Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for April 03, 2020

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Apache

  • Ubuntu Apache HTTP Server update (USN-4307-1)

Cisco

  • Cisco IOS HTTP Proxy Server Memory Leak Vulnerability (CSCtu52820) (CVE-2011-4661)

Drupal

  • Drupal CKEditor library file Cross Site Scripting Vulnerability(SA-CORE-2020-001)

phpMyAdmin

  • phpmyAdmin data display SQL Injection Vulnerability (PMASA-2020-4) (CVE-2020-10803)
  • phpmyAdmin search action SQL Injection Vulnerability (PMASA-2020-3) (CVE-2020-10802)
  • phpmyAdmin username SQL Injection Vulnerability (PMASA-2020-2) (CVE-2020-10804)

Red Hat

Ubuntu

FreeBSD

  • FreeBSD epair Code Execution Vulnerability (FreeBSD-SA-20:07.epair) (CVE-2020-7452)
  • FreeBSD ixl Insufficient Privilege Checking Vulnerability (FreeBSD-SA-20:06.if_ixl_ioctl) (CVE-2019-15877)
  • FreeBSD Kernel Nested Jails Memory Disclosure Vulnerability (FreeBSD-SA-20:08.jail) (CVE-2020-7453)
  • FreeBSD Kernel oce Insufficient Privilege Checking Vulnerability (FreeBSD-SA-20:05.if_oce_ioctl) (CVE-2019-15876)
  • FreeBSD NTP Denial of Service Vulnerability (FreeBSD-SA-20:09.ntp)
  • FreeBSD TCP IPv6 SYN Information Disclosure Vulnerability (FreeBSD-SA-20:04.tcp) (CVE-2020-7451)

Joomla

  • Joomla Core com_fields Incorrect Access Control (20200305) (CVE-2020-10239)
  • Joomla Core com_templates Incorrect Access Control (20200303) (CVE-2020-10238)
  • Joomla Core Featured Articles Menu Parameters SQL Injection (20200306) (CVE-2020-10243)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.