The remote host is affected by the vulnerability described in GLSA-202006-23 (Cyrus IMAP Server: Access restriction bypass)

    An issue was discovered in Cyrus IMAP Server where sieve script       uploading is excessively trusted.
  Impact :

    A user can use a sieve script to create any mailbox with administrator       privileges.
  Workaround :

    Disable sieve script uploading until the upgrade is complete.

The remote host is affected by the vulnerability described in GLSA-202006-22 (OpenJDK, IcedTea: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenJDK and IcedTea.
      Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-21 (Apache Tomcat: Remote code execution)

    Apache Tomcat improperly handles deserialization of files under specific       circumstances.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-20 (Asterisk: Root privilege escalation)

    It was discovered that Gentoo&rsquo;s Asterisk ebuild does not properly set       permissions on its data directories. This only affects OpenRC systems, as       the flaw was exploitable via the init script.
  Impact :

    A local attacker could escalate privileges.
  Workaround :

    Users should ensure the proper permissions are set as discussed in the       referenced bugs. Do not run /etc/init.d/asterisk checkperms.

The remote host is affected by the vulnerability described in GLSA-202006-19 (Mozilla Thunderbird: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
      Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-18 (Bubblewrap: Arbitrary code execution)

    Bubblewrap misuses temporary directories in /tmp as a mount point.
  Impact :

    This flaw may allow possible execution of code or prevention of running       Bubblewrap.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-17 (FAAD2: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in FAAD2. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-16 (PCRE2: Denial of service)

    PCRE2 has a flaw when handling JIT-compiled regex using the \\X pattern.
  Impact :

    An attacker could cause a possible Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-15 (OpenConnect: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenConnect. Please       review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-14 (PEAR Archive_Tar: Remote code execution vulnerability)

    An issue was discovered in the PEAR module Archive_Tar&rsquo;s handling of       file paths within Tar achives.
  Impact :

    A local or remote attacker could possibly execute arbitrary code with       the privileges of the process.
  Workaround :

    Avoid handling untrusted Tar files with this package until you have       upgraded to a non-vulnerable version.

The remote host is affected by the vulnerability described in GLSA-202006-13 (json-c: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in json-c. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote/local attacker could send a specially crafted file possibly       resulting in a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-12 (GNU Mailutils: Privilege escalation)

    GNU Mailutils runs maidag by default with setuid root permissions.
  Impact :

    An attacker can use this to write to arbitrary files as root.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-11 (Ansible: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Ansible. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-10 (GNU Readline: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in GNU Readline. Please       review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-09 (Adobe Flash Player: Arbitrary code execution)

    An unspecified flaw has been discovered in Adobe Flash Player.
  Impact :

    This flaw can be exploited by attackers for remote code execution.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-08 (WebKitGTK+: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in WebKitGTK+. Please       review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-07 (Mozilla Firefox: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox. Please       review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-06 (ssvnc: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in ssvnc. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-05 (Nokogiri: Command injection)

    A command injection vulnerability in Nokogiri allows commands to be       executed in a subprocess by Ruby&rsquo;s Kernel.open method. Processes are       vulnerable only if the undocumented method       Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process.
  Workaround :

    Avoid calling the undocumented method Nokogiri::CSS::Tokenizer#load_file       with untrusted user input.

The remote host is affected by the vulnerability described in GLSA-202006-04 (glibc: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in glibc. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-02 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-03 (Perl: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Perl. Please review the       CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202006-01 (GnuTLS: Information disclosure)

    A flaw was reported in the TLS session ticket key construction in       GnuTLS.
  Impact :

    A remote attacker could recover previous conversations in TLS 1.2 and       obtain sensitive information or conduct a man-in-the-middle attack to       bypass authentication in TLS 1.3.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-13 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-12 (OpenSLP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenSLP. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-11 (VLC: Buffer overflow)

    A buffer overflow in DecodeBlock in sdl_image.c was discovered.
  Impact :

    A remote user could craft a specifically crafted image file that could       execute arbitrary code or cause denial of service.
  Workaround :

    The user should refrain from opening files from untrusted third parties       or accessing untrusted remote sites (or disable the VLC browser plugins),       until they upgrade.

The remote host is affected by the vulnerability described in GLSA-202005-10 (libmicrodns: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libmicrodns. Please       review the CVE identifiers and the upstream advisory referenced below for       details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-09 (Python: Denial of Service)

    An issue was discovered in urllib.request.AbstractBasicAuthHandler which       allowed a remote attacker to send malicious data causing extensive       regular expression backtracking.
  Impact :

    An attacker could cause a possible Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-08 (Xen: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Xen. Please review the       CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-07 (FreeRDP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in FreeRDP. Please review       the CVE identifiers referenced below for details.
  Impact :

    An attacker could possibly cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-06 (LIVE555 Media Server: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in LIVE555 Media Server.
      Please review the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-05 (Squid: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Squid. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-04 (Mozilla Firefox: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page, possibly resulting in the execution of arbitrary code with the       privileges of the process, an information leak or a Denial of Service       condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-03 (Mozilla Thunderbird: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
      Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker may be able to execute arbitrary code, cause a Denial       of Service condition or spoof sender email address.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-02 (QEMU: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in QEMU. Please review the       CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202005-01 (Long Range ZIP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Long Range ZIP. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted       archive file possibly resulting in a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-17 (Django: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Django. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker, by sending specially crafted input, could possibly       cause a Denial of Service condition, or alter the database.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-16 (Cacti: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Cacti. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-15 (libu2f-host: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libu2f-host. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to plug-in a malicious USB device,       possibly resulting in execution of arbitrary code with the privileges of       the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-14 (FontForge: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in FontForge. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted font       using FontForge, possibly resulting in execution of arbitrary code with       the privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-13 (Git: Information disclosure)

    Multiple vulnerabilities have been discovered in Git. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker, by providing a specially crafted URL, could possibly       trick Git into returning credential information for a wrong host.
  Workaround :

    Disabling credential helpers will prevent this vulnerability.

The remote host is affected by the vulnerability described in GLSA-202004-12 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the referenced CVE identifiers for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted HTML       or multimedia file using Chromium or Google Chrome, possibly resulting in       execution of arbitrary code with the privileges of the process or a       Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-11 (Mozilla Firefox: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page, possibly resulting in the execution of arbitrary code with the       privileges of the process, an information leak or a Denial of Service       condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-10 (OpenSSL: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenSSL. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could perform a malicious crafted TLS 1.3 handshake       against an application using OpenSSL, possibly resulting in a Denial of       Service condition.
    In addition, it&rsquo;s feasible that an attacker might attack DH512.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-09 (Chromium, Google Chrome: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Chromium and Google       Chrome. Please review the referenced CVE identifiers for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted HTML       or multimedia file using Chromium or Google Chrome, possibly resulting in       execution of arbitrary code with the privileges of the process or a       Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-08 (libssh: Denial of Service)

    It was discovered that libssh could crash when AES-CTR ciphers are used.
  Impact :

    A remote attacker running a malicious client or server could possibly       crash the counterpart implemented with libssh and cause a Denial of       Service condition.
  Workaround :

    Disable AES-CTR ciphers. If you implement a server using libssh it is       recommended to use a prefork model so each session runs in an own       process.

The remote host is affected by the vulnerability described in GLSA-202004-07 (Mozilla Firefox: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page, possibly resulting in the execution of arbitrary code with the       privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-06 (GnuTLS: DTLS protocol regression)

    It was discovered that DTLS client did not contribute any randomness to       the DTLS negotiation.
  Impact :

    Please review the referenced advisory for details.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-05 (ledger: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in ledger. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to process a specially crafted       file using ledger, possibly resulting in execution of arbitrary code with       the privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-202004-04 (Qt WebEngine: Arbitrary code execution)

    A use-after-free vulnerability has been found in the audio component of       Qt WebEngine.
  Impact :

    A remote attacker could entice a user to open a specially crafted media       file in an application linked against Qt WebEngine, possibly resulting in       execution of arbitrary code with the privileges of the process or a       Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

ID	Name	Severity
137460	GLSA-202006-23 : Cyrus IMAP Server: Access restriction bypass	Low
137459	GLSA-202006-22 : OpenJDK, IcedTea: Multiple vulnerabilities	Medium
137458	GLSA-202006-21 : Apache Tomcat: Remote code execution	Medium
137457	GLSA-202006-20 : Asterisk: Root privilege escalation	High
137456	GLSA-202006-19 : Mozilla Thunderbird: Multiple vulnerabilities	Medium
137455	GLSA-202006-18 : Bubblewrap: Arbitrary code execution	Medium
137454	GLSA-202006-17 : FAAD2: Multiple vulnerabilities	Medium
137453	GLSA-202006-16 : PCRE2: Denial of service	Medium
137452	GLSA-202006-15 : OpenConnect: Multiple vulnerabilities	High
137451	GLSA-202006-14 : PEAR Archive_Tar: Remote code execution vulnerability	Medium
137450	GLSA-202006-13 : json-c: Multiple vulnerabilities	Medium
137449	GLSA-202006-12 : GNU Mailutils: Privilege escalation	Medium
137448	GLSA-202006-11 : Ansible: Multiple vulnerabilities	Medium
137447	GLSA-202006-10 : GNU Readline: Multiple vulnerabilities	Low
137446	GLSA-202006-09 : Adobe Flash Player: Arbitrary code execution	Critical
137445	GLSA-202006-08 : WebKitGTK+: Multiple vulnerabilities	High
137444	GLSA-202006-07 : Mozilla Firefox: Multiple vulnerabilities	Medium
137443	GLSA-202006-06 : ssvnc: Multiple vulnerabilities	High
137442	GLSA-202006-05 : Nokogiri: Command injection	High
137441	GLSA-202006-04 : glibc: Multiple vulnerabilities	High
137440	GLSA-202006-02 : Chromium, Google Chrome: Multiple vulnerabilities	Medium
137383	GLSA-202006-03 : Perl: Multiple vulnerabilities	High
137288	GLSA-202006-01 : GnuTLS: Information disclosure	Medium
136643	GLSA-202005-13 : Chromium, Google Chrome: Multiple vulnerabilities	Medium
136642	GLSA-202005-12 : OpenSLP: Multiple vulnerabilities	High
136641	GLSA-202005-11 : VLC: Buffer overflow	Medium
136640	GLSA-202005-10 : libmicrodns: Multiple vulnerabilities	High
136639	GLSA-202005-09 : Python: Denial of Service	High
136638	GLSA-202005-08 : Xen: Multiple vulnerabilities	Medium
136637	GLSA-202005-07 : FreeRDP: Multiple vulnerabilities	Medium
136636	GLSA-202005-06 : LIVE555 Media Server: Multiple vulnerabilities	High
136542	GLSA-202005-05 : Squid: Multiple vulnerabilities	High
136541	GLSA-202005-04 : Mozilla Firefox: Multiple vulnerabilities	Critical
136540	GLSA-202005-03 : Mozilla Thunderbird: Multiple vulnerabilities	Critical
136539	GLSA-202005-02 : QEMU: Multiple vulnerabilities	High
136538	GLSA-202005-01 : Long Range ZIP: Multiple vulnerabilities	Medium
136216	GLSA-202004-17 : Django: Multiple vulnerabilities	High
136215	GLSA-202004-16 : Cacti: Multiple vulnerabilities	High
136214	GLSA-202004-15 : libu2f-host: Multiple vulnerabilities	Medium
136213	GLSA-202004-14 : FontForge: Multiple vulnerabilities	High
135949	GLSA-202004-13 : Git: Information disclosure	Medium
135948	GLSA-202004-12 : Chromium, Google Chrome: Multiple vulnerabilities	Medium
135947	GLSA-202004-11 : Mozilla Firefox: Multiple vulnerabilities	High
135946	GLSA-202004-10 : OpenSSL: Multiple vulnerabilities	Medium
135427	GLSA-202004-09 : Chromium, Google Chrome: Multiple vulnerabilities	Medium
135426	GLSA-202004-08 : libssh: Denial of Service	Medium
135216	GLSA-202004-07 : Mozilla Firefox: Multiple vulnerabilities	Medium
135195	GLSA-202004-06 : GnuTLS: DTLS protocol regression	Medium
135116	GLSA-202004-05 : ledger: Multiple vulnerabilities	Medium
135115	GLSA-202004-04 : Qt WebEngine: Arbitrary code execution	Medium

Gentoo Local Security Checks Family for Nessus