RubyGems - risu - Versions diffs - 1.8.3 → 1.8.4 - Mend

risu 1.8.3 → 1.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/Gemfile.lock +159 -0
data/LICENSE +1 -1
data/README.markdown +2 -5
data/Rakefile +1 -1
data/bin/risu +1 -1
data/docs/NEWS.markdown +3 -0
data/lib/risu.rb +2 -2
data/lib/risu/base.rb +1 -1
data/lib/risu/base/graph_template_helper.rb +1 -1
data/lib/risu/base/host_template_helper.rb +2 -1
data/lib/risu/base/malware_template_helper.rb +1 -1
data/lib/risu/base/post_process_base.rb +7 -4
data/lib/risu/base/post_process_manager.rb +1 -1
data/lib/risu/base/scan_helper.rb +1 -1
data/lib/risu/base/schema.rb +10 -3
data/lib/risu/base/shares_template_helper.rb +1 -1
data/lib/risu/base/template_base.rb +1 -1
data/lib/risu/base/template_helper.rb +1 -1
data/lib/risu/base/template_manager.rb +1 -1
data/lib/risu/base/templater.rb +1 -1
data/lib/risu/cli.rb +1 -1
data/lib/risu/cli/application.rb +16 -16
data/lib/risu/cli/banner.rb +1 -1
data/lib/risu/exceptions.rb +1 -1
data/lib/risu/exceptions/invaliddocument.rb +1 -1
data/lib/risu/graphs.rb +1 -1
data/lib/risu/graphs/top_vuln_graph.rb +1 -1
data/lib/risu/graphs/windows_os_graph.rb +1 -1
data/lib/risu/models.rb +2 -1
data/lib/risu/models/attachment.rb +1 -1
data/lib/risu/models/familyselection.rb +1 -1
data/lib/risu/models/host.rb +34 -2
data/lib/risu/models/hostproperty.rb +1 -1
data/lib/risu/models/individualpluginselection.rb +1 -1
data/lib/risu/models/item.rb +248 -20
data/lib/risu/models/nessuspluginmetadata.rb +28 -0
data/lib/risu/models/patch.rb +1 -1
data/lib/risu/models/plugin.rb +1 -1
data/lib/risu/models/pluginspreference.rb +1 -1
data/lib/risu/models/policy.rb +1 -1
data/lib/risu/models/reference.rb +1 -1
data/lib/risu/models/report.rb +1 -1
data/lib/risu/models/serverpreference.rb +1 -1
data/lib/risu/models/servicedescription.rb +1 -1
data/lib/risu/models/version.rb +1 -1
data/lib/risu/parsers.rb +1 -1
data/lib/risu/parsers/nessus/nessus_document.rb +1 -1
data/lib/risu/parsers/nessus/nessus_sax_listener.rb +3 -2
data/lib/risu/parsers/nessus/postprocess.rb +1 -1
data/lib/risu/parsers/nessus/postprocess/7zip.rb +6 -4
data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb +48 -54
data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +58 -63
data/lib/risu/parsers/nessus/postprocess/adobe_coldfusion.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/{shockwave.rb → adobe_creative_desktop.rb} +9 -34
data/lib/risu/parsers/nessus/postprocess/adobe_flash_player.rb +175 -0
data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +73 -55
data/lib/risu/parsers/nessus/postprocess/adobe_shockwave_player.rb +74 -0
data/lib/risu/parsers/nessus/postprocess/apache.rb +38 -33
data/lib/risu/parsers/nessus/postprocess/apache_tomcat.rb +8 -10
data/lib/risu/parsers/nessus/postprocess/apple_icloud.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/apple_itunes.rb +23 -17
data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb +38 -32
data/lib/risu/parsers/nessus/postprocess/artifex_ghostscript.rb +49 -0
data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb +10 -14
data/lib/risu/parsers/nessus/postprocess/ca_brightstor_arcserve.rb +10 -10
data/lib/risu/parsers/nessus/postprocess/cisco_anyconnect.rb +18 -20
data/lib/risu/parsers/nessus/postprocess/cisco_ios.rb +25 -15
data/lib/risu/parsers/nessus/postprocess/cisco_telepresence.rb +45 -0
data/lib/risu/parsers/nessus/postprocess/core_ftp.rb +6 -6
data/lib/risu/parsers/nessus/postprocess/db2.rb +7 -9
data/lib/risu/parsers/nessus/postprocess/dell_idrac.rb +49 -0
data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb +4 -2
data/lib/risu/parsers/nessus/postprocess/dropbear_ssh.rb +7 -6
data/lib/risu/parsers/nessus/postprocess/filezilla.rb +4 -6
data/lib/risu/parsers/nessus/postprocess/firefox.rb +113 -71
data/lib/risu/parsers/nessus/postprocess/flexnet.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/foxit_phantom_pdf.rb +10 -3
data/lib/risu/parsers/nessus/postprocess/foxit_reader.rb +13 -12
data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +34 -6
data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/iLo.rb +50 -0
data/lib/risu/parsers/nessus/postprocess/intel_mgt_engine.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/irfanview.rb +2 -2
data/lib/risu/parsers/nessus/postprocess/java.rb +70 -64
data/lib/risu/parsers/nessus/postprocess/libreoffice.rb +2 -2
data/lib/risu/parsers/nessus/postprocess/microsoft_office.rb +73 -0
data/lib/risu/parsers/nessus/postprocess/microsoft_visual_studio.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/microsoft_windows.rb +1312 -0
data/lib/risu/parsers/nessus/postprocess/mongo_db.rb +46 -0
data/lib/risu/parsers/nessus/postprocess/mozzila_thunderbird.rb +49 -0
data/lib/risu/parsers/nessus/postprocess/normalize_plugin_names.rb +5 -2
data/lib/risu/parsers/nessus/postprocess/openoffice.rb +14 -11
data/lib/risu/parsers/nessus/postprocess/openssh.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/openssl.rb +58 -39
data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/php.rb +94 -69
data/lib/risu/parsers/nessus/postprocess/post_process.rb +1 -1
data/lib/risu/parsers/nessus/postprocess/putty.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/real_player.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/risk_score.rb +1 -1
data/lib/risu/parsers/nessus/postprocess/root_cause.rb +16 -3
data/lib/risu/parsers/nessus/postprocess/samba.rb +46 -0
data/lib/risu/parsers/nessus/postprocess/servu.rb +4 -4
data/lib/risu/parsers/nessus/postprocess/sigplus_pro.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/skype.rb +4 -3
data/lib/risu/parsers/nessus/postprocess/solarwinds_dameware.rb +48 -0
data/lib/risu/parsers/nessus/postprocess/symantec_endpoint.rb +4 -3
data/lib/risu/parsers/nessus/postprocess/symantec_pcanywhere.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/tenable_nessus.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/timbuktu.rb +2 -2
data/lib/risu/parsers/nessus/postprocess/vlc.rb +4 -3
data/lib/risu/parsers/nessus/postprocess/vmware_esxi.rb +64 -54
data/lib/risu/parsers/nessus/postprocess/vmware_player.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/vmware_vcenter.rb +11 -5
data/lib/risu/parsers/nessus/postprocess/vmware_vsphere_client.rb +7 -6
data/lib/risu/parsers/nessus/postprocess/winscp.rb +7 -8
data/lib/risu/parsers/nessus/postprocess/wireshark.rb +73 -51
data/lib/risu/parsers/nexpose/nexpose_document.rb +1 -1
data/lib/risu/parsers/nexpose/simple_nexpose.rb +1 -1
data/lib/risu/renderers.rb +1 -1
data/lib/risu/renderers/csvrenderer.rb +1 -1
data/lib/risu/renderers/nilrenderer.rb +1 -1
data/lib/risu/renderers/pdfrenderer.rb +1 -1
data/lib/risu/template_helpers.rb +1 -1
data/lib/risu/templates/assets.rb +1 -1
data/lib/risu/templates/authentication_summary.rb +1 -1
data/lib/risu/templates/cover_sheet.rb +1 -1
data/lib/risu/templates/exec_summary.rb +1 -1
data/lib/risu/templates/executive_summary_detailed.rb +1 -1
data/lib/risu/templates/exploitablity_summary.rb +1 -1
data/lib/risu/templates/failed_audits.rb +1 -1
data/lib/risu/templates/finding_statistics.rb +1 -1
data/lib/risu/templates/findings_host.rb +1 -1
data/lib/risu/templates/findings_summary.rb +1 -1
data/lib/risu/templates/findings_summary_with_pluginid.rb +1 -1
data/lib/risu/templates/graphs.rb +1 -1
data/lib/risu/templates/host_findings_csv.rb +1 -1
data/lib/risu/templates/host_summary.rb +1 -1
data/lib/risu/templates/malicious_process_detection.rb +1 -1
data/lib/risu/templates/missing_root_causes.rb +1 -1
data/lib/risu/templates/ms_patch_summary.rb +1 -1
data/lib/risu/templates/ms_update_summary.rb +1 -1
data/lib/risu/templates/ms_wsus_findings.rb +1 -1
data/lib/risu/templates/notable.rb +1 -1
data/lib/risu/templates/notable_detailed.rb +1 -1
data/lib/risu/templates/pci_compliance.rb +1 -1
data/lib/risu/templates/rollup_summary.rb +82 -0
data/lib/risu/templates/stig_findings_summary.rb +1 -1
data/lib/risu/templates/talking_points.rb +1 -1
data/lib/risu/templates/technical_findings.rb +1 -1
data/lib/risu/templates/template.rb +1 -1
data/lib/risu/templates/top_25.rb +1 -1
data/lib/risu/version.rb +2 -2
data/risu.gemspec +5 -5
metadata +59 -56
metadata.gz.sig +0 -0
data/lib/risu/parsers/nessus/postprocess/flash_player.rb +0 -145
data/lib/risu/parsers/nessus/postprocess/windows.rb +0 -976

data/lib/risu/parsers/nessus/postprocess/cisco_ios.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,22 +31,32 @@ module Risu
 						{
 							:description => "Cisco IOS Patch Rollup",
 							:plugin_id => -99965,
-							:plugin_name => "Update to the latest Cisco IOS",
+							:plugin_name => "Missing the latest Cisco IOS Patches",
 							:item_name => "Update to the latest Cisco IOS",
 							:plugin_ids => [
-								58568,
-								58570,
-								58572,
-								62372,
-								62373,
-								65891,
-								70316,
-								70322,
-								73345,
-								78035,
-								82571,
+								58568, #Cisco IOS Software Multicast Source Discovery Protocol DoS (cisco-sa-20120328-msdp)
+								58570, #Cisco IOS Software Command Security Bypass (cisco-sa-20120328-pai)
+								58572, #Cisco IOS Software Smart Install Denial of Service Vulnerability (cisco-sa-20120328-smartinstall)
+								62372, #Cisco IOS Software DHCP Denial of Service Vulnerability (cisco-sa-20120926-dhcp)
+								62373, #Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability (cisco-sa-20120926-dhcpv6)
+								65891, #Cisco IOS Software Smart Install Denial of Service Vulnerability (cisco-sa-20130327-smartinstall)
+								70316, #Cisco IOS Software DHCP Denial of Service Vulnerability (cisco-sa-20130925-dhcp)
+								70322, #Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability (cisco-sa-20130925-ntp)
+								73345, #Cisco IOS Software Multiple Network Address Translation (NAT) Denial of Service Vulnerabilities (cisco-sa-20140326-nat)
+								78035, #Cisco IOS Software RSVP DoS (cisco-sa-20140924-rsvp)
+								82571, #Cisco IOS Software TCP CIP DoS
+								90358, #Cisco IOS Smart Install Packet Image List Parameter Handling DoS (cisco-sa-20160323-smi) 94252, #Cisco IOS Software CIP Request DoS (cisco-sa-20160928-cip)
+								99028, #Cisco IOS L2TP Parsing DoS (cisco-sa-20170322-l2tp)
+								99687, #Cisco IOS EnergyWise DoS (cisco-sa-20170419-energywise)
+								103670, #Cisco IOS Software PROFINET denial of service (cisco-sa-20170927-profinet)
+								97991, #Cisco IOS Cluster Management Protocol Telnet Option Handling RCE (cisco-sa-20170317-cmp)
+								94252, #Cisco IOS Software CIP Request DoS (cisco-sa-20160928-cip)
+								103565, #Cisco IOS Software DHCP Remote Code Execution Vulnerability
+								108722, #Cisco IOS Software Smart Install Remote Code Execution Vulnerability
+								108880, #Cisco IOS Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities (cisco-sa-20180328- lldp)
+								108956, #Cisco IOS Software DNS Forwarder Denial of Service Vulnerability (cisco-sa-20160928-dns)
+								109087, #Cisco IOS DHCP Multiple Vulnerabilities
+								117944, #Cisco IOS Software Cluster Management Protocol DoS Vulnerability (cisco-sa-20180926-cmp)
 							]
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/cisco_telepresence.rb ADDED

@@ -0,0 +1,45 @@
+# Copyright (c) 2010-2020 Jacob Hammack.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class CiscoTelepresenceRollup < Risu::Base::PostProcessBase
+					#
+					def initialize
+						@info =
+						{
+							:description => "Cisco Telepresence Patch Rollup",
+							:plugin_id => -99941,
+							:plugin_name => "Missing the latest Cisco Telepresence",
+							:item_name => "Update to the latest Cisco Telepresence",
+							:plugin_ids => [
+100838, #Cisco TelePresence Endpoint SIP INVITE Packet Flood DoS (cisco-sa-20170607-tele)
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/core_ftp.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,13 +31,13 @@ module Risu
 						{
 							:description => "CoreFTP Patch Rollup",
 							:plugin_id => -99989,
-							:plugin_name => "Update to the latest CoreFTP",
+							:plugin_name => "Missing the latest CoreFTP Patches",
 							:item_name => "Update to the latest CoreFTP",
 							:plugin_ids => [
-								65789,
-								70656,
-								59243
-							]
+								65789, #Core FTP < 2.2 build 1769 Multiple Buffer Overflows
+								70656, #Core FTP < 2.2 build 1785 CWD Command Buffer Overflow
+								59243, #Core FTP Filename Processing Boundary Error FTP List Command Response Parsing Remote Overflow
+							]
 						}
 					end
 				end

data/lib/risu/parsers/nessus/postprocess/db2.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,16 +31,14 @@ module Risu
 						{
 							:description => "DB2 Patch Rollup",
 							:plugin_id => -99980,
-							:plugin_name => "Update to the latest DB2",
+							:plugin_name => "Missing the latest DB2 Patches",
 							:item_name => "Update to the latest DB2",
 							:plugin_ids => [
-								62701,
-								71519,
-								76114,
-								76116,
-								84828
+								62701, #IBM DB2 9.7 < Fix Pack 7 Multiple Vulnerabilities
+								71519, #IBM DB2 9.7 < Fix Pack 9 Multiple Vulnerabilities
+								76114, #IBM DB2 9.7 < Fix Pack 9a Multiple Vulnerabilities
+								76116, #IBM DB2 Stored Procedure Infrastructure Privilege Escalation Vulnerability
+								84828, #IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE)
 							]
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/dell_idrac.rb ADDED

@@ -0,0 +1,49 @@
+# Copyright (c) 2010-2020 Jacob Hammack.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class DellIDracRollup < Risu::Base::PostProcessBase
+					#
+					def initialize
+						@info =
+						{
+							:description => "Dell iDRAC Products Patch Rollup",
+							:plugin_id => -99947,
+							:plugin_name => "Missing the latest Dell iDRAC Patches",
+							:item_name => "Update to the latest Dell iDRAC",
+							:plugin_ids => [
+109208, #Dell iDRAC Products Multiple Vulnerabilities (Mar 2018)
+111604, #Dell iDRAC Products Multiple Vulnerabilities (June 2018)
+119833, #Dell iDRAC Products Multiple Vulnerabilities (December 2018)
+90265, #Dell iDRAC6 / iDRAC7 / iDRAC8 Path Traversal Authentication Bypass
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -43,13 +43,15 @@ module Risu
 						@plugins_to_severity = {
 							41028 => 0, # SNMP Agent Default Community Name (public) - 41028
-              10264 => 0, # SNMP Agent Default Community Names - 10264
+              				10264 => 0, # SNMP Agent Default Community Names - 10264
 							10081 => 0, # FTP Privileged Port Bounce Scan - 10081
 							42411 => 0, # Microsoft Windows SMB Shares Unprivileged Access
 							66349 => 0, # X Server Unauthenticated Access: Screenshot
 							26925 => 0, # VNC Server Unauthenticated Access
 							66174 => 0, # VNC Server Unauthenticated Access: Screenshot
 							10205 => 0, # rlogin Service Detection
+							20007 => 2, # SSL Version 2 and 3 Protocol Detection
+							80101 => 2, # IPMI v2.0 Password Hash Disclosure
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/dropbear_ssh.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,13 +31,14 @@ module Risu
 						{
 							:description => "Dropbear SSH Server Patch Rollup",
 							:plugin_id => -99952,
-							:plugin_name => "Update to the latest Dropbear SSH Server",
+							:plugin_name => "Missing the latest Dropbear SSH Server Patches",
 							:item_name => "Update to the latest Dropbear SSH Server",
 							:plugin_ids => [
-								93650,
-								58183,
+								93650, #Dropbear SSH Server < 2016.72 Multiple Vulnerabilities
+								58183, #Dropbear SSH Server Channel Concurrency Use-after-free Remote Code Execution
+								70545, #Dropbear SSH Server < 2013.59 Multiple Vulnerabilities
+								21023, #Dropbear SSH Authorization-pending Connection Saturation DoS
+								34769, #Dropbear SSH Server svr_ses.childpidsize Remote Overflow
 							]
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/filezilla.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,13 +31,11 @@ module Risu
 						{
 							:description => "FileZilla Client Patch Rollup",
 							:plugin_id => -99974,
-							:plugin_name => "Update to the latest FileZilla Client",
+							:plugin_name => "Missing the latest FileZilla Client Patches",
 							:item_name => "Update to the latest FileZilla Client",
 							:plugin_ids => [
-								69476,
-								69494,
+								69476, #FileZilla Client < 3.7.2 SFTP Integer Overflow
+								69494, #FileZilla Client < 3.7.3 Multiple Vulnerabilities
 							]
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/firefox.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,78 +31,120 @@ module Risu
 						{
 							:description => "Firefox Patch Rollup",
 							:plugin_id => -99972,
-							:plugin_name => "Update to the latest Firefox",
+							:plugin_name => "Missing the latest Firefox Patches",
 							:item_name => "Update to the latest Firefox",
 							:plugin_ids => [
-                73099,
-                73769,
-                74440,
-                76763,
-                77500,
-                77906,
-                78473,
-                79665,
-                80523,
-                81521,
-                82040,
-                82041,
-                82503,
-                82998,
-                83439,
-                84581,
-								82583,
-								85386,
-								62998,
-								63551,
-								64723,
-								65131,
-								65806,
-								66480,
-								66993,
-								69269,
-								69993,
-								70716,
-								70949,
-								71347,
-								72331,
-								85275,
-								85689,
-								86071,
-								86764,
-								87476,
-								86418,
-								88461,
-								89875,
-								90793,
-								91547,
-								88754,
-								92755,
-								93662,
-								94960,
-								95475,
-								95886,
-								96776,
-								97639,
-								99125,
-								99632,
-								100127,
-								55901,
-								56334,
-								56750,
-								57768,
-								57769,
-								58006,
-								58349,
-								58898,
-								59407,
-								60043,
-								61715,
-								62580,
-								62589,
-								94232,
+								73099, #Firefox < 28.0 Multiple Vulnerabilities
+								73769, #Firefox < 29.0 Multiple Vulnerabilities
+								74440, #Firefox < 30.0 Multiple Vulnerabilities
+								76763, #Firefox < 31.0 Multiple Vulnerabilities
+								77500, #Firefox < 32.0 Multiple Vulnerabilities
+								77906, #Firefox < 32.0.3 NSS Signature Verification Vulnerability
+								78473, #Firefox < 33.0 Multiple Vulnerabilities
+								79665, #Firefox < 34.0 Multiple Vulnerabilities
+								80523, #Firefox < 35 Multiple Vulnerabilities
+								81521, #Firefox < 36 Multiple Vulnerabilities
+								82040, #Firefox < 36.0.3 JIT Code Execution
+								82041, #Firefox < 36.0.4 SVG Bypass Privilege Escalation
+								82503, #Firefox < 37.0 Multiple Vulnerabilities
+								82998, #Firefox < 37.0.2 Failed Plugin Memory Corruption
+								83439, #Firefox < 38.0 Multiple Vulnerabilities
+								84581, #Firefox < 39.0 Multiple Vulnerabilities (Logjam)
+								82583, #Firefox < 37.0.1 HTTP/2 Alt-Svc Header Certificate Verification Bypass
+								85386, #Firefox < 40 Multiple Vulnerabilities
+								62998, #Firefox < 17.0 Multiple Vulnerabilities
+								63551, #Firefox < 18.0 Multiple Vulnerabilities
+								64723, #Firefox < 19.0 Multiple Vulnerabilities
+								65131, #Firefox < 19.0.2 nsHTMLEditor Use-After-Free
+								65806, #Firefox < 20 Multiple Vulnerabilities
+								66480, #Firefox < 21.0 Multiple Vulnerabilities
+								66993, #Firefox < 22.0 Multiple Vulnerabilities
+								69269, #Firefox < 23.0 Multiple Vulnerabilities
+								69993, #Firefox < 24.0 Multiple Vulnerabilities
+								70716, #Firefox < 25.0 Multiple Vulnerabilities
+								70949, #Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities
+								71347, #Firefox < 26.0 Multiple Vulnerabilities
+								72331, #Firefox < 27.0 Multiple Vulnerabilities
+								85275, #Firefox < 39.0.3 PDF Reader Arbitrary File Access
+								85689, #Firefox < 40.0.3 Multiple Vulnerabilities
+								86071, #Firefox < 41 Multiple Vulnerabilities
+								86764, #Firefox < 42 Multiple Vulnerabilities
+								87476, #Firefox < 43 Multiple Vulnerabilities
+								86418, #Firefox < 41.0.2 'fetch' API Cross-Origin Bypass
+								88461, #Firefox < 44 Multiple Vulnerabilities
+								89875, #Firefox < 45 Multiple Vulnerabilities
+								90793, #Firefox < 46 Multiple Vulnerabilities
+								91547, #Firefox < 47 Multiple Vulnerabilities
+								88754, #Firefox < 44.0.2 Service Workers Security Bypass
+								92755, #Firefox < 48 Multiple Vulnerabilities
+								93662, #Mozilla Firefox < 49.0 Multiple Vulnerabilities
+								94960, #Mozilla Firefox < 50.0 Multiple Vulnerabilities
+								95475, #Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE
+								95886, #Mozilla Firefox < 50.1 Multiple Vulnerabilities
+								96776, #Mozilla Firefox < 51.0 Multiple Vulnerabilities
+								97639, #Mozilla Firefox < 52.0 Multiple Vulnerabilities
+								99125, #Mozilla Firefox < 52.0.1 CreateImageBitmap RCE
+								99632, #Mozilla Firefox < 53 Multiple Vulnerabilities
+								100127, #Mozilla Firefox < 53.0.2 ANGLE Graphics Library RCE
+								55901, #Firefox 3.6 < 3.6.20 Multiple Vulnerabilities
+								56334, #Firefox 3.6.x < 3.6.23 Multiple Vulnerabilities
+								56750, #Firefox 3.6.x < 3.6.24 Multiple Vulnerabilities
+								57768, #Firefox < 10.0 Multiple Vulnerabilities
+								57769, #Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities
+								58006, #Firefox 3.6.x < 3.6.27 'png_decompress_chunk' Integer Overflow
+								58349, #Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities
+								58898, #Firefox < 12.0 Multiple Vulnerabilities
+								59407, #Firefox < 13.0 Multiple Vulnerabilities
+								60043, #Firefox < 14.0 Multiple Vulnerabilities
+								61715, #Firefox < 15.0 Multiple Vulnerabilities
+								62580, #Firefox < 16.0 Multiple Vulnerabilities
+								62589, #Firefox < 16.0.1 Multiple Vulnerabilities
+								94232, #Mozilla Firefox 48.x / 49.x < 49.0.2 Multiple Vulnerabilities
+								102359, #Mozilla Firefox < 55 Multiple Vulnerabilities
+								100810, #Mozilla Firefox < 54 Multiple Vulnerabilities
+								103680, #Mozilla Firefox < 56 Multiple Vulnerabilities
+								99631, #Mozilla Firefox ESR 52.x < 52.1 Multiple Vulnerabilities
+								100126, #Mozilla Firefox ESR 52.x < 52.1.1 ANGLE Graphics Library RCE
+								100809, #Mozilla Firefox ESR < 52.2 Multiple Vulnerabilities
+								102358, #Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities
+								104637, #Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities
+								105212, #Mozilla Firefox ESR < 52.5.2 Multiple Vulnerabilities
+								106302, #Mozilla Firefox ESR < 52.6 Multiple Vulnerabilities
+								103679, #Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities
+								108376, #Mozilla Firefox ESR < 52.7 Multiple Vulnerabilities
+								108586, #Mozilla Firefox ESR < 52.7.2 Multiple Code Execution Vulnerabilities
+								108755, #Mozilla Firefox ESR < 52.7.3 Denial of Service Vulnerability
+								104638, #Mozilla Firefox < 57 Multiple Vulnerabilities
+105213, #Mozilla Firefox < 57.0.2 ANGLE Graphics Library RCE
+106303, #Mozilla Firefox < 58 Multiple Vulnerabilities
+106561, #Mozilla Firefox < 58.0.1 Arbitrary Code Execution
+108377, #Mozilla Firefox < 59 Multiple Vulnerabilities
+108587, #Mozilla Firefox < 59.0.1 Multiple Code Execution Vulnerabilities
+108756, #Mozilla Firefox ESR < 59.0.2 Denial of Service Vulnerability
+109869, #Mozilla Firefox < 60 Multiple Critical Vulnerabilities
+105040, #Mozilla Firefox < 57.0.1 Multiple Vulnerabilities
+105616, #Mozilla Firefox < 57.0.4 Speculative Execution Side-Channel Attack Vulnerability (Spectre)
+110811, #Mozilla Firefox < 61 Multiple Critical Vulnerabilities
+117294, #Mozilla Firefox < 62 Multiple Critical Vulnerabilities
+118397, #Mozilla Firefox < 63 Multiple Vulnerabilities
+117921, #Mozilla Firefox < 62.0.3 Multiple Vulnerabilities
+117941, #Mozilla Firefox < 49 Multiple Vulnerabilities
+122948, #Mozilla Firefox < 66.0
+123012, #Mozilla Firefox < 66.0.1
+121512, #Mozilla Firefox < 65.0
+125361, #Mozilla Firefox < 67.0
+126002, #Mozilla Firefox < 67.0.3
+126072, #Mozilla Firefox < 67.0.4
+121477, #Mozilla Firefox ESR < 60.5
+109868, #Mozilla Firefox ESR < 52.8 Multiple Critical Vulnerabilities
+110809, #Mozilla Firefox ESR < 52.9 Multiple Critical Vulnerabilities
+125877, #Mozilla Firefox < 67.0.2
+117668, #Mozilla Firefox < 62.0.2 Vulnerability
+119604, #Mozilla Firefox < 64.0 Multiple Vulnerabilities
+122233, #Mozilla Firefox < 65.0.1
+126622, #Mozilla Firefox < 68.0
+128061, #Mozilla Firefox < 68.0.2
+128525, #Mozilla Firefox < 69.0
 							]
 						}
 					end