TrustKeeper Scan Engine Update for January 08, 2021

Summary

The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!

New Vulnerability Test Highlights

Some of the more interesting vulnerability tests we added recently are as follows:

Adobe

• Adobe ColdFusion CKEditor Unrestricted File Upload (APSB18-33) (CVE-2018-15961)

Atlassian

• Atlassian Crowd pdkinstall Development Plugin Incorrectly Enabled (CVE-2019-11580)

Debian

• Debian apt LTS Security Update (DLA-2487-1) (CVE-2020-27350)
• Debian apt Security Update (DSA-4808-1) (CVE-2020-27350)
• Debian awstats LTS Security Update (DLA-2506-1) (CVE-2020-29600, CVE-2020-35176)
• Debian curl LTS Security Update (DLA-2500-1) (CVE-2020-8284, CVE-2020-8285, CVE-2020-8286)
• Debian firefox-esr LTS Security Update (DLA-2496-1) (CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113)
• Debian firefox-esr Security Update (DSA-4813-1) (CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113)
• Debian golang-golang-x-net-dev LTS Security Update (DLA-2485-1) (CVE-2019-9512, CVE-2019-9514)
• Debian horizon Security Update (DSA-4820-1) (CVE-2020-29565)
• Debian influxdb LTS Security Update (DLA-2501-1) (CVE-2019-20933)
• Debian kitty Security Update (DSA-4819-1) (CVE-2020-35605)
• Debian libxstream-java Security Update (DSA-4811-1) (CVE-2020-26217)
• Debian linux LTS Security Update (DLA-2494-1) (CVE-2020-0427, CVE-2020-8694, CVE-2020-14351, CVE-2020-25645, CVE-2020-25656, CVE-2020-25668, CVE-2020-25669, CVE-2020-25704, CVE-2020-25705, CVE-2020-27673, CVE-2020-27675, CVE-2020-28974)
• Debian linux-4.19 LTS Security Update (DLA-2483-1) (CVE-2019-19039, CVE-2019-19377, CVE-2019-19770, CVE-2019-19816, CVE-2020-0423, CVE-2020-8694, CVE-2020-14351, CVE-2020-25656, CVE-2020-25668, CVE-2020-25669, CVE-2020-25704, CVE-2020-25705, CVE-2020-27673, CVE-2020-27675, CVE-2020-28941, CVE-2020-28974)
• Debian lxml LTS Security Update (DLA-2467-2) (CVE-2020-27783)
• Debian lxml Security Update (DSA-4810-1) (CVE-2020-27783)
• Debian mediawiki LTS Security Update (DLA-2504-1) (CVE-2020-15005, CVE-2020-35477, CVE-2020-35479, CVE-2020-35480)
• Debian mediawiki Security Update (DSA-4816-1) (CVE-2020-35475, CVE-2020-35477, CVE-2020-35479, CVE-2020-35480)
• Debian minidlna LTS Security Update (DLA-2489-1) (CVE-2020-12695, CVE-2020-28926)
• Debian minidlna Security Update (DSA-4806-1) (CVE-2020-12695, CVE-2020-28926)
• Debian node-ini LTS Security Update (DLA-2503-1) (CVE-2020-7788)
• Debian openexr LTS Security Update (DLA-2491-1) (CVE-2020-16588, CVE-2020-16589)
• Debian openjdk-8 LTS Security Update (DLA-2412-2) (CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798, CVE-2020-14803)
• Debian openssl LTS Security Update (DLA-2492-1) (CVE-2020-1971)
• Debian openssl Security Update (DSA-4807-1) (CVE-2020-1971)
• Debian openssl1.0 LTS Security Update (DLA-2493-1) (CVE-2020-1971)
• Debian php-pear Security Update (DSA-4817-1) (CVE-2020-28948, CVE-2020-28949)
• Debian postsrsd LTS Security Update (DLA-2502-1) (CVE-2020-35573)
• Debian python-apt LTS Security Update (DLA-2488-1) (CVE-2020-27351)
• Debian python-apt LTS Security Update (DLA-2488-2) (CVE-2020-27351)
• Debian python-apt Security Update (DSA-4809-1) (CVE-2020-27351)
• Debian roundcube LTS Security Update (DLA-2508-1) (CVE-2020-35730)
• Debian roundcube Security Update (DSA-4821-1) (CVE-2020-35730)
• Debian spip LTS Security Update (DLA-2505-1) (CVE-2020-28984)
• Debian sqlite3 LTS Security Update (DLA-2340-2) (CVE-2019-20218)
• Debian sympa LTS Security Update (DLA-2499-1) (CVE-2020-29668)
• Debian sympa Security Update (DSA-4818-1) (CVE-2020-9369, CVE-2020-10936, CVE-2020-26932, CVE-2020-29668)
• Debian thunderbird LTS Security Update (DLA-2497-1) (CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113)
• Debian thunderbird Security Update (DSA-4815-1) (CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113)
• Debian tomcat8 LTS Security Update (DLA-2495-1) (CVE-2020-17527)
• Debian trafficserver Security Update (DSA-4805-1) (CVE-2020-17508, CVE-2020-17509)
• Debian x11vnc LTS Security Update (DLA-2490-1) (CVE-2020-29074)
• Debian xen Security Update (DSA-4812-1) (CVE-2020-29479, CVE-2020-29480, CVE-2020-29481, CVE-2020-29482, CVE-2020-29483, CVE-2020-29484, CVE-2020-29485, CVE-2020-29486, CVE-2020-29566, CVE-2020-29570, CVE-2020-29571)
• Debian xerces-c LTS Security Update (DLA-2498-1) (CVE-2018-1311)
• Debian xerces-c Security Update (DSA-4814-1) (CVE-2018-1311)
• Debian xorg-server LTS Security Update (DLA-2486-1) (CVE-2020-14360, CVE-2020-25712)

ManageEngine

• ManageEngine Desktop Central getChartImage Remote Code Execution (CVE-2020-10189) (CVE-2020-10189)
• ManageEngine ServiceDesk Plus Arbitrary File Upload Vulnerability (CVE-2019-8394) (CVE-2019-8394)
• ManageEngine ServiceDesk Plus MSP Insecure Direct Object Reference Vulnerability (CVE-2019-8394) (CVE-2019-8394)

pcAmerica

• Cash Register Express detection

Ubuntu (Credentialed Checks)

• Ubuntu APT vulnerability (USN-4667-1) (CVE-2020-27350)
• Ubuntu Aptdaemon vulnerabilities (USN-4664-1) (CVE-2020-27349, CVE-2020-16128)
• Ubuntu curl vulnerabilities (USN-4665-1) (CVE-2020-8286, CVE-2020-8285, CVE-2020-8231, CVE-2020-8284)
• Ubuntu Firefox vulnerabilities (USN-4671-1) (CVE-2020-26971, CVE-2020-26973, CVE-2020-26978, CVE-2020-26979, CVE-2020-35111, CVE-2020-26972, CVE-2020-26976, CVE-2020-35113, CVE-2020-35114, CVE-2020-26974, CVE-2020-16042)
• Ubuntu GDK-PixBuf vulnerability (USN-4663-1) (CVE-2020-29385)
• Ubuntu ImageMagick vulnerabilities (USN-4670-1) (CVE-2019-19949, CVE-2020-27560, CVE-2019-19948)
• Ubuntu Linux kernel regression (USN-4658-2) (CVE-2020-25643, CVE-2020-14390, CVE-2020-10135, CVE-2020-25284, CVE-2020-28915, CVE-2020-4788, CVE-2020-25211, CVE-2020-0423, CVE-2020-14351, CVE-2020-25645, CVE-2020-25705)
• Ubuntu Linux kernel regression (USN-4659-2) (CVE-2020-28915, CVE-2020-4788, CVE-2020-10135, CVE-2020-25705, CVE-2020-27152, CVE-2020-0423, CVE-2020-14351)
• Ubuntu Linux kernel regression (USN-4660-2) (CVE-2020-14351, CVE-2020-25643, CVE-2020-25284, CVE-2020-25285, CVE-2020-25645, CVE-2020-28915, CVE-2020-4788, CVE-2020-25211, CVE-2020-14390, CVE-2020-25641)
• Ubuntu lxml vulnerability (USN-4666-1) (CVE-2020-27783)
• Ubuntu lxml vulnerability (USN-4666-2) (CVE-2020-27783)
• Ubuntu OpenSSL vulnerability (USN-4662-1) (CVE-2020-1971)
• Ubuntu python-apt regression (USN-4668-2) (CVE-2020-27351)
• Ubuntu python-apt vulnerability (USN-4668-1) (CVE-2020-27351)
• Ubuntu SquirrelMail vulnerability (USN-4669-1) (CVE-2019-12970)
• Ubuntu unzip vulnerabilities (USN-4672-1) (CVE-2018-1000035, CVE-2018-18384, CVE-2014-9913, CVE-2016-9844, CVE-2019-13232)

How to Update?

All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.