RubyGems - risu - Versions diffs - 1.8.3 → 1.8.4 - Mend

risu 1.8.3 → 1.8.4

Files changed (161) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/Gemfile.lock +159 -0
data/LICENSE +1 -1
data/README.markdown +2 -5
data/Rakefile +1 -1
data/bin/risu +1 -1
data/docs/NEWS.markdown +3 -0
data/lib/risu.rb +2 -2
data/lib/risu/base.rb +1 -1
data/lib/risu/base/graph_template_helper.rb +1 -1
data/lib/risu/base/host_template_helper.rb +2 -1
data/lib/risu/base/malware_template_helper.rb +1 -1
data/lib/risu/base/post_process_base.rb +7 -4
data/lib/risu/base/post_process_manager.rb +1 -1
data/lib/risu/base/scan_helper.rb +1 -1
data/lib/risu/base/schema.rb +10 -3
data/lib/risu/base/shares_template_helper.rb +1 -1
data/lib/risu/base/template_base.rb +1 -1
data/lib/risu/base/template_helper.rb +1 -1
data/lib/risu/base/template_manager.rb +1 -1
data/lib/risu/base/templater.rb +1 -1
data/lib/risu/cli.rb +1 -1
data/lib/risu/cli/application.rb +16 -16
data/lib/risu/cli/banner.rb +1 -1
data/lib/risu/exceptions.rb +1 -1
data/lib/risu/exceptions/invaliddocument.rb +1 -1
data/lib/risu/graphs.rb +1 -1
data/lib/risu/graphs/top_vuln_graph.rb +1 -1
data/lib/risu/graphs/windows_os_graph.rb +1 -1
data/lib/risu/models.rb +2 -1
data/lib/risu/models/attachment.rb +1 -1
data/lib/risu/models/familyselection.rb +1 -1
data/lib/risu/models/host.rb +34 -2
data/lib/risu/models/hostproperty.rb +1 -1
data/lib/risu/models/individualpluginselection.rb +1 -1
data/lib/risu/models/item.rb +248 -20
data/lib/risu/models/nessuspluginmetadata.rb +28 -0
data/lib/risu/models/patch.rb +1 -1
data/lib/risu/models/plugin.rb +1 -1
data/lib/risu/models/pluginspreference.rb +1 -1
data/lib/risu/models/policy.rb +1 -1
data/lib/risu/models/reference.rb +1 -1
data/lib/risu/models/report.rb +1 -1
data/lib/risu/models/serverpreference.rb +1 -1
data/lib/risu/models/servicedescription.rb +1 -1
data/lib/risu/models/version.rb +1 -1
data/lib/risu/parsers.rb +1 -1
data/lib/risu/parsers/nessus/nessus_document.rb +1 -1
data/lib/risu/parsers/nessus/nessus_sax_listener.rb +3 -2
data/lib/risu/parsers/nessus/postprocess.rb +1 -1
data/lib/risu/parsers/nessus/postprocess/7zip.rb +6 -4
data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb +48 -54
data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +58 -63
data/lib/risu/parsers/nessus/postprocess/adobe_coldfusion.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/{shockwave.rb → adobe_creative_desktop.rb} +9 -34
data/lib/risu/parsers/nessus/postprocess/adobe_flash_player.rb +175 -0
data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +73 -55
data/lib/risu/parsers/nessus/postprocess/adobe_shockwave_player.rb +74 -0
data/lib/risu/parsers/nessus/postprocess/apache.rb +38 -33
data/lib/risu/parsers/nessus/postprocess/apache_tomcat.rb +8 -10
data/lib/risu/parsers/nessus/postprocess/apple_icloud.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/apple_itunes.rb +23 -17
data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb +38 -32
data/lib/risu/parsers/nessus/postprocess/artifex_ghostscript.rb +49 -0
data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb +10 -14
data/lib/risu/parsers/nessus/postprocess/ca_brightstor_arcserve.rb +10 -10
data/lib/risu/parsers/nessus/postprocess/cisco_anyconnect.rb +18 -20
data/lib/risu/parsers/nessus/postprocess/cisco_ios.rb +25 -15
data/lib/risu/parsers/nessus/postprocess/cisco_telepresence.rb +45 -0
data/lib/risu/parsers/nessus/postprocess/core_ftp.rb +6 -6
data/lib/risu/parsers/nessus/postprocess/db2.rb +7 -9
data/lib/risu/parsers/nessus/postprocess/dell_idrac.rb +49 -0
data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb +4 -2
data/lib/risu/parsers/nessus/postprocess/dropbear_ssh.rb +7 -6
data/lib/risu/parsers/nessus/postprocess/filezilla.rb +4 -6
data/lib/risu/parsers/nessus/postprocess/firefox.rb +113 -71
data/lib/risu/parsers/nessus/postprocess/flexnet.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/foxit_phantom_pdf.rb +10 -3
data/lib/risu/parsers/nessus/postprocess/foxit_reader.rb +13 -12
data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +34 -6
data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/iLo.rb +50 -0
data/lib/risu/parsers/nessus/postprocess/intel_mgt_engine.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/irfanview.rb +2 -2
data/lib/risu/parsers/nessus/postprocess/java.rb +70 -64
data/lib/risu/parsers/nessus/postprocess/libreoffice.rb +2 -2
data/lib/risu/parsers/nessus/postprocess/microsoft_office.rb +73 -0
data/lib/risu/parsers/nessus/postprocess/microsoft_visual_studio.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/microsoft_windows.rb +1312 -0
data/lib/risu/parsers/nessus/postprocess/mongo_db.rb +46 -0
data/lib/risu/parsers/nessus/postprocess/mozzila_thunderbird.rb +49 -0
data/lib/risu/parsers/nessus/postprocess/normalize_plugin_names.rb +5 -2
data/lib/risu/parsers/nessus/postprocess/openoffice.rb +14 -11
data/lib/risu/parsers/nessus/postprocess/openssh.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/openssl.rb +58 -39
data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/php.rb +94 -69
data/lib/risu/parsers/nessus/postprocess/post_process.rb +1 -1
data/lib/risu/parsers/nessus/postprocess/putty.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/real_player.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/risk_score.rb +1 -1
data/lib/risu/parsers/nessus/postprocess/root_cause.rb +16 -3
data/lib/risu/parsers/nessus/postprocess/samba.rb +46 -0
data/lib/risu/parsers/nessus/postprocess/servu.rb +4 -4
data/lib/risu/parsers/nessus/postprocess/sigplus_pro.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/skype.rb +4 -3
data/lib/risu/parsers/nessus/postprocess/solarwinds_dameware.rb +48 -0
data/lib/risu/parsers/nessus/postprocess/symantec_endpoint.rb +4 -3
data/lib/risu/parsers/nessus/postprocess/symantec_pcanywhere.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/tenable_nessus.rb +47 -0
data/lib/risu/parsers/nessus/postprocess/timbuktu.rb +2 -2
data/lib/risu/parsers/nessus/postprocess/vlc.rb +4 -3
data/lib/risu/parsers/nessus/postprocess/vmware_esxi.rb +64 -54
data/lib/risu/parsers/nessus/postprocess/vmware_player.rb +3 -3
data/lib/risu/parsers/nessus/postprocess/vmware_vcenter.rb +11 -5
data/lib/risu/parsers/nessus/postprocess/vmware_vsphere_client.rb +7 -6
data/lib/risu/parsers/nessus/postprocess/winscp.rb +7 -8
data/lib/risu/parsers/nessus/postprocess/wireshark.rb +73 -51
data/lib/risu/parsers/nexpose/nexpose_document.rb +1 -1
data/lib/risu/parsers/nexpose/simple_nexpose.rb +1 -1
data/lib/risu/renderers.rb +1 -1
data/lib/risu/renderers/csvrenderer.rb +1 -1
data/lib/risu/renderers/nilrenderer.rb +1 -1
data/lib/risu/renderers/pdfrenderer.rb +1 -1
data/lib/risu/template_helpers.rb +1 -1
data/lib/risu/templates/assets.rb +1 -1
data/lib/risu/templates/authentication_summary.rb +1 -1
data/lib/risu/templates/cover_sheet.rb +1 -1
data/lib/risu/templates/exec_summary.rb +1 -1
data/lib/risu/templates/executive_summary_detailed.rb +1 -1
data/lib/risu/templates/exploitablity_summary.rb +1 -1
data/lib/risu/templates/failed_audits.rb +1 -1
data/lib/risu/templates/finding_statistics.rb +1 -1
data/lib/risu/templates/findings_host.rb +1 -1
data/lib/risu/templates/findings_summary.rb +1 -1
data/lib/risu/templates/findings_summary_with_pluginid.rb +1 -1
data/lib/risu/templates/graphs.rb +1 -1
data/lib/risu/templates/host_findings_csv.rb +1 -1
data/lib/risu/templates/host_summary.rb +1 -1
data/lib/risu/templates/malicious_process_detection.rb +1 -1
data/lib/risu/templates/missing_root_causes.rb +1 -1
data/lib/risu/templates/ms_patch_summary.rb +1 -1
data/lib/risu/templates/ms_update_summary.rb +1 -1
data/lib/risu/templates/ms_wsus_findings.rb +1 -1
data/lib/risu/templates/notable.rb +1 -1
data/lib/risu/templates/notable_detailed.rb +1 -1
data/lib/risu/templates/pci_compliance.rb +1 -1
data/lib/risu/templates/rollup_summary.rb +82 -0
data/lib/risu/templates/stig_findings_summary.rb +1 -1
data/lib/risu/templates/talking_points.rb +1 -1
data/lib/risu/templates/technical_findings.rb +1 -1
data/lib/risu/templates/template.rb +1 -1
data/lib/risu/templates/top_25.rb +1 -1
data/lib/risu/version.rb +2 -2
data/risu.gemspec +5 -5
metadata +59 -56
metadata.gz.sig +0 -0
data/lib/risu/parsers/nessus/postprocess/flash_player.rb +0 -145
data/lib/risu/parsers/nessus/postprocess/windows.rb +0 -976

data/lib/risu/parsers/nessus/postprocess/cisco_ios.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,22 +31,32 @@ module Risu
 						{
 							:description => "Cisco IOS Patch Rollup",
 							:plugin_id => -99965,
-							:plugin_name => "Update to the latest Cisco IOS",
+							:plugin_name => "Missing the latest Cisco IOS Patches",
 							:item_name => "Update to the latest Cisco IOS",
 							:plugin_ids => [
-								58568,
-								58570,
-								58572,
-								62372,
-								62373,
-								65891,
-								70316,
-								70322,
-								73345,
-								78035,
-								82571,
+								58568, #Cisco IOS Software Multicast Source Discovery Protocol DoS (cisco-sa-20120328-msdp)
+								58570, #Cisco IOS Software Command Security Bypass (cisco-sa-20120328-pai)
+								58572, #Cisco IOS Software Smart Install Denial of Service Vulnerability (cisco-sa-20120328-smartinstall)
+								62372, #Cisco IOS Software DHCP Denial of Service Vulnerability (cisco-sa-20120926-dhcp)
+								62373, #Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability (cisco-sa-20120926-dhcpv6)
+								65891, #Cisco IOS Software Smart Install Denial of Service Vulnerability (cisco-sa-20130327-smartinstall)
+								70316, #Cisco IOS Software DHCP Denial of Service Vulnerability (cisco-sa-20130925-dhcp)
+								70322, #Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability (cisco-sa-20130925-ntp)
+								73345, #Cisco IOS Software Multiple Network Address Translation (NAT) Denial of Service Vulnerabilities (cisco-sa-20140326-nat)
+								78035, #Cisco IOS Software RSVP DoS (cisco-sa-20140924-rsvp)
+								82571, #Cisco IOS Software TCP CIP DoS
+								90358, #Cisco IOS Smart Install Packet Image List Parameter Handling DoS (cisco-sa-20160323-smi) 94252, #Cisco IOS Software CIP Request DoS (cisco-sa-20160928-cip)
+								99028, #Cisco IOS L2TP Parsing DoS (cisco-sa-20170322-l2tp)
+								99687, #Cisco IOS EnergyWise DoS (cisco-sa-20170419-energywise)
+								103670, #Cisco IOS Software PROFINET denial of service (cisco-sa-20170927-profinet)
+								97991, #Cisco IOS Cluster Management Protocol Telnet Option Handling RCE (cisco-sa-20170317-cmp)
+								94252, #Cisco IOS Software CIP Request DoS (cisco-sa-20160928-cip)
+								103565, #Cisco IOS Software DHCP Remote Code Execution Vulnerability
+								108722, #Cisco IOS Software Smart Install Remote Code Execution Vulnerability
+								108880, #Cisco IOS Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities (cisco-sa-20180328- lldp)
+								108956, #Cisco IOS Software DNS Forwarder Denial of Service Vulnerability (cisco-sa-20160928-dns)
+								109087, #Cisco IOS DHCP Multiple Vulnerabilities
+								117944, #Cisco IOS Software Cluster Management Protocol DoS Vulnerability (cisco-sa-20180926-cmp)
 							]
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/cisco_telepresence.rb ADDED

@@ -0,0 +1,45 @@
+# Copyright (c) 2010-2020 Jacob Hammack.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class CiscoTelepresenceRollup < Risu::Base::PostProcessBase
+					#
+					def initialize
+						@info =
+						{
+							:description => "Cisco Telepresence Patch Rollup",
+							:plugin_id => -99941,
+							:plugin_name => "Missing the latest Cisco Telepresence",
+							:item_name => "Update to the latest Cisco Telepresence",
+							:plugin_ids => [
+100838, #Cisco TelePresence Endpoint SIP INVITE Packet Flood DoS (cisco-sa-20170607-tele)
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/core_ftp.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,13 +31,13 @@ module Risu
 						{
 							:description => "CoreFTP Patch Rollup",
 							:plugin_id => -99989,
-							:plugin_name => "Update to the latest CoreFTP",
+							:plugin_name => "Missing the latest CoreFTP Patches",
 							:item_name => "Update to the latest CoreFTP",
 							:plugin_ids => [
-								65789,
-								70656,
-								59243
-							]
+								65789, #Core FTP < 2.2 build 1769 Multiple Buffer Overflows
+								70656, #Core FTP < 2.2 build 1785 CWD Command Buffer Overflow
+								59243, #Core FTP Filename Processing Boundary Error FTP List Command Response Parsing Remote Overflow
+							]
 						}
 					end
 				end

data/lib/risu/parsers/nessus/postprocess/db2.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,16 +31,14 @@ module Risu
 						{
 							:description => "DB2 Patch Rollup",
 							:plugin_id => -99980,
-							:plugin_name => "Update to the latest DB2",
+							:plugin_name => "Missing the latest DB2 Patches",
 							:item_name => "Update to the latest DB2",
 							:plugin_ids => [
-								62701,
-								71519,
-								76114,
-								76116,
-								84828
+								62701, #IBM DB2 9.7 < Fix Pack 7 Multiple Vulnerabilities
+								71519, #IBM DB2 9.7 < Fix Pack 9 Multiple Vulnerabilities
+								76114, #IBM DB2 9.7 < Fix Pack 9a Multiple Vulnerabilities
+								76116, #IBM DB2 Stored Procedure Infrastructure Privilege Escalation Vulnerability
+								84828, #IBM DB2 9.7 < Fix Pack 11 Multiple Vulnerabilities (Bar Mitzvah) (FREAK) (TLS POODLE)
 							]
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/dell_idrac.rb ADDED

@@ -0,0 +1,49 @@
+# Copyright (c) 2010-2020 Jacob Hammack.
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+module Risu
+	module Parsers
+		module Nessus
+			module PostProcess
+				class DellIDracRollup < Risu::Base::PostProcessBase
+					#
+					def initialize
+						@info =
+						{
+							:description => "Dell iDRAC Products Patch Rollup",
+							:plugin_id => -99947,
+							:plugin_name => "Missing the latest Dell iDRAC Patches",
+							:item_name => "Update to the latest Dell iDRAC",
+							:plugin_ids => [
+109208, #Dell iDRAC Products Multiple Vulnerabilities (Mar 2018)
+111604, #Dell iDRAC Products Multiple Vulnerabilities (June 2018)
+119833, #Dell iDRAC Products Multiple Vulnerabilities (December 2018)
+90265, #Dell iDRAC6 / iDRAC7 / iDRAC8 Path Traversal Authentication Bypass
+							]
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -43,13 +43,15 @@ module Risu
 						@plugins_to_severity = {
 							41028 => 0, # SNMP Agent Default Community Name (public) - 41028
-              10264 => 0, # SNMP Agent Default Community Names - 10264
+              				10264 => 0, # SNMP Agent Default Community Names - 10264
 							10081 => 0, # FTP Privileged Port Bounce Scan - 10081
 							42411 => 0, # Microsoft Windows SMB Shares Unprivileged Access
 							66349 => 0, # X Server Unauthenticated Access: Screenshot
 							26925 => 0, # VNC Server Unauthenticated Access
 							66174 => 0, # VNC Server Unauthenticated Access: Screenshot
 							10205 => 0, # rlogin Service Detection
+							20007 => 2, # SSL Version 2 and 3 Protocol Detection
+							80101 => 2, # IPMI v2.0 Password Hash Disclosure
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/dropbear_ssh.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,13 +31,14 @@ module Risu
 						{
 							:description => "Dropbear SSH Server Patch Rollup",
 							:plugin_id => -99952,
-							:plugin_name => "Update to the latest Dropbear SSH Server",
+							:plugin_name => "Missing the latest Dropbear SSH Server Patches",
 							:item_name => "Update to the latest Dropbear SSH Server",
 							:plugin_ids => [
-								93650,
-								58183,
+								93650, #Dropbear SSH Server < 2016.72 Multiple Vulnerabilities
+								58183, #Dropbear SSH Server Channel Concurrency Use-after-free Remote Code Execution
+								70545, #Dropbear SSH Server < 2013.59 Multiple Vulnerabilities
+								21023, #Dropbear SSH Authorization-pending Connection Saturation DoS
+								34769, #Dropbear SSH Server svr_ses.childpidsize Remote Overflow
 							]
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/filezilla.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,13 +31,11 @@ module Risu
 						{
 							:description => "FileZilla Client Patch Rollup",
 							:plugin_id => -99974,
-							:plugin_name => "Update to the latest FileZilla Client",
+							:plugin_name => "Missing the latest FileZilla Client Patches",
 							:item_name => "Update to the latest FileZilla Client",
 							:plugin_ids => [
-								69476,
-								69494,
+								69476, #FileZilla Client < 3.7.2 SFTP Integer Overflow
+								69494, #FileZilla Client < 3.7.3 Multiple Vulnerabilities
 							]
 						}
 					end

data/lib/risu/parsers/nessus/postprocess/firefox.rb CHANGED

@@ -1,4 +1,4 @@
-# Copyright (c) 2010-2017 Jacob Hammack.
+# Copyright (c) 2010-2020 Jacob Hammack.
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -31,78 +31,120 @@ module Risu
 						{
 							:description => "Firefox Patch Rollup",
 							:plugin_id => -99972,
-							:plugin_name => "Update to the latest Firefox",
+							:plugin_name => "Missing the latest Firefox Patches",
 							:item_name => "Update to the latest Firefox",
 							:plugin_ids => [
-                73099,
-                73769,
-                74440,
-                76763,
-                77500,
-                77906,
-                78473,
-                79665,
-                80523,
-                81521,
-                82040,
-                82041,
-                82503,
-                82998,
-                83439,
-                84581,
-								82583,
-								85386,
-								62998,
-								63551,
-								64723,
-								65131,
-								65806,
-								66480,
-								66993,
-								69269,
-								69993,
-								70716,
-								70949,
-								71347,
-								72331,
-								85275,
-								85689,
-								86071,
-								86764,
-								87476,
-								86418,
-								88461,
-								89875,
-								90793,
-								91547,
-								88754,
-								92755,
-								93662,
-								94960,
-								95475,
-								95886,
-								96776,
-								97639,
-								99125,
-								99632,
-								100127,
-								55901,
-								56334,
-								56750,
-								57768,
-								57769,
-								58006,
-								58349,
-								58898,
-								59407,
-								60043,
-								61715,
-								62580,
-								62589,
-								94232,
+								73099, #Firefox < 28.0 Multiple Vulnerabilities
+								73769, #Firefox < 29.0 Multiple Vulnerabilities
+								74440, #Firefox < 30.0 Multiple Vulnerabilities
+								76763, #Firefox < 31.0 Multiple Vulnerabilities
+								77500, #Firefox < 32.0 Multiple Vulnerabilities
+								77906, #Firefox < 32.0.3 NSS Signature Verification Vulnerability
+								78473, #Firefox < 33.0 Multiple Vulnerabilities
+								79665, #Firefox < 34.0 Multiple Vulnerabilities
+								80523, #Firefox < 35 Multiple Vulnerabilities
+								81521, #Firefox < 36 Multiple Vulnerabilities
+								82040, #Firefox < 36.0.3 JIT Code Execution
+								82041, #Firefox < 36.0.4 SVG Bypass Privilege Escalation
+								82503, #Firefox < 37.0 Multiple Vulnerabilities
+								82998, #Firefox < 37.0.2 Failed Plugin Memory Corruption
+								83439, #Firefox < 38.0 Multiple Vulnerabilities
+								84581, #Firefox < 39.0 Multiple Vulnerabilities (Logjam)
+								82583, #Firefox < 37.0.1 HTTP/2 Alt-Svc Header Certificate Verification Bypass
+								85386, #Firefox < 40 Multiple Vulnerabilities
+								62998, #Firefox < 17.0 Multiple Vulnerabilities
+								63551, #Firefox < 18.0 Multiple Vulnerabilities
+								64723, #Firefox < 19.0 Multiple Vulnerabilities
+								65131, #Firefox < 19.0.2 nsHTMLEditor Use-After-Free
+								65806, #Firefox < 20 Multiple Vulnerabilities
+								66480, #Firefox < 21.0 Multiple Vulnerabilities
+								66993, #Firefox < 22.0 Multiple Vulnerabilities
+								69269, #Firefox < 23.0 Multiple Vulnerabilities
+								69993, #Firefox < 24.0 Multiple Vulnerabilities
+								70716, #Firefox < 25.0 Multiple Vulnerabilities
+								70949, #Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities
+								71347, #Firefox < 26.0 Multiple Vulnerabilities
+								72331, #Firefox < 27.0 Multiple Vulnerabilities
+								85275, #Firefox < 39.0.3 PDF Reader Arbitrary File Access
+								85689, #Firefox < 40.0.3 Multiple Vulnerabilities
+								86071, #Firefox < 41 Multiple Vulnerabilities
+								86764, #Firefox < 42 Multiple Vulnerabilities
+								87476, #Firefox < 43 Multiple Vulnerabilities
+								86418, #Firefox < 41.0.2 'fetch' API Cross-Origin Bypass
+								88461, #Firefox < 44 Multiple Vulnerabilities
+								89875, #Firefox < 45 Multiple Vulnerabilities
+								90793, #Firefox < 46 Multiple Vulnerabilities
+								91547, #Firefox < 47 Multiple Vulnerabilities
+								88754, #Firefox < 44.0.2 Service Workers Security Bypass
+								92755, #Firefox < 48 Multiple Vulnerabilities
+								93662, #Mozilla Firefox < 49.0 Multiple Vulnerabilities
+								94960, #Mozilla Firefox < 50.0 Multiple Vulnerabilities
+								95475, #Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE
+								95886, #Mozilla Firefox < 50.1 Multiple Vulnerabilities
+								96776, #Mozilla Firefox < 51.0 Multiple Vulnerabilities
+								97639, #Mozilla Firefox < 52.0 Multiple Vulnerabilities
+								99125, #Mozilla Firefox < 52.0.1 CreateImageBitmap RCE
+								99632, #Mozilla Firefox < 53 Multiple Vulnerabilities
+								100127, #Mozilla Firefox < 53.0.2 ANGLE Graphics Library RCE
+								55901, #Firefox 3.6 < 3.6.20 Multiple Vulnerabilities
+								56334, #Firefox 3.6.x < 3.6.23 Multiple Vulnerabilities
+								56750, #Firefox 3.6.x < 3.6.24 Multiple Vulnerabilities
+								57768, #Firefox < 10.0 Multiple Vulnerabilities
+								57769, #Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities
+								58006, #Firefox 3.6.x < 3.6.27 'png_decompress_chunk' Integer Overflow
+								58349, #Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities
+								58898, #Firefox < 12.0 Multiple Vulnerabilities
+								59407, #Firefox < 13.0 Multiple Vulnerabilities
+								60043, #Firefox < 14.0 Multiple Vulnerabilities
+								61715, #Firefox < 15.0 Multiple Vulnerabilities
+								62580, #Firefox < 16.0 Multiple Vulnerabilities
+								62589, #Firefox < 16.0.1 Multiple Vulnerabilities
+								94232, #Mozilla Firefox 48.x / 49.x < 49.0.2 Multiple Vulnerabilities
+								102359, #Mozilla Firefox < 55 Multiple Vulnerabilities
+								100810, #Mozilla Firefox < 54 Multiple Vulnerabilities
+								103680, #Mozilla Firefox < 56 Multiple Vulnerabilities
+								99631, #Mozilla Firefox ESR 52.x < 52.1 Multiple Vulnerabilities
+								100126, #Mozilla Firefox ESR 52.x < 52.1.1 ANGLE Graphics Library RCE
+								100809, #Mozilla Firefox ESR < 52.2 Multiple Vulnerabilities
+								102358, #Mozilla Firefox ESR < 52.3 Multiple Vulnerabilities
+								104637, #Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities
+								105212, #Mozilla Firefox ESR < 52.5.2 Multiple Vulnerabilities
+								106302, #Mozilla Firefox ESR < 52.6 Multiple Vulnerabilities
+								103679, #Mozilla Firefox ESR < 52.4 Multiple Vulnerabilities
+								108376, #Mozilla Firefox ESR < 52.7 Multiple Vulnerabilities
+								108586, #Mozilla Firefox ESR < 52.7.2 Multiple Code Execution Vulnerabilities
+								108755, #Mozilla Firefox ESR < 52.7.3 Denial of Service Vulnerability
+								104638, #Mozilla Firefox < 57 Multiple Vulnerabilities
+105213, #Mozilla Firefox < 57.0.2 ANGLE Graphics Library RCE
+106303, #Mozilla Firefox < 58 Multiple Vulnerabilities
+106561, #Mozilla Firefox < 58.0.1 Arbitrary Code Execution
+108377, #Mozilla Firefox < 59 Multiple Vulnerabilities
+108587, #Mozilla Firefox < 59.0.1 Multiple Code Execution Vulnerabilities
+108756, #Mozilla Firefox ESR < 59.0.2 Denial of Service Vulnerability
+109869, #Mozilla Firefox < 60 Multiple Critical Vulnerabilities
+105040, #Mozilla Firefox < 57.0.1 Multiple Vulnerabilities
+105616, #Mozilla Firefox < 57.0.4 Speculative Execution Side-Channel Attack Vulnerability (Spectre)
+110811, #Mozilla Firefox < 61 Multiple Critical Vulnerabilities
+117294, #Mozilla Firefox < 62 Multiple Critical Vulnerabilities
+118397, #Mozilla Firefox < 63 Multiple Vulnerabilities
+117921, #Mozilla Firefox < 62.0.3 Multiple Vulnerabilities
+117941, #Mozilla Firefox < 49 Multiple Vulnerabilities
+122948, #Mozilla Firefox < 66.0
+123012, #Mozilla Firefox < 66.0.1
+121512, #Mozilla Firefox < 65.0
+125361, #Mozilla Firefox < 67.0
+126002, #Mozilla Firefox < 67.0.3
+126072, #Mozilla Firefox < 67.0.4
+121477, #Mozilla Firefox ESR < 60.5
+109868, #Mozilla Firefox ESR < 52.8 Multiple Critical Vulnerabilities
+110809, #Mozilla Firefox ESR < 52.9 Multiple Critical Vulnerabilities
+125877, #Mozilla Firefox < 67.0.2
+117668, #Mozilla Firefox < 62.0.2 Vulnerability
+119604, #Mozilla Firefox < 64.0 Multiple Vulnerabilities
+122233, #Mozilla Firefox < 65.0.1
+126622, #Mozilla Firefox < 68.0
+128061, #Mozilla Firefox < 68.0.2
+128525, #Mozilla Firefox < 69.0
 							]
 						}
 					end