Loading...
Security Resources

Software Updates

TrustKeeper Scan Engine Update for May 22, 2020

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!


New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

ClamAV

JQuery

  • JQuery DOM methods Cross-Site Scripting Vulnerability (CVE-2020-11022)
  • JQuery DOM option element Cross-Site Scripting Vulnerability (CVE-2020-11023)
  • JQuery IMG Cross-Site Scripting Vulnerability (CVE-2018-18405)

OpenVPN

  • OpenVPN Access Server RPC2 interface Denial-Of-Service (CVE-2020-11462)

Pulse Connect Secure

Red Hat (Credentialed Checks)

Ruby

Squid

  • Squid Proxy Cache leave_suid Privilege Escalation Vulnerability (CVE-2019-12522)

Ubuntu (Credentialed Checks)

Microsoft (Credentialed Checks)

MySQL

NTP

  • NTP libntp Information Disclosure Vulnerability (Bug 2879) (CVE-2016-1550)
  • NTP mode 6 packet NULL Pointer Dereference Vulnerability (Bug 3565) (CVE-2019-8936)
  • NTP Multiple stack-based Buffer Overflow Vulnerability (CVE-2014-9295)
  • NTP ntp-keygen Weak Key Vulnerability (Bug 2666) (CVE-2014-9294)
  • NTP ntpd config_auth Weak Key Vulnerability (Bug 2665) (CVE-2014-9293)
  • NTP ntpd interleaved symmetric mode Denial Of Service Vulnerability (Bug 2978) (CVE-2016-1548)
  • NTP ntpd ntp_proto Improper Input Validation Vulnerability (Bug 2670) (CVE-2014-9296)
  • NTP ntpd symmetric key Sybil Attack Vulnerability (Bug 3415) (CVE-2018-7170)
  • NTP private mode 6/7 Information Disclosure Vulnerability (CVE-2014-5209)

PHP

Samba

WordPress

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.