vulnerability in Q35 chipset emulation (152acff3-b1bd-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/152acff3-b1bd-11e5-9728-002590263bf5.html


181745 - FreeBSD qemu Denial Of Service Vulnerability In VNC (8a560bcf-b14b-11e5-9728-002590263bf5)


DescriptionThe scan detected that the host is missing the following update:qemu -- denial of service vulnerability in VNC (8a560bcf-b14b-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/8a560bcf-b14b-11e5-9728-002590263bf5.html


181748 - FreeBSD qemu Denial Of Service Vulnerability In MSI-X Support (3fb06284-b1b7-11e5-9728-002590263bf5)


DescriptionThe scan detected that the host is missing the following update:qemu -- denial of service vulnerability in MSI-X support (3fb06284-b1b7-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/3fb06284-b1b7-11e5-9728-002590263bf5.html


181750 - FreeBSD tiff Out-of-bounds Read In CIE Lab Image Format (b65e4914-b3bc-11e5-8255-5453ed2e2b49)


DescriptionThe scan detected that the host is missing the following update:tiff -- out-of-bounds read in CIE Lab image format (b65e4914-b3bc-11e5-8255-5453ed2e2b49)


http://www.vuxml.org/freebsd/b65e4914-b3bc-11e5-8255-5453ed2e2b49.html

Affected packages: tiff <= 4.0.6

181751 - FreeBSD qemu Stack Buffer Overflow While Parsing SCSI Commands (a267cd6c-b0c4-11e5-8d13-bc5ff45d0f28)


DescriptionThe scan detected that the host is missing the following update:qemu -- stack buffer overflow while parsing SCSI commands (a267cd6c-b0c4-11e5-8d13-bc5ff45d0f28)


http://www.vuxml.org/freebsd/a267cd6c-b0c4-11e5-8d13-bc5ff45d0f28.html


181755 - FreeBSD qemu Denial Of Service Vulnerability In VNC (67feba97-b1b5-11e5-9728-002590263bf5)


DescriptionThe scan detected that the host is missing the following update:qemu -- denial of service vulnerability in VNC (67feba97-b1b5-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/67feba97-b1b5-11e5-9728-002590263bf5.html


181758 - FreeBSD qemu and xen-tools Denial Of Service Vulnerabilities In AMD PC-Net II NIC Support (405446f4-b1b3-11e5-9728-002590263bf5)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2015-7504, CVE-2015-7512

DescriptionThe scan detected that the host is missing the following update:qemu and xen-tools -- denial of service vulnerabilities in AMD PC-Net II NIC support (405446f4-b1b3-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/405446f4-b1b3-11e5-9728-002590263bf5.html

Affected packages: qemu < 2.5.0qemu-devel < 2.5.0qemu-sbruno < 2.5.50.g20151224qemu-user-static < 2.5.50.g20151224xen-tools < 4.5.2_1

181760 - FreeBSD qemu Buffer Overflow Vulnerability In Virtio-serial Message Exchanges (21e5abe3-b0c6-11e5-8d13-bc5ff45d0f28)


DescriptionThe scan detected that the host is missing the following update:qemu -- buffer overflow vulnerability in virtio-serial message exchanges (21e5abe3-b0c6-11e5-8d13-bc5ff45d0f28)


http://www.vuxml.org/freebsd/21e5abe3-b0c6-11e5-8d13-bc5ff45d0f28.html


181762 - FreeBSD xen-kernel Information Leak In Legacy X86 FPU/XMM Initialization (e839ca04-b40d-11e5-9728-002590263bf5)


DescriptionThe scan detected that the host is missing the following update:xen-kernel -- information leak in legacy x86 FPU/XMM initialization (e839ca04-b40d-11e5-9728-002590263bf5)


http://www.vuxml.org/freebsd/e839ca04-b40d-11e5-9728-002590263bf5.html


190144 - Fedora Linux 22 FEDORA-2015-d799a5e72b Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-MAP-NOMATCH

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-d799a5e72b


http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174773.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-December/174772.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-December/174774.html

Fedora Core 22

php-horde-Horde-Perms-2.1.6-1.fc22php-horde-Horde-Service-Weather-2.3.1-1.fc22php-horde-Horde-Core-2.22.4-1.fc22

190145 - Fedora Linux 22 FEDORA-2015-8dd01b09a9 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2015-7543

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-8dd01b09a9



Fedora Core 22

arts-1.5.10-30.fc22

190147 - Fedora Linux 23 FEDORA-2015-aa14be8d92 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-aa14be8d92



Fedora Core 23

claws-mail-3.13.1-4.fc23

190148 - Fedora Linux 23 FEDORA-2015-deb2bbdde0 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-deb2bbdde0



Fedora Core 23

phpMyAdmin-4.5.3.1-1.fc23

190149 - Fedora Linux 22 FEDORA-2015-998911cf3f Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-998911cf3f



Fedora Core 22

cups-filters-1.4.0-1.fc22

190150 - Fedora Linux 22 FEDORA-2015-2f4b92ed2e Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-2f4b92ed2e



Fedora Core 22

kdelibs3-3.5.10-71.fc22

190151 - Fedora Linux 22 FEDORA-2015-0a543024bf Update Is Not Installed


Description

The scan detected that the host is missing the following update:FEDORA-2015-0a543024bf



Fedora Core 22

libpng10-1.0.66-1.fc22

190152 - Fedora Linux 22 FEDORA-2015-345966871c Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-345966871c



Fedora Core 22

phpMyAdmin-4.5.3.1-1.fc22

190154 - Fedora Linux 22 FEDORA-2015-938c70c840 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2015-7536, CVE-2015-7537, CVE-2015-7538, CVE-2015-7539

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-938c70c840



Fedora Core 22

jenkins-1.609.3-5.fc22

190155 - Fedora Linux 22 FEDORA-2015-3a073171c3 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-3a073171c3



Fedora Core 22

claws-mail-3.13.1-4.fc22

190159 - Fedora Linux 22 FEDORA-2015-d423b3276f Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-d423b3276f



Fedora Core 22

mingw-giflib-5.0.5-4.fc22

190161 - Fedora Linux 22 FEDORA-2015-c44bd3e0fa Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low CVE: CVE-2015-8550, CVE-2015-8554, CVE-2015-8555

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-c44bd3e0fa



Fedora Core 22

xen-4.5.2-6.fc22

190163 - Fedora Linux 23 FEDORA-2016-e91ca003d4 Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-e91ca003d4



Fedora Core 23

openvpn-2.3.10-1.fc23

190164 - Fedora Linux 23 FEDORA-2016-7f0b1e47ac Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-7f0b1e47ac



Fedora Core 23

quassel-0.12.2-6.fc23

190166 - Fedora Linux 23 FEDORA-2015-5567dd228a Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-5567dd228a



Fedora Core 23

mediawiki-1.26.2-1.fc23

190168 - Fedora Linux 22 FEDORA-2015-6d64c257cf Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-6d64c257cf



Fedora Core 22

thunderbird-38.4.0-1.fc22

190169 - Fedora Linux 22 FEDORA-2016-3bc3d7f66e Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2016-3bc3d7f66e



Fedora Core 22

quassel-0.12.2-6.fc22

190170 - Fedora Linux 23 FEDORA-2015-d7e5461dbf Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Low

CVE: CVE-2015-7536, CVE-2015-7537, CVE-2015-7538, CVE-2015-7539

DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-d7e5461dbf



Fedora Core 23

jenkins-1.625.3-1.fc23

190171 - Fedora Linux 23 FEDORA-2015-44fb3501cc Update Is Not Installed


DescriptionThe scan detected that the host is missing the following update:FEDORA-2015-44fb3501cc



Fedora Core 23

mingw-giflib-5.0.5-4.fc23

ENHANCED CHECKS

The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check.


Category: SSH Module -> NonIntrusive -> Debian Patches and Hotfixes Risk Level: High CVE: CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8317, CVE-2015-8710

Update DetailsCVE is updated


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes

Risk Level: High CVE: CVE-2015-8126, CVE-2015-8472

Update DetailsFASLScript is updated


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: High CVE: CVE-2015-7981, CVE-2015-8126, CVE-2015-8472



Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, CVE-2015-8710



Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, CVE-2015-8710

Update DetailsCVE is updated FASLScript is updated


Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214



Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-8370

Update Details

FASLScript is updated


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-8467

Update DetailsRisk is updated


Category: SSH Module -> NonIntrusive -> SuSE Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467


160005 - CentOS 6 CESA-2015-2549 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Cent OS Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, CVE-2015-8710


181726 - FreeBSD samba Multiple Vulnerabilities (ef434839-a6a4-11e5-8275-000c292e4fd8)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467


12824 - HTTP Server Prone To Slow Denial Of Service Attack

Category: General Vulnerability Assessment -> NonIntrusive -> Web Server Risk Level: Medium CVE: CVE-2007-6750, CVE-2012-5568


19331 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing (3119884)

Category: Windows Host Assessment -> Patches Only (CATEGORY REQUIRES CREDENTIALS)

Risk Level: Medium CVE: CVE-MAP-NOMATCH






Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196





190108 - Fedora Linux 22 FEDORA-2015-af140eefbc Update Is Not Installed



190120 - Fedora Linux 23 FEDORA-2015-b36076d32e Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-7540


190125 - Fedora Linux 23 FEDORA-2015-b960ca78bf Update Is Not Installed



190140 - Fedora Linux 22 FEDORA-2015-0e0879cc8a Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Fedora Patches and Hotfixes Risk Level: Medium CVE: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-7540


181719 - FreeBSD Bugzilla Security Issues (54075861-a95a-11e5-8b40-20cf30e32f6d)

Category: SSH Module -> NonIntrusive -> FreeBSD Patches and Hotfixes Risk Level: Low CVE: CVE-2015-8508, CVE-2015-8509


45000 - ShellLogon.fasl3

Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational CVE: CVE-MAP-NOMATCH


45001 - ShellInitialize.fasl3



70134 - joomla.fasl3.inc



HOW TO UPDATE

FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on.

MCAFEE TECHNICAL SUPPORT

ServicePortal: https://mysupport.mcafee.com/Multi-National Phone Support available here:

http://www.mcafee.com/us/about/contact/index.htmlNon-US customers - Select your country from the list of Worldwide Offices.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies.

Copyright 2016 McAfee, Inc.McAfee is a registered trademark of McAfee, Inc. and/or its affiliates

https://mysupport.mcafee.com/

http://www.mcafee.com/us/about/contact/index.html

MCAFEE FOUNDSTONE FSL UPDATE 2016-JAN-07 · openSUSE-SU-2015:2406-1 Observation Updates often...

Documents

Transcript of MCAFEE FOUNDSTONE FSL UPDATE 2016-JAN-07 · openSUSE-SU-2015:2406-1 Observation Updates often...