The version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.x prior to 11.5.7. It is, therefore, affected by a use-after-free error in the XHCI USB Controller. An unauthenticated, local attacker with administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Note that Nessus has not tested for this issue, but has instead relied only on the application's self-reported version number.

OpenOffice, an open-source productivity suite, is installed on the remote macOS or Mac OS X host.

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.0.x prior to 11.5.6. It is, therefore, affected by the following vulnerabilities:

  - A time-of-check time-of-use flaw exists related to ACPI device     handling that allows an authenticated administrator to leak     memory from the vmx process. (CVE-2020-3981)

  - A time-of-check time-of-use flaw exists related to ACPI device     handling that allows an authenticated administrator to crash the     vmx process or corrupt the hypervisor's memory heap.
    (CVE-2020-3982)

  - An unspecified flaw exists related to the VMCI host drivers that     allows an attacker having access to the virtual machine to cause     denial of service conditions via resource exhaustion.
    (CVE-2020-3995)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 11.0.x prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities, including the following:

  - An out-of-bounds write issue that can lead to unexpected application termination or arbitrary code     execution when opening a maliciously crafted PDF file. (CVE-2020-9876)

  - An out-of-bounds write caused by insufficient input validation that can lead to arbitrary code execution     when processing a maliciously crafted image. (CVE-2020-9883)

  - A remote attacker may be able to unexpectedly alter the Mail application date due to insufficient checks.
    (CVE-2020-9941)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-52 advisory.

  - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 87.0.4280.66. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-51 advisory.

  - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 83.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-50 advisory.

  - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2020-15999)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Node.js, a JavaScript runtime built on Chrome's V8   JavaScript engine, is installed on the remote Mac OS X host.

MySQL, a database management system, is installed on the remote Mac OS X host.

The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.198. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop_11 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Microsoft Office on MacOS is affected by a Security Bypass vulnerability.

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.2.8 advisory.

  - In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite     loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset     advancement. (CVE-2020-26575)

  - In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in     epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. (CVE-2020-28030)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.193. It is, therefore, affected by a vulnerability as referenced in the 2020_11_stable-channel-update-for-desktop_9 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.4.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-49 advisory.

  - In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in     an exploitable use-after-free condition. (CVE-2020-26950)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 82.0.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-49 advisory.

  - In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in     an exploitable use-after-free condition. (CVE-2020-26950)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2017.011.30175, 2020.001.30005, or 2020.012.20048. It is, therefore, affected by multiple vulnerabilities.


  - Heap-based buffer overflow potentially leading to Arbitrary Code Execution (CVE-2020-24435)

  - Improper access control potentially leading to Local privilege escalation (CVE-2020-24433)

  - Improper input validation potentially leading to Arbitrary JavaScript Execution (CVE-2020-24432)

  - Signature validation bypass potentially leading to Minimal (defense-in-depth fix) (CVE-2020-24439)

  - Signature verification bypass potentially leading to Local privilege escalation (CVE-2020-24429)

  - Improper input validation potentially leading to Information Disclosure (CVE-2020-24427)

  - Security feature bypass potentially leading to Dynamic library injection (CVE-2020-24431)

  - Out-of-bounds write potentially leading to Arbitrary Code Execution (CVE-2020-24436)

  - Out-of-bounds read potentially leading to Information Disclosure (CVE-2020-24426, CVE-2020-24434)

  - Race Condition potentially leading to Local privilege escalation (CVE-2020-24428)

  - Use-after-free potentially leading to Arbitrary Code Execution (CVE-2020-24430, CVE-2020-24437)

  - Use-after-free potentially leading to Information Disclosure (CVE-2020-24438)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2017.011.30175, 2020.001.30005, or 2020.012.20048. It is, therefore, affected by multiple vulnerabilities.

  - Heap-based buffer overflow potentially leading to Arbitrary Code Execution (CVE-2020-24435)

  - Improper access control potentially leading to Local privilege escalation (CVE-2020-24433)

  - Improper input validation potentially leading to Arbitrary JavaScript Execution (CVE-2020-24432)

  - Signature validation bypass potentially leading to Minimal (defense-in-depth fix) (CVE-2020-24439)

  - Signature verification bypass potentially leading to Local privilege escalation (CVE-2020-24429)

  - Improper input validation potentially leading to Information Disclosure (CVE-2020-24427)

  - Security feature bypass potentially leading to Dynamic library injection (CVE-2020-24431)

  - Out-of-bounds write potentially leading to Arbitrary Code Execution (CVE-2020-24436)

  - Out-of-bounds read potentially leading to Information Disclosure (CVE-2020-24426, CVE-2020-24434)

  - Race Condition potentially leading to Local privilege escalation (CVE-2020-24428)

  - Use-after-free potentially leading to Arbitrary Code Execution (CVE-2020-24430, CVE-2020-24437)

  - Use-after-free potentially leading to Information Disclosure (CVE-2020-24438)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.2.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.2.8 advisory.

  - Injecting a malformed packet onto the wire or convincing someone to read a malformed packet trace file can     cause the GQUIC protocol dissector to crash.

  - Injecting a malformed packet onto the wire or convincing someone to read a malformed packet trace file can     cause the FBZERO protocol dissector to crash.
 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.183. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_11_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-47 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 82.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-45 advisory.

  - Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the     bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number     of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The     destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes     described above. This is unsound and causing deallocation with the incorrect capacity when     `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed     in crossbeam-channel 0.4.4. (CVE-2020-15254)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-46 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 32.0.0.433. It is therefore affected by a NULL pointer dereference flaw. An unauthenticated, remote attacker can exploit this, by inserting malicious strings in an HTTP response, to execute arbitrary code in the context of the current user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Microsoft Office product installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

  - A remote code execution vulnerability exists when the Base3D rendering engine handles memory. An attacker     who successfully exploited the vulnerability would gain execution on a victim system. (CVE-2020-16918)

  - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to     properly handle objects in memory. An attacker who successfully exploited the vulnerability could run     arbitrary code in the context of the current user. (CVE-2020-16929)

  - A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle     .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to     perform actions in the security context of the current user. (CVE-2020-16933)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 86.0.4240.75. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ESET Cyber Security, a commercial antivirus software package, is installed on the remote macOS host.

McAfee Endpoint Security, a security application with multiple optional modules, is installed on the remote macOS host.

The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-004, 10.14.x prior to 10.14.6 Security Update 2020-004, or 10.15.x prior to 10.15.6. It is, therefore, affected by multiple vulnerabilities, including the following:

  - A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious     access point, or an adjacent user, to determine if a connected user is using a VPN, make positive     inferences about the websites they are visiting, and determine the correct sequence and acknowledgement     numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that     is needed for an attacker to hijack active connections inside the VPN tunnel. (CVE-2019-14899)

  - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote     denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an     off-by-one error in _sasl_add_string in common.c in cyrus-sasl. (CVE-2019-19906)

  - In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands     via scripting interfaces (e.g., Python, Ruby, or Lua). (CVE-2019-20807)

  - rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the     synchronization path. (CVE-2014-9512)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-005, 10.14.x prior to 10.14.6 Security Update 2020-005, or 10.15.x prior to 10.15.7. It is, therefore, affected by multiple vulnerabilities, as follows:

  - Processing a maliciously crafted image may lead to arbitrary code execution. (CVE-2020-9961)

  - A remote attacker may be able to unexpectedly alter application state. (CVE-2020-9941)

  - Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary     code execution. (CVE-2020-9973)

  - A malicious application may be able to access restricted files. (CVE-2020-9968)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

Symantec Endpoint Protection, a commercial antivirus software package, is installed on the remote macOS host.

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.6.20. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.6.20 advisory.

  - The MIME Multipart dissector could crash. It may be possible to make Wireshark crash by injecting a     malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
    (CVE-2020-25863)

  - The TCP dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet     onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2020-25862)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.0.14. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.0.14 advisory.

  - The MIME Multipart dissector could crash. It may be possible to make Wireshark crash by injecting a     malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
    (CVE-2020-25863)

  - The TCP dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet     onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2020-25862)

  - The BLIP dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet     onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2020-25866)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.x. It is, therefore, affected by a privilege escalation vulnerability due to the way it allows configuring the system wide path. An authenticated, local attacker with normal user privileges can exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.2.7. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.2.7 advisory.

  - The MIME Multipart dissector could crash. It may be possible to make Wireshark crash by injecting a     malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
    (CVE-2020-25863)

  - The TCP dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet     onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2020-25862)

  - The BLIP dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet     onto the wire or by convincing someone to read a malformed packet trace file. (CVE-2020-25866)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-43 advisory.

  - By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site     displayed in the download file dialog to show the original site (the one suffering from the open redirect)     rather than the site the file was actually downloaded from. (CVE-2020-15677)

  - Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove,     resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable     element. (CVE-2020-15676)

  - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in     a potential use-after-free. This occurs because the function     APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules.
    (CVE-2020-15678)

  - Mozilla developer Jason Kratzer reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2020-15673)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 81.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-42 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 85.0.4183.121. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_09_stable-channel-update-for-desktop_21 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe InDesign installed on the remote macOS or Mac OS X host is prior to 15.1.2. It is, therefore, affected by an arbitrary code execution vulnerability that exists due to insecure handling of indd files. An attacker can exploit this issue to cause an out-of-bounds memory access, potentially resulting in code execution in the context of the current user.

According to its self-reported version, Cisco Webex Meetings Client for MacOS is affected by an information disclosure vulnerability in the multicast DNS (mDNS) protocol configuration due to sensitive information being included in the mDNS reply. An unauthenticated, adjacent attacker can exploit this, by doing an mDNS query for a particular service against an affected device, to obtain sensitive information about the device on which the Webex client is running.

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

The version of Google Chrome installed on the remote macOS host is prior to 85.0.4183.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_09_stable-channel-update-for-desktop advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Slack, a team collaboration tool, is installed on the remote Mac OS X host.

Check Point Endpoint Security SandBlast Agent which provides unified management, policy enforcement, threat prevention, and detection is installed on the remote macOS host.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-40 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-41 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote macOS host is prior to 85.0.4183.83. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_08_stable-channel-update-for-desktop_25 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-38 advisory.

  - If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute     updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service     does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous     version which would have allowed exploitation of an older bug and arbitrary code execution with System     Privileges.Note: This issue only affected Windows operating systems. Other operating systems are     unaffected. (CVE-2020-15663)

  - By holding a reference to the eval() function from an about:blank window, a malicious webpage     could have gained access to the InstallTrigger object which would allow them to prompt the user to install     an extension. Combined with user confusion, this could result in an unintended or malicious extension     being installed. (CVE-2020-15664)

  - Mozilla developers Jason Kratzer, Christian Holler, Byron Campen, Tyson Smith reported memory safety bugs     present in Firefox 79 and Firefox ESR 78.1. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code.
    (CVE-2020-15670)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 80.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-36 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-37 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Severity
143222	VMware Fusion 11.x < 11.5.7 Use-after-free (VMSA-2020-0026)	High
143218	OpenOffice Installed (macOS)	Info
143117	VMware Fusion 11.0.x < 11.5.6 Multiple Vulnerabilities (VMSA-2020-0023)	Medium
143115	macOS 11.0.x < 11.0.1	Medium
143059	Mozilla Thunderbird < 78.5	High
142970	Google Chrome < 87.0.4280.66 Multiple Vulnerabilities	Critical
142912	Mozilla Firefox ESR < 78.5	High
142911	Mozilla Firefox < 83.0	High
142903	Node.js Installed (Mac OS X)	Info
142902	MySQL Installed (Mac OS X)	Info
142718	Google Chrome < 86.0.4240.198 Multiple Vulnerabilities	Critical
142717	Security Updates for Microsoft Office Products (November 2020) (macOS)	Medium
142677	Wireshark 3.2.x < 3.2.8 Multiple Vulnerabilities (macOS)	Medium
142642	Google Chrome < 86.0.4240.193 Vulnerability	High
142612	Mozilla Firefox ESR < 78.4.1	High
142610	Mozilla Firefox < 82.0.3	High
142468	Adobe Acrobat <= 2017.011.30175 / 2020.001.30005 / 2020.012.20048 Multiple Vulnerabilities (APSB20-67) (macOS)	High
142465	Adobe Reader <= 2017.011.30175 / 2020.001.30005 / 2020.012.20048 Multiple Vulnerabilities (APSB20-67) (macOS)	High
142422	Wireshark 3.2.x < 3.2.8 Multiple Vulnerabilities (macOS)	High
142208	Google Chrome < 86.0.4240.183 Multiple Vulnerabilities	High
141776	Mozilla Thunderbird < 78.4	High
141574	Google Chrome < 86.0.4240.111 Multiple Vulnerabilities	Medium
141572	Mozilla Firefox < 82.0	High
141569	Mozilla Firefox ESR < 78.4	High
141492	Adobe Flash Player for Mac <= 32.0.0.433 (APSB20-58)	High
141470	Security Updates for Microsoft Office (October 2020) (macOS)	High
141195	Google Chrome < 86.0.4240.75 Multiple Vulnerabilities	Medium
141173	ESET Cyber Security Installed (macOS)	Info
141105	McAfee Endpoint Security Installed (macOS)	Info
141100	macOS 10.15.x < 10.15.6 / 10.14.x < 10.14.6 Security Update 2020-004 / 10.13.x < 10.13.6 Security Update 2020-004	Critical
141099	10.13.x < 10.13.6 Security Update 2020-005 / 10.14.x < 10.14.6 Security Update 2020-005 / 10.15.x < 10.15.7	High
141082	Symantec Endpoint Protection Installed (macOS)	Info
140776	Wireshark 2.6.x < 2.6.20 Multiple Vulnerabilities (macOS)	Medium
140774	Wireshark 3.0.x < 3.0.14 Multiple Vulnerabilities (macOS)	Medium
140771	VMware Fusion 11.x Privilege Escalation (VMSA-2020-0020)	Low
140756	Wireshark 3.2.x < 3.2.7 Multiple Vulnerabilities (macOS)	Medium
140733	Mozilla Firefox ESR < 78.3	Medium
140731	Mozilla Firefox < 81.0	Medium
140699	Google Chrome < 85.0.4183.121 Multiple Vulnerabilities	Medium
140605	Adobe InDesign CC < 15.1.2 Arbitrary Code Execution (APSB20-52) (macOS)	Medium
140456	Cisco Webex Meetings Client for MacOS Information Disclosure (cisco-sa-webex-info-disc-OHqg982)	Low
140405	Google Chrome < 85.0.4183.102 Multiple Vulnerabilities	Medium
140215	Slack Installed (Mac OS X)	Info
139914	Check Point Endpoint Security SandBlast Agent Installed (macOS)	Info
139869	Mozilla Thunderbird < 68.12	High
139867	Mozilla Thunderbird < 78.2	High
139793	Google Chrome < 85.0.4183.83 Multiple Vulnerabilities	High
139790	Mozilla Firefox ESR < 78.2	High
139788	Mozilla Firefox < 80.0	High
139786	Mozilla Firefox ESR < 68.12	High

MacOS X Local Security Checks Family for Nessus