*** NK8 RELS 3486 Release *** Total number of signatures: 3098 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Added 23 rule(s): --------------- 1137042 EXPLOIT Oracle WebLogic CVE-2020-2798 Insecure Deserialization 1137063 WEB Opmantek Open-AudIT m_discoveries.php Command Injection (CVE-2020-11941) 1137064 FILE Foxit PhantomPDF text Field Object Use After Free (CVE-2020-8846) 1137066 WEB Cisco Data Center Network Manager installSwitchLicense Directory Traversal -1 (CVE-2019-15980) 1137069 SNMP AwindInc SNMP Service Command Injection (CVE-2017-16709) 1137070 EXPLOIT QNAP Transcode Server Command Execution (CVE-2017-13067) 1137071 WEB Unitrends UEB http api remote code execution (CVE-2017-12478) 1137072 WEB Unitrends UEB http api remote code execution (CVE-2018-6328) 1137074 SNMP Net-SNMP PDU Heap Overflow -3 (CVE-2018-1000116) 1137075 WEB Oracle Business Intelligence And XML Publisher XML External Entity Injection (CVE-2019-2616) 1137076 EXPLOIT Unitrends UEB bpserverd authentication bypass RCE (CVE-2017-12477) 1137077 WEB OrientDB 2.2.x Remote Code Execution (CVE-2017-11467) 1137090 WEB Jenkins CLI HTTP Java Deserialization Vulnerability (CVE-2016-9299) 1137092 WEB QNAP QCenter change_passwd Command Execution (CVE-2018-0707) 1137093 EXPLOIT SaltStack Salt ClearFuncs Directory Traversal -3 (CVE-2020-11652) 1137096 WEB Cisco UCS Director Cloupia Script RCE (CVE-2020-3243) 1137098 WEB Cisco UCS Director Cloupia Script RCE -1 (CVE-2020-3250) 1137099 WEB Cisco UCS Director Cloupia Script RCE -2 (CVE-2020-3250) 1137100 DNS ISC BIND TSIG Assertion Failure Denial of Service (CVE-2020-8617) 1137101 WEB WordPress Drag And Drop Multi File Uploader Remote Code Execution (CVE-2020-12800) 1137102 WEB VMware Cloud Director RCE (CVE-2020-3956) 1137103 WEB Moodle CMS questiontype.php Answer Remote Code Execution -3.1 (CVE-2018-1133) 1137104 WEB Moodle CMS questiontype.php Answer Remote Code Execution -3.2 (CVE-2018-1133) Modified 2 rule(s): --------------- 1133081 WEB-CLIENT Microsoft Edge Array.join Type Confusion (CVE-2016-7189) 1136912 EXPLOIT Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution (CVE-2020-2555) Deleted 25 rule(s): --------------- 1132542 WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -1.2 (CVE-2015-1747) (old rule) 1132549 ICS Schneider Electric GP-Pro EX ParseAPI Heap Buffer Overflow (old rule) 1132556 FILE Adobe Flash Player Memory Corruption (CVE-2016-1012) (old rule) 1132598 FILE ImageMagick Delegate Command Injection -3 (CVE-2016-3714) (old rule) 1132601 FILE ImageMagick Delegate Command Injection -6 (CVE-2016-3714) (old rule) 1132602 FILE ImageMagick Delegate Command Injection -7 (CVE-2016-3714) (old rule) 1132603 FILE ImageMagick Delegate Command Injection -8 (CVE-2016-3714) (old rule) 1132604 FILE ImageMagick Delegate Command Injection -9 (CVE-2016-3714) (old rule) 1132607 FTP JCL Execution (old rule) 1132611 FILE Microsoft Windows OLE CVE-2016-0153 Code Execution (old rule) 1132613 WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability -2 (CVE-2015-6136) (old rule) 1132630 ICS Advantech WebAccess webvrpcs Service Function 0x013C80 Buffer Overflow (CVE-2016-0856) (old rule) 1132631 ICS Advantech WebAccess webvrpcs Service Function 0x013C71 Buffer Overflow (CVE-2016-0856) (old rule) 1132647 FILE Android libstagefright mp4 tx3g Atom Multiple Buffer Overflow -2 (old rule) 1132648 FILE Android libstagefright mp4 tx3g Atom Multiple Buffer Overflow -3 (old rule) 1132656 WEB-CLIENT Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207) (old rule) 1132660 WEB-CLIENT Microsoft Edge Security Feature Bypass (CVE-2016-3198) (old rule) 1132663 FILE Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203) (old rule) 1132675 SSH OpenSSH Roaming through the OpenSSH client Information disclosure (CVE-2016-0777) (old rule) 1132746 WEB-CLIENT Shell Application Remote Code Execution -1 (Ransomware Attack Vector) (old rule) 1132760 WEB-CLIENT Javascript Obfuscation in Exploit Kits - 70 (Ransomware Attack Vector) (old rule) 1132761 WEB-CLIENT Suspicious HTML Iframe Tag -10 (Ransomware Attack Vector) (old rule) 1132762 WEB-CLIENT Suspicious HTML Iframe Tag -11 (Ransomware Attack Vector) (old rule) 1132763 WEB-CLIENT Suspicious HTML Iframe Tag -12 (Ransomware Attack Vector) (old rule) 1132771 WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3240) (old rule)