All Vulnerabilities

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1009728* - Jenkins Stapler Web Framework Remote Code Execution Vulnerability (CVE-2018-1000861)
1009467* - Microsoft Exchange Server NTLM Reflection EWS Authentication Bypass Vulnerability (CVE-2018-8581)


Web Application PHP Based
1009481* - Drupal Core Critical Arbitrary PHP Code Execution Vulnerability (CVE-2019-6339)


Web Client Common
1009740 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) - 1
1009735 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) - 2
1009738 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) - 3
1009736 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) - 4
1009742 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) - 5
1009739 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) - 6
1009737 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) - 7
1009741 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) - 8
1009734 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) - 9
1009732 - Adobe Flash Player Use After Free Vulnerability (CVE-2019-7837)
1009722 - Microsoft Windows Error Reporting Elevation Of Privilege Vulnerability (CVE-2019-0863)
1009723 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-0882)
1009725 - Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2019-0885)
1009743 - Oracle Java Runtime Environment 'sc_FindExtrema4' Heap Corruption Vulnerability (CVE-2019-2697)
1009744 - Oracle Java Runtime Environment 'setCurrGlyphID' Heap Corruption Vulnerability (CVE-2019-2698)


Web Client Internet Explorer/Edge
1009731 - Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2019-0938)
1009729 - Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0926)
1009724 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0884)
1009726 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0911)
1009733 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0940)
1009730 - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2019-0930)
1009727 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0918)


Web Server Adobe ColdFusion
1009455* - Adobe ColdFusion CKEditor 'upload.cfm' Directory Traversal Vulnerability (CVE-2018-15960)
1009387* - Adobe ColdFusion Remote File Upload Vulnerability (CVE-2018-15961)


Integrity Monitoring Rules:

1009710 - Install Root Certificate (ATT&CK: T1130)
1008257* - Microsoft Windows - USB Storage Device Detected (ATT&CK: T1092)
1009670 - Service Registry Permissions Weakness (ATT&CK: T1058)


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DHCP Client - Incoming
1009718 - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0697)


Mail Server Exim
1009747 - MailCarrier Remote Code Execution Vulnerability (CVE-2004-1638)


Web Application Common
1009423* - ImageMagick Multiple Security Vulnerabilities (Server) - 26
1009057* - Pivotal Spring Data Commons Remote Code Execution Vulnerability (CVE-2018-1273)


Web Application PHP Based
1009720 - Drupal Core Cross-Site Scripting Vulnerability (CVE-2019-6341)
1009541* - Drupal Core Remote Code Execution Vulnerability (CVE-2019-6340)


Web Client Common
1009291 - Foxit Reader Multiple Security Vulnerabilities - 10
1009716 - Google Chrome 'NewFixedDoubleArray' Integer Overflow Vulnerability
1009709 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-0802)
1009297 - Oracle Java SE and Java for Business 'XNewPtr()' Remote Code Execution Vulnerability (CVE-2010-0843)


Web Client Internet Explorer/Edge
1009449* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2018-8653)


Web Server IIS
1009346 - Microsoft IIS MDAC 'msadcs.dll' RDS DataStub Content-Type Heap Overflow Vulnerability (CVE-2002-1142)


Web Server Miscellaneous
1004750* - Oracle Java RMI Server Insecure Default Configuration Java Code Execution


Web Server Oracle
1009225* - Oracle WebLogic Server WLS Web Services Remote Code Execution Vulnerability (CVE-2018-2894)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DHCP Client
1009476 - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0547)


HP Intelligent Management Center (IMC)
1009799 - HPE Intelligent Management Center 'AccessMgrServlet ClassName' Insecure Deserialization (CVE-2019-11945)


Web Application Common
1000608* - Generic SQL Injection Prevention


Web Client Common
1009829 - Microsoft Windows Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0908)
1009770 - OpenOffice Information Disclosure Vulnerability (CVE-2018-10583)
1009762 - mIRC Remote Command Execution Vulnerability (CVE-2019-6453)


Web Client Internet Explorer/Edge
1009655* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0752)


Web Client Mozilla Firefox
1009828 - Mozilla Firefox Type Confusion Vulnerability (CVE-2019-11707)


Web Client VNC
1009494 - LibVNC LibVNCClient CoRRE Heap-based Buffer Overflow Vulnerability (CVE-2018-20020)


Web Server Common
1000763* - URI Length Restriction


Web Server Miscellaneous
1008104* - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)


Web Server RealVNC
1004146* - RealVNC 'ClientCutText' Message Memory Corruption


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

An insecure method in the ARDoc ActiveX Control (ARDoc.dll) can be exploited to overwrite arbitrary files with the contents of exported documents via a call to the "SaveToFile()" method with a specially crafted "bstrFileName" argument. Successful exploitation of this vulnerability allows execution of arbitrary code.

Quest InTrust is prone to a remote code-execution vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.

A denial-of-service vulnerability exists in PowerDNS Authoritative Server. The vulnerability is due to an error in processing queries with overly long qnames. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted DNS packet to the target application. A successful attack could lead to excessive resources being consumed, resulting in a denial of service condition.

A denial of service vulnerability exists in the Windows port of Network Time Foundation's NTP Daemon. An attacker can exploit this vulnerability by sending a large UDP packet to the target server. Successful exploitation results in denial of service conditions on the target server.

A denial of service vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to a null pointer dereference when handling crypto-NAK packets. A remote attacker can exploit this vulnerability by sending an unsolicited crypto-NAK packet to the target service. Successful exploitation may result in denial-of-service conditions.

A denial-of-service vulnerability has been reported in NGINX. The vulnerability is due to nginx dereferencing an invalid pointer while processing certain DNS packets. A remote attacker could exploit this vulnerability by forging UDP packets as if from a trusted DNS server. Successful exploitation attempt may result in denial-of-service condition.

A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.