Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for May 10, 2021

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Atlassian Jira

  • Atlassian Jira AppData Information Disclosure Vulnerability (CVE-2021-26075)
  • Atlassian Jira DOM Cross-Site Scripting Vulnerability (CVE-2020-36288)
  • Atlassian Jira UserMode Information Disclosure Vulnerability (CVE-2021-26076)

Cisco

  • Cisco ASA Command Injection Vulnerability (cisco-sa-asa-cmdinj-TKyQfDcU) (CVE-2021-1488)
  • Cisco ASA Command Injection Vulnerability (cisco-sa-asa-ftd-cmd-inj-SELprvG) (CVE-2021-1476)
  • Cisco ASA SIP Denial of Service Vulnerability (cisco-sa-asa-ftd-sipdos-GGwmMerC) (CVE-2021-1501)
  • Cisco ASA Web Services Buffer Overflow Denial of Service Vulnerability (cisco-sa-memc-dos-fncTyYKG) (CVE-2021-1493)
  • Cisco ASA Web Services VPN Denial of Service Vulnerabilities (cisco-sa-asa-ftd-vpn-dos-fpBcpEcD) (CVE-2021-1445, CVE-2021-1504)

ClamAV

CentOS

Debian

Fedora

ISC BIND

  • ISC BIND Broken Inbound Incremental Zone Assertion Failure Vulnerability (CVE-2021-25214)
  • ISC BIND DNAME Assertion Failure Vulnerability (CVE-2021-25215)
  • ISC BIND Second GSSAPI Buffer Overflow Vulnerability (CVE-2021-25216)

OpenVPN

  • OpenVPN PUSH_REPLY Authentication Bypass Vulnerability (CVE-2020-15078)

Pulse Connect Secure

  • Pulse Connect Secure Remote Code Execution Vulnerability (SA44784) (CVE-2021-22893)

Joomla

  • Joomla Core Logo Parameter Cross Site Scripting Vulnerability (20210401) (CVE-2021-26030)
  • Joomla Core module layout settings Local File Inclusion Vulnerability (20210402) (CVE-2021-26031)

MySQL

Oracle

Red Hat (Credentialed Checks)

Ubuntu (Credentialed Checks)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.