risu 1.8.3 → 1.8.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/Gemfile.lock +159 -0
- data/LICENSE +1 -1
- data/README.markdown +2 -5
- data/Rakefile +1 -1
- data/bin/risu +1 -1
- data/docs/NEWS.markdown +3 -0
- data/lib/risu.rb +2 -2
- data/lib/risu/base.rb +1 -1
- data/lib/risu/base/graph_template_helper.rb +1 -1
- data/lib/risu/base/host_template_helper.rb +2 -1
- data/lib/risu/base/malware_template_helper.rb +1 -1
- data/lib/risu/base/post_process_base.rb +7 -4
- data/lib/risu/base/post_process_manager.rb +1 -1
- data/lib/risu/base/scan_helper.rb +1 -1
- data/lib/risu/base/schema.rb +10 -3
- data/lib/risu/base/shares_template_helper.rb +1 -1
- data/lib/risu/base/template_base.rb +1 -1
- data/lib/risu/base/template_helper.rb +1 -1
- data/lib/risu/base/template_manager.rb +1 -1
- data/lib/risu/base/templater.rb +1 -1
- data/lib/risu/cli.rb +1 -1
- data/lib/risu/cli/application.rb +16 -16
- data/lib/risu/cli/banner.rb +1 -1
- data/lib/risu/exceptions.rb +1 -1
- data/lib/risu/exceptions/invaliddocument.rb +1 -1
- data/lib/risu/graphs.rb +1 -1
- data/lib/risu/graphs/top_vuln_graph.rb +1 -1
- data/lib/risu/graphs/windows_os_graph.rb +1 -1
- data/lib/risu/models.rb +2 -1
- data/lib/risu/models/attachment.rb +1 -1
- data/lib/risu/models/familyselection.rb +1 -1
- data/lib/risu/models/host.rb +34 -2
- data/lib/risu/models/hostproperty.rb +1 -1
- data/lib/risu/models/individualpluginselection.rb +1 -1
- data/lib/risu/models/item.rb +248 -20
- data/lib/risu/models/nessuspluginmetadata.rb +28 -0
- data/lib/risu/models/patch.rb +1 -1
- data/lib/risu/models/plugin.rb +1 -1
- data/lib/risu/models/pluginspreference.rb +1 -1
- data/lib/risu/models/policy.rb +1 -1
- data/lib/risu/models/reference.rb +1 -1
- data/lib/risu/models/report.rb +1 -1
- data/lib/risu/models/serverpreference.rb +1 -1
- data/lib/risu/models/servicedescription.rb +1 -1
- data/lib/risu/models/version.rb +1 -1
- data/lib/risu/parsers.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_document.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +3 -2
- data/lib/risu/parsers/nessus/postprocess.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/7zip.rb +6 -4
- data/lib/risu/parsers/nessus/postprocess/adobe_acrobat.rb +48 -54
- data/lib/risu/parsers/nessus/postprocess/adobe_air.rb +58 -63
- data/lib/risu/parsers/nessus/postprocess/adobe_coldfusion.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/{shockwave.rb → adobe_creative_desktop.rb} +9 -34
- data/lib/risu/parsers/nessus/postprocess/adobe_flash_player.rb +175 -0
- data/lib/risu/parsers/nessus/postprocess/adobe_reader.rb +73 -55
- data/lib/risu/parsers/nessus/postprocess/adobe_shockwave_player.rb +74 -0
- data/lib/risu/parsers/nessus/postprocess/apache.rb +38 -33
- data/lib/risu/parsers/nessus/postprocess/apache_tomcat.rb +8 -10
- data/lib/risu/parsers/nessus/postprocess/apple_icloud.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/apple_itunes.rb +23 -17
- data/lib/risu/parsers/nessus/postprocess/apple_quicktime.rb +38 -32
- data/lib/risu/parsers/nessus/postprocess/artifex_ghostscript.rb +49 -0
- data/lib/risu/parsers/nessus/postprocess/blackberry_enterprise_server.rb +10 -14
- data/lib/risu/parsers/nessus/postprocess/ca_brightstor_arcserve.rb +10 -10
- data/lib/risu/parsers/nessus/postprocess/cisco_anyconnect.rb +18 -20
- data/lib/risu/parsers/nessus/postprocess/cisco_ios.rb +25 -15
- data/lib/risu/parsers/nessus/postprocess/cisco_telepresence.rb +45 -0
- data/lib/risu/parsers/nessus/postprocess/core_ftp.rb +6 -6
- data/lib/risu/parsers/nessus/postprocess/db2.rb +7 -9
- data/lib/risu/parsers/nessus/postprocess/dell_idrac.rb +49 -0
- data/lib/risu/parsers/nessus/postprocess/downgrade_plugins.rb +4 -2
- data/lib/risu/parsers/nessus/postprocess/dropbear_ssh.rb +7 -6
- data/lib/risu/parsers/nessus/postprocess/filezilla.rb +4 -6
- data/lib/risu/parsers/nessus/postprocess/firefox.rb +113 -71
- data/lib/risu/parsers/nessus/postprocess/flexnet.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/foxit_phantom_pdf.rb +10 -3
- data/lib/risu/parsers/nessus/postprocess/foxit_reader.rb +13 -12
- data/lib/risu/parsers/nessus/postprocess/google_chrome.rb +34 -6
- data/lib/risu/parsers/nessus/postprocess/hp_system_mgt_homepage.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/iLo.rb +50 -0
- data/lib/risu/parsers/nessus/postprocess/intel_mgt_engine.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/irfanview.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/java.rb +70 -64
- data/lib/risu/parsers/nessus/postprocess/libreoffice.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/microsoft_office.rb +73 -0
- data/lib/risu/parsers/nessus/postprocess/microsoft_visual_studio.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/microsoft_windows.rb +1312 -0
- data/lib/risu/parsers/nessus/postprocess/mongo_db.rb +46 -0
- data/lib/risu/parsers/nessus/postprocess/mozzila_thunderbird.rb +49 -0
- data/lib/risu/parsers/nessus/postprocess/normalize_plugin_names.rb +5 -2
- data/lib/risu/parsers/nessus/postprocess/openoffice.rb +14 -11
- data/lib/risu/parsers/nessus/postprocess/openssh.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/openssl.rb +58 -39
- data/lib/risu/parsers/nessus/postprocess/oracle_database.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/php.rb +94 -69
- data/lib/risu/parsers/nessus/postprocess/post_process.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/putty.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/real_player.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/risk_score.rb +1 -1
- data/lib/risu/parsers/nessus/postprocess/root_cause.rb +16 -3
- data/lib/risu/parsers/nessus/postprocess/samba.rb +46 -0
- data/lib/risu/parsers/nessus/postprocess/servu.rb +4 -4
- data/lib/risu/parsers/nessus/postprocess/sigplus_pro.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/skype.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/solarwinds_dameware.rb +48 -0
- data/lib/risu/parsers/nessus/postprocess/symantec_endpoint.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/symantec_pcanywhere.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/tenable_nessus.rb +47 -0
- data/lib/risu/parsers/nessus/postprocess/timbuktu.rb +2 -2
- data/lib/risu/parsers/nessus/postprocess/vlc.rb +4 -3
- data/lib/risu/parsers/nessus/postprocess/vmware_esxi.rb +64 -54
- data/lib/risu/parsers/nessus/postprocess/vmware_player.rb +3 -3
- data/lib/risu/parsers/nessus/postprocess/vmware_vcenter.rb +11 -5
- data/lib/risu/parsers/nessus/postprocess/vmware_vsphere_client.rb +7 -6
- data/lib/risu/parsers/nessus/postprocess/winscp.rb +7 -8
- data/lib/risu/parsers/nessus/postprocess/wireshark.rb +73 -51
- data/lib/risu/parsers/nexpose/nexpose_document.rb +1 -1
- data/lib/risu/parsers/nexpose/simple_nexpose.rb +1 -1
- data/lib/risu/renderers.rb +1 -1
- data/lib/risu/renderers/csvrenderer.rb +1 -1
- data/lib/risu/renderers/nilrenderer.rb +1 -1
- data/lib/risu/renderers/pdfrenderer.rb +1 -1
- data/lib/risu/template_helpers.rb +1 -1
- data/lib/risu/templates/assets.rb +1 -1
- data/lib/risu/templates/authentication_summary.rb +1 -1
- data/lib/risu/templates/cover_sheet.rb +1 -1
- data/lib/risu/templates/exec_summary.rb +1 -1
- data/lib/risu/templates/executive_summary_detailed.rb +1 -1
- data/lib/risu/templates/exploitablity_summary.rb +1 -1
- data/lib/risu/templates/failed_audits.rb +1 -1
- data/lib/risu/templates/finding_statistics.rb +1 -1
- data/lib/risu/templates/findings_host.rb +1 -1
- data/lib/risu/templates/findings_summary.rb +1 -1
- data/lib/risu/templates/findings_summary_with_pluginid.rb +1 -1
- data/lib/risu/templates/graphs.rb +1 -1
- data/lib/risu/templates/host_findings_csv.rb +1 -1
- data/lib/risu/templates/host_summary.rb +1 -1
- data/lib/risu/templates/malicious_process_detection.rb +1 -1
- data/lib/risu/templates/missing_root_causes.rb +1 -1
- data/lib/risu/templates/ms_patch_summary.rb +1 -1
- data/lib/risu/templates/ms_update_summary.rb +1 -1
- data/lib/risu/templates/ms_wsus_findings.rb +1 -1
- data/lib/risu/templates/notable.rb +1 -1
- data/lib/risu/templates/notable_detailed.rb +1 -1
- data/lib/risu/templates/pci_compliance.rb +1 -1
- data/lib/risu/templates/rollup_summary.rb +82 -0
- data/lib/risu/templates/stig_findings_summary.rb +1 -1
- data/lib/risu/templates/talking_points.rb +1 -1
- data/lib/risu/templates/technical_findings.rb +1 -1
- data/lib/risu/templates/template.rb +1 -1
- data/lib/risu/templates/top_25.rb +1 -1
- data/lib/risu/version.rb +2 -2
- data/risu.gemspec +5 -5
- metadata +59 -56
- metadata.gz.sig +0 -0
- data/lib/risu/parsers/nessus/postprocess/flash_player.rb +0 -145
- data/lib/risu/parsers/nessus/postprocess/windows.rb +0 -976
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,13 +31,13 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Macrovision FLEXnet Patch Rollup",
|
33
33
|
:plugin_id => -99987,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Macrovision FLEXnet Patches",
|
35
35
|
:item_name => "Update to the latest Macrovision FLEXnet",
|
36
36
|
:plugin_ids => [
|
37
37
|
25371,
|
38
38
|
24712,
|
39
39
|
27599,
|
40
|
-
|
40
|
+
128148, #Flexera FlexNet Publisher < 11.16.2 Multiple Vulnerabilities
|
41
41
|
]
|
42
42
|
}
|
43
43
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,11 +31,18 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Foxit PhantomPDF Patch Rollup",
|
33
33
|
:plugin_id => -99956,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Foxit PhantomPDF Patches",
|
35
35
|
:item_name => "Update to the latest Foxit PhantomPDF",
|
36
36
|
:plugin_ids => [
|
37
37
|
86697,
|
38
|
-
90566
|
38
|
+
90566,
|
39
|
+
102682, #Foxit PhantomPDF < 7.3.15 Multiple Vulnerabilities - 102682
|
40
|
+
102858, #Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities - 102858
|
41
|
+
101523, #Foxit PhantomPDF < 8.3.1 Multiple Vulnerabilities - 101523
|
42
|
+
104436, #Foxit PhantomPDF < 9.0 Multiple Vulnerabilities
|
43
|
+
104742, #Foxit PhantomPDF < 8.3.5 Multiple Vulnerabilities
|
44
|
+
109398, #Foxit PhantomPDF < 9.1 Multiple Vulnerabilities
|
45
|
+
|
39
46
|
]
|
40
47
|
}
|
41
48
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,19 +31,20 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Foxit Reader Patch Rollup",
|
33
33
|
:plugin_id => -99969,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Foxit Reader Patches",
|
35
35
|
:item_name => "Update to the latest Foxit Reader",
|
36
36
|
:plugin_ids => [
|
37
|
-
52458,
|
38
|
-
55671,
|
39
|
-
57050,
|
40
|
-
62063,
|
41
|
-
62384,
|
42
|
-
72723,
|
43
|
-
62064,
|
44
|
-
86698,
|
45
|
-
90567,
|
46
|
-
|
37
|
+
52458, #Foxit Reader < 4.3.1.0218 Multiple Vulnerabilities
|
38
|
+
55671, #Foxit Reader < 5.0.2.0718 Multiple Vulnerabilities
|
39
|
+
57050, #Foxit Reader < 5.1.3.1201 Memory Corruption RCE
|
40
|
+
62063, #Foxit Reader < 5.3 Cross-References RCE
|
41
|
+
62384, #Foxit Reader < 5.4.3 Trojan DLL Injection
|
42
|
+
72723, #Foxit Reader < 6.1.4 Trojan DLL Injection
|
43
|
+
62064, #Foxit Reader < 5.4 Trojan DLL Injection
|
44
|
+
86698, #Foxit Reader < 7.2 Multiple Vulnerabilities
|
45
|
+
90567, #Foxit Reader < 7.3.4 Multiple Vulnerabilities
|
46
|
+
101524, #Foxit Reader < 8.3.1 Multiple Vulnerabilities
|
47
|
+
112059, #Foxit Reader < 8.3.7 Multiple Vulnerabilities
|
47
48
|
|
48
49
|
|
49
50
|
]
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,7 +31,7 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Google Chrome Patch Rollup",
|
33
33
|
:plugin_id => -99990,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Google Chrome Patches",
|
35
35
|
:item_name => "Update to the latest Google Chrome",
|
36
36
|
:plugin_ids => [
|
37
37
|
74434,
|
@@ -137,10 +137,38 @@ module Risu
|
|
137
137
|
96828,
|
138
138
|
97724,
|
139
139
|
99136,
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
140
|
+
100679,
|
141
|
+
100991,
|
142
|
+
101980,
|
143
|
+
102993, #Google Chrome < 61.0.3163.79 Multiple Vulnerabilities -
|
144
|
+
103933, #Google Chrome < 62.0.3202.62 Multiple Vulnerabilities
|
145
|
+
105356, #Google Chrome < 63.0.3239.108 Multiple Vulnerabilities
|
146
|
+
106350, #Google Chrome < 62.0.3202.94 Out of bounds read flaw in V8
|
147
|
+
105152, #Google Chrome < 63.0.3239.84 Multiple Vulnerabilities
|
148
|
+
104434, #Google Chrome < 62.0.3202.89 Multiple Vulnerabilities
|
149
|
+
103421, #Google Chrome < 61.0.3163.100 Multiple Vulnerabilities
|
150
|
+
106485, #Google Chrome < 64.0.3282.119 Multiple Vulnerabilities
|
151
|
+
106840, #Google Chrome < 64.0.3282.167 V8 JSFunction::CalculateInstanceSizeForDerivedClass() RCE
|
152
|
+
107220, #Google Chrome < 65.0.3325.146 Multiple Vulnerabilities
|
153
|
+
110228, #Google Chrome < 67.0.3396.62 Multiple Vulnerabilities
|
154
|
+
109395, #Google Chrome < 66.0.3359.117 Multiple Vulnerabilities
|
155
|
+
109899, #Google Chrome < 66.0.3359.170 Multiple Vulnerabilities
|
156
|
+
111383, #Google Chrome < 68.0.3440.75 Multiple Vulnerabilities
|
157
|
+
117333, #Google Chrome < 69.0.3497.81 Multiple Vulnerabilities
|
158
|
+
117429, #Google Chrome < 69.0.3497.92 Vulnerability
|
159
|
+
118153, #Google Chrome < 70.0.3538.67 Multiple Vulnerabilities
|
160
|
+
117636, #Google Chrome < 69.0.3497.100 Vulnerability
|
161
|
+
122853, #Google Chrome < 73.0.3683.75 Multiple Vulnerabilities
|
162
|
+
121514, #Google Chrome < 72.0.3626.81 Multiple Vulnerabilities
|
163
|
+
118887, #Google Chrome < 70.0.3538.102 Vulnerability
|
164
|
+
119097, #Google Chrome < 70.0.3538.110 Vulnerability
|
165
|
+
119558, #Google Chrome < 71.0.3578.80 Multiple Vulnerabilities
|
166
|
+
122246, #Google Chrome < 72.0.3626.96 Vulnerability
|
167
|
+
122617, #Google Chrome < 72.0.3626.121 Vulnerability
|
168
|
+
124279, #Google Chrome < 74.0.3729.108 Multiple Vulnerabilities
|
169
|
+
124460, #Google Chrome < 74.0.3729.131 Multiple Vulnerabilities
|
170
|
+
125371, #Google Chrome < 74.0.3729.157 Vulnerability
|
171
|
+
125952, #Google Chrome < 75.0.3770.90 Vulnerability
|
144
172
|
]
|
145
173
|
}
|
146
174
|
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,7 +31,7 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "HP System Management Homepage Patch Rollup",
|
33
33
|
:plugin_id => -99985,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest HP System Management Homepage Patches",
|
35
35
|
:item_name => "Update to the latest HP System Management Homepage",
|
36
36
|
:plugin_ids => [
|
37
37
|
53532,
|
@@ -56,7 +56,7 @@ module Risu
|
|
56
56
|
90251,
|
57
57
|
91222,
|
58
58
|
94654,
|
59
|
-
|
59
|
+
103530, #HP System Management Homepage < 7.6.1 Multiple Vulnerabilities (HPSBMU03753)
|
60
60
|
|
61
61
|
|
62
62
|
]
|
@@ -0,0 +1,50 @@
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
|
+
#
|
3
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
# of this software and associated documentation files (the "Software"), to deal
|
5
|
+
# in the Software without restriction, including without limitation the rights
|
6
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
# copies of the Software, and to permit persons to whom the Software is
|
8
|
+
# furnished to do so, subject to the following conditions:
|
9
|
+
#
|
10
|
+
# The above copyright notice and this permission notice shall be included in
|
11
|
+
# all copies or substantial portions of the Software.
|
12
|
+
#
|
13
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
# THE SOFTWARE.
|
20
|
+
|
21
|
+
|
22
|
+
module Risu
|
23
|
+
module Parsers
|
24
|
+
module Nessus
|
25
|
+
module PostProcess
|
26
|
+
class ILoRollup < Risu::Base::PostProcessBase
|
27
|
+
|
28
|
+
#
|
29
|
+
def initialize
|
30
|
+
@info =
|
31
|
+
{
|
32
|
+
:description => "iLO Patch Rollup",
|
33
|
+
:plugin_id => -99942,
|
34
|
+
:plugin_name => "Missing the latest iLO",
|
35
|
+
:item_name => "Update to the latest iLO",
|
36
|
+
:plugin_ids => [
|
37
|
+
122032, #iLO 4 < 2.60 / iLO 5 < 1.30 Multiple Vulnerabilities
|
38
|
+
125342, #iLO 4 < 2.70 / iLO 5 < 1.40a Multiple Vulnerabilities
|
39
|
+
122095, #iLO 4 < 2.53 Remote Code Execution Vulnerability
|
40
|
+
122187, #iLO 3 < 1.88 / iLO 4 < 2.44 XSS Vulnerability
|
41
|
+
122191, #iLO 3 < 1.85 / iLO 4 < 2.22 Denial of Service Vulnerability
|
42
|
+
102803, #HP iLO 4 <= 2.52 RCE
|
43
|
+
]
|
44
|
+
}
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
|
+
#
|
3
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
# of this software and associated documentation files (the "Software"), to deal
|
5
|
+
# in the Software without restriction, including without limitation the rights
|
6
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
# copies of the Software, and to permit persons to whom the Software is
|
8
|
+
# furnished to do so, subject to the following conditions:
|
9
|
+
#
|
10
|
+
# The above copyright notice and this permission notice shall be included in
|
11
|
+
# all copies or substantial portions of the Software.
|
12
|
+
#
|
13
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
# THE SOFTWARE.
|
20
|
+
|
21
|
+
|
22
|
+
module Risu
|
23
|
+
module Parsers
|
24
|
+
module Nessus
|
25
|
+
module PostProcess
|
26
|
+
class IntelMgtServerPatchRollup < Risu::Base::PostProcessBase
|
27
|
+
|
28
|
+
#
|
29
|
+
def initialize
|
30
|
+
@info =
|
31
|
+
{
|
32
|
+
:description => "Intel Management Engine Patch Rollup",
|
33
|
+
:plugin_id => -99951,
|
34
|
+
:plugin_name => "Missing the latest Intel Management Engine Patches",
|
35
|
+
:item_name => "Update to the latest Intel Management Engine",
|
36
|
+
:plugin_ids => [
|
37
|
+
97998, #Intel Management Engine Insecure Read / Write Operations RCE (INTEL-SA-00075)
|
38
|
+
97999, #Intel Management Engine Authentication Bypass (INTEL-SA-00075)
|
39
|
+
97997, #Intel Management Engine Insecure Read / Write Operations RCE (INTEL-SA-00075)
|
40
|
+
]
|
41
|
+
}
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,7 +31,7 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "IrfanView Patch Rollup",
|
33
33
|
:plugin_id => -99958,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest IrfanView Patches",
|
35
35
|
:item_name => "Update to the latest IrfanView",
|
36
36
|
:plugin_ids => [
|
37
37
|
68888,
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,71 +31,77 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "Java Patch Rollup",
|
33
33
|
:plugin_id => -99999,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest Java Patches",
|
35
35
|
:item_name => "Update to the latest Java",
|
36
36
|
:plugin_ids => [
|
37
|
-
66932,
|
38
|
-
65995,
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
92516,
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
37
|
+
66932, #Oracle Java SE Multiple Vulnerabilities (June 2013 CPU)
|
38
|
+
65995, #Oracle Java SE Multiple Vulnerabilities (April 2013 CPU)
|
39
|
+
59462, #Oracle Java SE Multiple Vulnerabilities (June 2012 CPU)
|
40
|
+
62593, #Oracle Java SE Multiple Vulnerabilities (October 2012 CPU)
|
41
|
+
45544, #Oracle Java JDK / JRE 6 < Update 20 Multiple Vulnerabilities
|
42
|
+
45379, #Oracle Java SE Multiple Vulnerabilities (March 2010 CPU)
|
43
|
+
65050, #Oracle Java JDK / JRE 6 < Update 43 Remote Code Execution (Windows)
|
44
|
+
63521, #Oracle Java SE 7 < Update 11 Multiple Vulnerabilities
|
45
|
+
65052, #Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution (Windows)
|
46
|
+
49996, #Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)
|
47
|
+
52002, #Oracle Java SE Multiple Vulnerabilities (February 2011 CPU)
|
48
|
+
54997, #Oracle Java SE Multiple Vulnerabilities (June 2011 CPU)
|
49
|
+
55958, #Oracle Java JRE Unsupported Version Detection
|
50
|
+
56566, #Oracle Java SE Multiple Vulnerabilities (October 2011 CPU) (BEAST)
|
51
|
+
57290, #Oracle Java JDK / JRE 6 < Update 30 Multiple Vulnerabilities
|
52
|
+
57959, #Oracle Java SE Multiple Vulnerabilities (February 2012 CPU)
|
53
|
+
64454, #Oracle Java SE Multiple Vulnerabilities (February 2013 CPU)
|
54
|
+
64790, #Oracle Java SE Multiple Vulnerabilities (February 2013 CPU Update 1)
|
55
|
+
76532, #Oracle Java SE Multiple Vulnerabilities (July 2014 CPU)
|
56
|
+
73570, #Oracle Java SE Multiple Vulnerabilities (April 2014 CPU)
|
57
|
+
70472, #Oracle Java SE Multiple Vulnerabilities (October 2013 CPU)
|
58
|
+
71966, #Oracle Java SE Multiple Vulnerabilities (January 2014 CPU)
|
59
|
+
61746, #Oracle Java JDK / JRE 6 < Update 35 SunToolKit getField() and getMethod() Access Issue
|
60
|
+
42373, #Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..)
|
61
|
+
36034, #Sun Java JRE Multiple Vulnerabilities (254569 / 254611 / 254608 ..)
|
62
|
+
40495, #Sun Java JRE Multiple Vulnerabilities (263408 / 263409 / 263428 ..)
|
63
|
+
23931, #Sun Java JRE Multiple Vulnerabilities (102729 / 102732)
|
64
|
+
25370, #Sun Java JRE Image Parsing Vulnerabilities (102934)
|
65
|
+
24022, #Sun Java JRE GIF Image Handling Buffer Overflow (102760)
|
66
|
+
26923, #Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112)
|
67
|
+
35030, #Sun Java JRE Multiple Vulnerabilities (244986 et al)
|
68
|
+
31356, #Sun Java JRE Multiple Vulnerabilities (233321-233327)
|
69
|
+
65048, #Oracle Java JDK / JRE 5 < Update 41 Remote Code Execution (Windows)
|
70
|
+
33488, #Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities
|
71
|
+
78481, #Oracle Java SE Multiple Vulnerabilities (October 2014 CPU)
|
72
|
+
80908, #Oracle Java SE Multiple Vulnerabilities (January 2015 CPU) (POODLE)
|
73
|
+
82820, #Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (FREAK)
|
74
|
+
25124, #Sun Java Web Start Unauthorized Access (102881)
|
75
|
+
25627, #Sun Java Web Start PersistenceService Application Traversal Arbitrary File Overwrite (102957)
|
76
|
+
25903, #Sun Java JRE Font Parsing Privilege Escalation (103024)
|
77
|
+
31344, #Sun Java JRE Applet Handling Privilege Escalation (231261)
|
78
|
+
33487, #Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities
|
79
|
+
25693, #Sun Java Web Start JNLP File Handling Overflow (102996)
|
80
|
+
30148, #Sun Java JRE jpiexp32.dll NULL Pointer Remote DoS
|
81
|
+
61681, #Oracle Java SE 7 < Update 7 Multiple Vulnerabilities
|
82
|
+
84824, #Oracle Java SE Multiple Vulnerabilities (July 2015 CPU) (Bar Mitzvah)
|
83
|
+
33486, #Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities
|
84
|
+
25709, #Sun Java JRE XML Signature Command Injection (102993)
|
85
|
+
86542, #Oracle Java SE Multiple Vulnerabilities (October 2015 CPU)
|
86
|
+
88045, #Oracle Java SE Multiple Vulnerabilities (January 2016 CPU) (SLOTH)
|
87
|
+
90625, #Oracle Java SE Multiple Vulnerabilities (April 2016 CPU)
|
88
|
+
90828, #Oracle Java SE Hotspot JSR 292 Method Handles RCE
|
89
|
+
92516, #Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)
|
90
|
+
92516, #Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)
|
91
|
+
99588, #Oracle Java SE Multiple Vulnerabilities (April 2017 CPU)
|
92
|
+
94138, #Oracle Java SE Multiple Vulnerabilities (October 2016 CPU)
|
93
|
+
96628, #Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (SWEET32)
|
94
|
+
101843, #Oracle Java SE Multiple Vulnerabilities (July 2017 CPU)
|
95
|
+
103963, #Oracle Java SE Multiple Vulnerabilities (October 2017 CPU)
|
96
|
+
30149, #Sun Java JRE External XML Entities Restriction Bypass (231246)
|
97
|
+
106190, #Oracle Java SE Multiple Vulnerabilities (January 2018 CPU)
|
98
|
+
109202, #Oracle Java SE Multiple Vulnerabilities (April 2018 CPU)
|
99
|
+
111163, #Oracle Java SE Multiple Vulnerabilities (July 2018 CPU)
|
100
|
+
118228, #Oracle Java SE Multiple Vulnerabilities (October 2018 CPU)
|
101
|
+
121231, #Oracle Java SE 1.7.x < 1.7.0_211 / 1.8.x < 1.8.0_201 / 1.11.x < 1.11.0_2 Multiple Vulnerabilities (January 2019 CPU)
|
102
|
+
124198, #Oracle Java SE 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1 Multiple Vulnerabilities (Apr 2019 CPU)
|
103
|
+
126821, #Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU)
|
104
|
+
130011, #Oracle Java SE 1.7.0_241 / 1.8.0_231 / 1.11.0_5 / 1.13.0_1 Multiple Vulnerabilities (Oct 2019 CPU) (Windows)
|
99
105
|
|
100
106
|
]
|
101
107
|
}
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# Copyright (c) 2010-
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
2
|
#
|
3
3
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
4
|
# of this software and associated documentation files (the "Software"), to deal
|
@@ -31,7 +31,7 @@ module Risu
|
|
31
31
|
{
|
32
32
|
:description => "LibreOffice Patch Rollup",
|
33
33
|
:plugin_id => -99962,
|
34
|
-
:plugin_name => "
|
34
|
+
:plugin_name => "Missing the latest LibreOffice Patches",
|
35
35
|
:item_name => "Update to the latest LibreOffice",
|
36
36
|
:plugin_ids => [
|
37
37
|
80078,
|
@@ -0,0 +1,73 @@
|
|
1
|
+
# Copyright (c) 2010-2020 Jacob Hammack.
|
2
|
+
#
|
3
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
# of this software and associated documentation files (the "Software"), to deal
|
5
|
+
# in the Software without restriction, including without limitation the rights
|
6
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
# copies of the Software, and to permit persons to whom the Software is
|
8
|
+
# furnished to do so, subject to the following conditions:
|
9
|
+
#
|
10
|
+
# The above copyright notice and this permission notice shall be included in
|
11
|
+
# all copies or substantial portions of the Software.
|
12
|
+
#
|
13
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
# THE SOFTWARE.
|
20
|
+
|
21
|
+
|
22
|
+
module Risu
|
23
|
+
module Parsers
|
24
|
+
module Nessus
|
25
|
+
module PostProcess
|
26
|
+
class MicrosoftOfficeRollup < Risu::Base::PostProcessBase
|
27
|
+
|
28
|
+
#
|
29
|
+
def initialize
|
30
|
+
@info =
|
31
|
+
{
|
32
|
+
:description => "Microsoft Office Patch Rollup",
|
33
|
+
:plugin_id => -99946,
|
34
|
+
:plugin_name => "Missing the latest Microsoft Office Patches",
|
35
|
+
:item_name => "Update to the latest Microsoft Office",
|
36
|
+
:plugin_ids => [
|
37
|
+
22031, #MS06-037: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
|
38
|
+
22032, #MS06-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
|
39
|
+
22033, #MS06-039: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
|
40
|
+
31046, #MS08-012: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (947085)
|
41
|
+
31047, #MS08-013: Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)
|
42
|
+
31413, #MS08-014: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
|
43
|
+
31414, #MS08-015: Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
|
44
|
+
31415, #MS08-016: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
|
45
|
+
91611, #MS16-070: Security Update for Microsoft Office (3163610)
|
46
|
+
92019, #MS16-088: Security Update for Microsoft Office (3170008)
|
47
|
+
92839, #MS16-099: Security Update for Microsoft Office (3177451)
|
48
|
+
125071, #Security Updates for Microsoft Office Products (May 2019)
|
49
|
+
125072, #Security Updates for Microsoft Word Products (May 2019)
|
50
|
+
125832, #Security Updates for Microsoft Word Products (June 2019)
|
51
|
+
118926, #Security Updates for Microsoft Office Viewer Products (November 2018)
|
52
|
+
96391, #MS17-002: Security Update for Microsoft Office (3214291)
|
53
|
+
126580, #Security Updates for Microsoft Excel Products (July 2019)
|
54
|
+
126583, #Security Updates for Microsoft Office Products (July 2019)
|
55
|
+
127853, #Security Updates for Microsoft Office Products (August 2019)
|
56
|
+
108976, #Security Updates for Microsoft Word Products (April 2018)
|
57
|
+
110492, #Security Updates for Microsoft Excel Products (June 2018)
|
58
|
+
122128, #Security Updates for Microsoft Excel Products (February 2019)
|
59
|
+
126585, #Security Updates for Outlook (July 2019)
|
60
|
+
127854, #Security Updates for Outlook (August 2019)
|
61
|
+
127856, #Security Updates for Microsoft Word Products (August 2019)
|
62
|
+
128645, #Security Updates for Microsoft Excel Products (September 2019)
|
63
|
+
128648, #Security Updates for Microsoft Office Products (September 2019)
|
64
|
+
108293, #Security Updates for Microsoft Excel Products (March 2018)
|
65
|
+
|
66
|
+
]
|
67
|
+
}
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|