The version of Macrium Reflect installed on the remote Windows host is prior to version 7.3.5281. It is, therefore, affected by a privilege escalation vulnerability related to the OpenSSL component. An unprivileged Windows user can exploit this, by creating the appropriate path to a specially-crafted openssl.cnf in order to execute arbitrary code with SYSTEM privileges.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Macrium Reflect, a backup utility for Microsoft Windows, is installed on the remote host.

Citrix Gateway Plug-in for Windows is installed on the remote host.

The version of Citrix Gateway Plug-in for Windows is 12.1 prior to 12.1.59.16 or 13.0 prior to 13.0.64.35. It is, therefore, affected by multiple vulnerabilities that, if exploited, can result in a local user escalating their privilege level to SYSTEM.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.50.1. It is, therefore, affected by the following vulnerability:

  - A remote code execution vulnerability exists in Visual Studio Code when a   user is tricked into opening a malicious 'package.json' file. An attacker who   successfully exploited the vulnerability could run arbitrary code in the   context of the current user. If the current user is logged on with   administrative user rights, an attacker could take control of the affected   system. An attacker could then install programs; view, change, or delete   data; or create new accounts with full user rights. To exploit this   vulnerability, an attacker would need to convince a target to clone a   repository and open it in Visual Studio Code. Attacker-specified code would   execute when the target opens the malicious 'package.json' file.
  (CVE-2020-17023)

The version of Adobe Media Encoder installed on the remote host is prior to 14.5. It is, therefore, affected by an uncontrolled search path vulnerability that could be exploited by a local unauthenticated attacker, leading to an arbitrary code execution in the context of the current user. A local unauthenticated attacker that could result in the context of the current user.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Photoshop or Adobe Photoshop CC installed on the remote Windows host is prior to 21.2.3 (2020.2.3). It is, therefore, affected by a vulnerability as referenced in the apsb20-63 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe InDesign installed on the remote Windows host is prior or equal to 15.1.2. It is, therefore, affected by an Arbitrary Code Execution vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

The version of Adobe Dreamweaver installed on the remote Windows host is a version prior or equal to 20.2. It is, therefore, affected by a privilege escalation vulnerability due to uncontrolled search path functionality. An authenticated, local attacker can exploit this to escalate their privileges on an affected host. 

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version

The version of Adobe After Effects installed on the remote Windows host is prior or equal to 17.1.1. It is, therefore, affected by multiple vulnerabilities.

  - An out-of-bounds read vulnerability exists when parsing a crafted .aepx file, which could result in a read     past the end of an allocated memory structure. An unauthenticated, local  attacker could exploit this to     execute code in the context of the current user. This vulnerability requires user interaction to exploit.
    (CVE-2020-24418)

  - An uncontrolled search path vulnerability exists. An unauthenticated, local attacker can exploit this to     to execute arbitrary code in the context of the current user. Exploitation of this issue requires user     interaction in that a victim must open a malicious file.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

The instance of McAfee ePolicy Orchestrator installed on the remote host is affected by multiple vulnerabilities including the following:

  - Multiple denial of service (DoS) vulnerabilities exist in McAfee ePolicy Orchestrator's bundled component Apache   Tomcat due to insufficient validation of user input. An unauthenticated, remote attacker can exploit these issues,   by sending specially crafted requests to an affected host, to impose DoS conditions (CVE-2020-9484, CVE-2020-13935). 

  - An authentication bypass vulnerability exists in McAfee ePolicy Orchestrator. An unauthenticated, remote attacker   can exploit this, to bypass authentication and access / update sensitive data (CVE-2020-14621).

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version

The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.51. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-10-22-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Creative Cloud Desktop installed on the remote Windows host is prior to version 5.3.
It is, therefore, affected by arbitrary code execution vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Illustrator CC on the remote Windows hosts is prior to 25.0. It is, therefore, affected multiple vulnerabilities which could lead to arbitrary code execution in the context of current user on the remote host. An unauthenticated, attacker could exploit these issues to execute arbitrary commands on the host.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of VMware Horizon Client for Windows installed on the remote host is less than 5.5.0. It is, therefore, affected by a denial of service (DoS) vulnerability due to a file system access control issue during install time. An unauthenticated, local attacker can exploit this, via symbolic links, to overwrite certain admin privileged files causing a denial of service condition.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Oracle (formerly Sun) Java SE or Java for Business installed on the remote host is prior to 7 Update 281, 8 Update 271, 11 Update 9, or 15 Update 1. It is, therefore, affected by multiple vulnerabilities related to the following components as referenced in the October 2020 CPU advisory:

  - Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java).
    Supported versions that are affected are 19.3.3 and 20.2.0. Easily exploitable vulnerability allows     unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM     Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a     subset of Oracle GraalVM Enterprise Edition accessible data. (CVE-2020-14803)

  - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported     versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to     exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other     than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or     delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to     a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of     Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java     applets. It can also be exploited by supplying data to APIs in the specified Component without using     sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
    (CVE-2020-14792)

  - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported     versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to     exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to     compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized     read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server     deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and     sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component     without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web     service. (CVE-2020-14781)


Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Animate installed on the remote Windows host is version less than or equal to 20.5. It is, therefore, affected by multiple vulnerabilities caused by a double-free error, a stack-based buffer overflow, and out-of-bounds reads, all of which could lead to arbitrary code execution.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Adobe Animate, a multimedia authoring and computer animation program, is installed on the remote host.

The version of Adobe Premiere Pro installed on the remote Windows host is prior to 14.5. It is, therefore, affected by an out-of-bounds read vulnerability that could lead to Arbitrary Code Execution.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

Windows Migration Assistant, a tool used to help migrate pictures, contacts, and other data from a Windows PC to a macOS or Mac OS X system, is installed on the remote Windows host.

According to its self-reported version number, the version of Windows Migration Assistant installed on the remote host is prior to 2.2.0.0. It is, therefore, affected by an arbitrary code execution vulnerability due to a dynamic library loading issue. An unauthenticated, local attacker can exploit this, by running the installer in an untrusted directory, to execute arbitrary code in the context of the current OS user.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The McAfee File and Removable Media Protection  on the remote host.

The version of Thunderbird installed on the remote Windows host is prior to 78.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-47 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Google Chrome installed on the remote Windows host is prior to 86.0.4240.111. It is, therefore, affected by multiple vulnerabilities as referenced in the 2020_10_stable-channel-update-for-desktop_20 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 82.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-45 advisory.

  - Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the     bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number     of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The     destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes     described above. This is unsound and causing deallocation with the incorrect capacity when     `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed     in crossbeam-channel 0.4.4. (CVE-2020-15254)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 78.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-46 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 9.7.4. It is, therefore affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 32.0.0.433.
It is therefore affected by a NULL pointer dereference flaw. An unauthenticated, remote attacker can exploit this, by inserting malicious strings in an HTTP response, to execute arbitrary code in the context of the current user.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed.

The update addresses the vulnerability by modifying the way Visual Studio Code Python extension renders notebook content.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Microsoft 3D Viewer app installed on the remote host is affected by a code execution vulnerability when the Base3D rendering engine improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system.

Pulse Secure Installer Service, a VPN client installer, is installed on the remote Windows host.

The version of Microsoft Edge installed on the remote Windows host is prior to 86.0.622.38. It is, therefore, affected by multiple vulnerabilities as referenced in the ADV200002-10-8-2020 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, Cisco Webex Teams is affected by a DLL hijacking vulnerability. An authenticated, local attacker can exploit this, by crafting a malicious DLL file and placing it in a specific location, to execute arbitrary code on the target machine with the privileges of another user account. 

Please refer to the Cisco BIDs and Cisco Security Advisory for more information.

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version 8.0.0.x prior to 8.0.0.7, 9.0.x prior to 9.0.4 or 9.0.0.x prior to 9.0.0.2. It is, therefore, affected by a denial of service vulnerability. An authenticated, remote attacker can exploit this issue to cause the service to stop responding.

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version  8.0.0.x prior to 8.0.0.8, 9.0.0.x prior to 9.0.0.3, or 9.0.4. It is, therefore, affected by a denial of service vulnerability. An IBM WebSphere MQ Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version 8.0.0.x prior to 8.0.0.8, 9.0.x prior to 9.0.4 or 9.0.0.x prior to 9.0.0.2.
It is, therefore, affected by a denial of service vulnerability. An authenticated, remote attacker can exploit this issue to cause the service to stop responding.

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version  8.0.0.x prior to 8.0.0.10, or 9.0.0.x prior to 9.0.0.4. It is, therefore, affected by an information disclosure vulnerability. IBM WebSphere MQ could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

According to its self-reported version, the IBM WebSphere MQ server  installed on the remote Windows host is version 8.0.0.x prior to 8.0.0.7, 9.0.x prior to 9.0.4 or 9.0.0.x prior to 9.0.0.2. It is, therefore, affected by multiple vulnerabilities:

- A denial of service vulnerability. An  authenticated, remote   attacker can exploit this issue to cause the  service to stop   responding. (CVE-2017-1283)

- IBM MQ Managed File Transfer Agent sets insecure permissions   on certain files it creates. A local attacker could exploit   this vulnerability to modify or delete data contained in the   files with an unknown impact. (CVE-2017-1699)

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version 7.5.0.x prior to 7.5.0.8, 8.0.0.x prior to 8.0.0.6, 9.0.x prior to 9.0.2 or 9.0.0.x prior to 9.0.0.1.
It is, therefore, affected by a denial of service vulnerability. An authenticated, remote attacker can exploit this issue to cause the service to stop responding.

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version 8.0.0.x prior to 8.0.0.7, 9.0.x prior to 9.0.3 or 9.0.0.x prior to 9.0.0.2. It is, therefore, affected by a denial of service vulnerability. An authenticated, remote attacker can exploit this issue to cause the service to stop responding.

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version  8.0.0.x prior to 8.0.0.9, 9.0.x prior to 9.0.5 or 9.0.0.x prior to 9.0.0.3. It is, therefore, affected by multiple vulnerabilities:

  - A denial of service vulnerability. An authenticated,remote     attacker can exploit this issue to cause the service to stop     responding. (CVE-2017-1786)

  - When configured to use a PAM module for authentication,     Websphere MQ could allow a user to cause a deadlock in the     IBM MQ PAM code which could result in a denial of service.
    (CVE-2018-1419)

Apache HTTP Server, a free and open-source cross-platform web server software is installed on the remote Windows host.

According to its self-reported version number, the version of HP Device Manager installed on the remote Windows host is 4.x prior to 4.7 SP 13 or 5.x prior to 5.0.4. It is, therefore, affected by multiple vulnerabilities:

  - A weak cipher implementation that is susceptible to dictionary attacks. (CVE-2020-6925)

  - An unauthenticated RMI object call that can allow an unauthenticated remote attacker to inject HQL that injects SQL     that will run on the bundled PostgreSQL database. (CVE-2020-6926)

  - A local privilege escalation vulnerability in the bundled PostgreSQL database. It has a default user account     (dm_postgres) with a trivial password (single space). This can allow a local attacker to connect to the database     and perform SQL queries leading to code execution as SYSTEM. (CVE-2020-6927)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its version, the Foxit Reader application installed on the remote Windows host is prior to 10.1. It is, therefore affected by  multiple vulnerabilities.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 10.1. It is, therefore affected by  multiple vulnerabilities.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the version of Kentico CMS on the remote host is 9.x, 10.x prior to 10.0.52, 11.x prior to 11.0.48, or 12.x prior to 12.0.15. It is, therefore, affected by a remote code execution vulnerability. Due to a failure to validate security headers, it is possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then can be used to execute arbitrary code on the server where the Kentico instance is hosted.

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the version of Kentico CMS on the remote host is prior to 11.0.45. It is, therefore, affected by an unrestricted upload flaw. An unauthenticated, remote attacker can exploit this, by uploading specially-crafted files with dangerous file types, to perform other attacks like cross-site scripting (XSS) and cross-origin resource sharing (CORS).

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the version of Kentico CMS on the remote host is prior to 12.0.50. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to the Content-Type header being inconsistent with the file extension. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the version of Kentico CMS on the remote host is prior to 8.2.42. It is, therefore, affected by multiple vulnerabilities :

  - Multiple cross-site scripting (XSS) vulnerabilities exist in the UIPage.aspx parameter name and the     CMSBodyClass cookie variable due to improper validation of user-supplied input before returning it to     users. An authenticated, remote attacker can exploit this, by convincing a user to click a     specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2015-7822)

  - An open redirect vulnerability exists in CMSPages/GetDocLink.ashx due to not validadating URL parameters.
    An unauthenticated, remote attacker can exploit this, by convincing a user to click on a specially-crafted     URL with a link in the 'link' parameter, to redirect a user to the specified URL. (CVE-2015-7823)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, the version of Kentico CMS on the remote host is 10.x prior to 10.0.50 or 11.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities :

  - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input before     returning it to users. An authenticated, remote attacker can exploit this, by convincing a user to click a     specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2018-6842)

  - A SQL injection (SQLi) vulnerability exists in the administrative interface due to improper validation of     user-supplied input. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL     queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data.
    (CVE-2018-6843)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
142032	Macrium Reflect < 7.3.5281 Privilege Escalation	Medium
142031	Macrium Reflect Installed	Info
142020	Citrix Gateway Plug-in for Windows Installed	Info
142019	Citrix Gateway Plug-in for Windows 12.1.x < 12.1.59.16 / 13.0.x < 13.0.64.35 Multiple Vulnerabilities (CTX282684)	Medium
141931	Security Update for Microsoft Visual Studio Code (CVE-2020-17023)	High
141861	Adobe Media Encoder < 14.5 arbitrary code execution (APSB20-65)	Medium
141854	Adobe Photoshop CC 20.x / 21.x < 21.2.3 Uncontrolled Search Path Element (APSB20-63)	Medium
141848	Adobe InDesign <= 15.1.2 Arbitrary Code Execution Vulnerability (APSB20-66)	Medium
141835	Adobe Dreamweaver <= 20.2 Privilege Escalation (APSB20-55)	Medium
141834	Adobe After Effects <= 17.1.1 Multiple Arbitrary Code Execution Vulnerabilities (APSB20-62)	Medium
141833	McAfee ePolicy Orchestrator (SB10332)	Medium
141815	Microsoft Edge (Chromium) < 86.0.622.51 Multiple Vulnerabilities	Critical
141805	Adobe Creative Cloud Desktop < 5.3 Arbitrary Code Execution (APSB20-68)	Critical
141804	Adobe Illustrator CC < 25.0 Multiple Vulnerabilites (APSB20-58)	Medium
141803	VMware Horizon View Client < 5.5.0 DoS (VMSA-2020-0022)	Low
141800	Oracle Java SE 1.7.0_281 / 1.8.0_271 / 1.11.0_9 / 1.15.0_1 Multiple Vulnerabilities (Oct 2020 CPU)	Medium
141788	Adobe Animate <= 20.5 Multiple Vulnerabilities (APSB20-61)	High
141787	Adobe Animate Installed	Info
141786	Adobe Premiere Pro < 14.5 Arbitrary Code Execution (APSB20-64)	High
141783	Windows Migration Assistant Installed	Info
141782	Windows Migration Assistant < 2.2.0.0 Arbitrary Code Execution (HT211186)	Medium
141779	McAfee File and Removable Media Protection (FRP) Installed (Windows)	Info
141775	Mozilla Thunderbird < 78.4	Critical
141573	Google Chrome < 86.0.4240.111 Multiple Vulnerabilities	Critical
141571	Mozilla Firefox < 82.0	Critical
141570	Mozilla Firefox ESR < 78.4	Critical
141568	Foxit PhantomPDF < 9.7.4 Multiple Vulnerabilities	Medium
141494	Adobe Flash Player <= 32.0.0.433 (APSB20-58)	High
141452	Security Update for Microsoft Visual Studio Code Python Extension (Oct 2020)	High
141430	Microsoft 3D Viewer Base3D Code Execution (October 2020)	High
141393	Pulse Secure Installer Service Installed (Windows)	Info
141363	Microsoft Edge (Chromium) < 86.0.622.38 Multiple Vulnerabilities	Critical
141353	Cisco Webex Teams for Windows DLL Hijacking (cisco-sa-webex-teams-dll-drsnH5AN)	High
141349	IBM WebSphere MQ Denial of Service (CVE-2017-1235)	Medium
141348	IBM WebSphere MQ 8.0.0.x < 8.0.0.9 / 9.0.4 < 9.0.5 / 9.0.0.x < 9.0.0.3 Denial of Service	Medium
141347	IBM WebSphere MQ Denial of Service (CVE-2017-1557)	Medium
141346	IBM WebSphere MQ Information Disclosure (CVE-2018-1543)	Medium
141345	IBM WebSphere MQ 8.0.0.x < 8.0.0.7 / 9.0.0.x < 9.0.0.2 / 9.0.x < 9.0.4 Multiple Vulnerabilities	Low
141344	IBM WebSphere MQ Denial of Service (CVE-2017-1117)	Low
141343	IBM WebSphere MQ Denial of Service (CVE-2017-1236)	Medium
141342	IBM WebSphere MQ 8.0.0.x < 8.0.0.9 / 9.0.x < 9.0.5 / 9.0.0.x < 9.0.0.3 Multiple Vulnerabilities	Low
141262	Apache HTTP Server Installed (Windows)	Info
141251	HP Device Manager 4.x < 4.7 SP 13 / 5.x < 5.0.4 Multiple Vulnerabilities	Critical
141217	Foxit Reader < 10.1 Multiple Vulnerabilities	High
141216	Foxit PhantomPDF < 10.1 Multiple Vulnerabilities	High
141214	Kentico CMS 9.x / 10.x < 10.0.52 / 11.x < 11.0.48 / 12.x < 12.0.15 RCE	High
141213	Kentico CMS < 11.0.45 Unrestricted Upload	Medium
141212	Kentico CMS < 12.0.50 XSS	Medium
141211	Kentico CMS < 8.2.42 Multiple Vulnerabilities	Medium
141210	Kentico CMS 10.x < 10.0.50 / 11.x < 11.0.3 Multiple Vulnerabilities	Medium

Windows Family for Nessus