*** NK8 RELS 3485 Release ***
Total number of signatures: 3100

Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities
and applications as below:

Added 13 rule(s):
---------------
1137033	EXPLOIT SaltStack Salt ClearFuncs Directory Traversal -1 (CVE-2020-11652)
1137036	WEB Cisco UCS Director MyCallable call Directory Traversal -1.1 (CVE-2020-3251)
1137041	FILE Microsoft Adobe Font Manager Library Type 1 BlendDesignPositions Handling Buffer Overflow (CVE-2020-0938)
1137043	FILE Adobe Acrobat and Reader EScript Out of Bounds Read -1.1 (CVE-2020-3804)
1137047	FILE Microsoft Media Foundation GetKeyForIndex Out-of-Bounds Read (CVE-2020-0939)
1137049	WEB-CLIENT Microsoft Internet Explorer Scripting Engine CVE-2020-0674 Use After Free -1
1137051	WEB EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution (CVE-2020-8654)
1137052	WEB EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution (CVE-2020-8656)
1137053	WEB EyesOfNetwork 5.1-5.3 AutoDiscovery Target Command Execution (CVE-2020-9465)
1137057	FILE Adobe Acrobat and Reader AcroForm Use After Free (CVE-2020-3805)
1137058	DB PostgreSQL COPY FROM PROGRAM Command Execution -1.1 (CVE-2019-9193)
1137059	DB PostgreSQL COPY FROM PROGRAM Command Execution -1.2 (CVE-2019-9193)
1137061	EXPLOIT IBM TM1 / Planning Analytics Unauthenticated Remote Code Execution (CVE-2019-4716)

Modified 5 rule(s):
---------------
1069037	IM WhatsApp access via SSL -1.1
1069733	IM WhatsApp access via TCP -1.1
1069734	IM WhatsApp access via TCP -1.2
1133081	WEB-CLIENT Microsoft Edge Array.join Type Confusion (CVE-2016-7189)
1160742	IM WhatsApp access via SSL -1.2

Deleted 47 rule(s):
---------------
1056488	WEB PHP Arbitrary Code Injection -6.a (old rule)
1056619	WEB HTTP Negative Content-Length Buffer Overflow -2 (old rule)
1059655	ICS Advantech WebAccess SCADA webvact.ocx NodeName2 Buffer Overflow -1 (CVE-2014-0766) (old rule)
1059656	ICS Advantech WebAccess SCADA webvact.ocx NodeName2 Buffer Overflow -2 (CVE-2014-0766) (old rule)
1059872	WEB Directory Traversal -14 (old rule)
1059874	WEB Apache HTTP Server mod_proxy Denial of Service -1 (CVE-2014-0117) (old rule)
1064015	IM WhatsApp login via SSL -1 (old rule)
1068766	IM WhatsApp login via SSL -2 (old rule)
1130361	WEB ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N Information Disclosure -1 (CVE-2015-0554) (old rule)
1130362	WEB ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N Information Disclosure -2 (CVE-2015-0554) (old rule)
1130363	WEB ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N Information Disclosure -3 (CVE-2015-0554) (old rule)
1130484	WEB Multiple SOHO Router Products Cookie Parsing Vulnerabilities (CVE-2014-9222) (old rule)
1131081	MALWARE Linux/Moose HTTP Activity -1 (old rule)
1131082	MALWARE Linux/Moose HTTP Activity -2 (old rule)
1131090	WEB ASUS RT-N12 Devices Unauthenticated Remote DNS Change Vulnerability (old rule)
1131105	WEB-CLIENT Apache Cordova Android Apps Vulnerability -2 (CVE-2015-1835) (old rule)
1131107	WEB-CLIENT Apache Cordova Android Apps Vulnerability -4 (CVE-2015-1835) (old rule)
1131108	WEB-CLIENT Apache Cordova Android Apps Vulnerability -5 (CVE-2015-1835) (old rule)
1131111	WEB-CLIENT Suspicious HTML Iframe Tag -5 (old rule)
1131147	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 11 (Ransomware Attack Vector) (old rule)
1131183	MALWARE Duqu 2.0 SMB Access -2 (old rule)
1131184	MALWARE Duqu 2.0 SMB Access -3 (old rule)
1131185	MALWARE Duqu 2.0 SMB Access -4 (old rule)
1131186	MALWARE Duqu 2.0 SMB Access -1 (old rule)
1131467	WEB Cisco Prime Data Center Network Manager Information Disclosure (CVE-2015-0666) (old rule)
1131471	WEB Directory Traversal -26.e (old rule)
1131562	EXPLOIT Cisco IOS SYNful Knock Activity (old rule)
1131569	WEB-ACTIVEX NetIQ Security Solutions for ISeries SafeShellExecute Stack Buffer Overflow -1 (CVE-2015-0795) (old rule)
1132093	WEB Cross-site Scripting -31 (old rule)
1132110	ICS Advantech WebAccess Webdobj ActiveX UpdateProject Stack Buffer Overflow -1 (CVE-2014-9208) (old rule)
1132118	ICS Advantech WebAccess AspVCObj.AspDataDriven ActiveX GetWideStrCpy Stack Buffer Overflow -1 (CVE-2014-9208) (old rule)
1132259	WEB SQL injection attempt -77 (old rule)
1132266	WEB-ACTIVEX Samsung SmartViewer STWAxConfigNVR Memory Corruption -1 (old rule)
1132267	WEB-ACTIVEX Samsung SmartViewer STWAxConfigNVR Memory Corruption -2 (old rule)
1132269	WEB-ACTIVEX Samsung SmartViewer CNC_Ctrl ActiveX Control Out of Bounds Indexing -2 (old rule)
1132304	FILE Microsoft Office Memory Corruption Vulnerability -1 (CVE-2016-0052) (old rule)
1132515	FILE Apple QuickTime moov Atom Heap Corruption Remote Code Execution Vulnerability (ZDI-16-241) (old rule)
1132516	FILE Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulnerability (ZDI-16-242) (old rule)
1132517	WEB-CLIENT WScript.Shell Remote Code Execution -4 (old rule)
1132518	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 57 (Ransomware Attack Vector) (old rule)
1132519	WEB-CLIENT Suspicious HTML Iframe Tag -1 (old rule)
1132520	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 58 (Ransomware Attack Vector) (old rule)
1132526	WEB Oracle ATS DownloadServlet TMAPReportImage Directory Traversal -1 (CVE-2016-0480) (old rule)
1132528	ICS Advantech WebAccess webvrpcs Service BwWebSvc.dll Buffer Overflow (CVE-2016-0856) (old rule)
1132534	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 59 (Ransomware Attack Vector) (old rule)
1132535	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 60 (Ransomware Attack Vector) (old rule)
1132538	WEB-CLIENT Trend Micro Antivirus Password Manager Code Injection -1 (old rule)