All Vulnerabilities

  • OpenSSL OCSP Status Request Denial Of Service Vulnerability (CVE-2016-6304)
     Gravité: :    
     Publish Date:  21 décembre 2016
    A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support.
  • Microsoft Windows Library Loading Remote Code Execution Vulnerability (CVE-2015-6132)
     Gravité: :    
     Publish Date:  21 décembre 2016
    A remote code vulnerability exists when Windows fails to validate the authenticity of a module before loading it in run-time. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the user running the affected application.
  • 22-053 (November 1, 2022)
     Gravité: :    
     Publish Date:  01 novembre 2022
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1011587 - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)


    JBoss Remoting Connector Unified Invoker
    1011570* - Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability


    SolarWinds Information Service
    1011586 - SolarWinds Network Performance Monitor 'DeserializeFromStrippedXml' Insecure Deserialization Vulnerability (CVE-2022-36958)


    WSO2 Enterprise Integrator
    1011580* - WSO2 Enterprise Integrator Cross-Site Scripting Vulnerability (CVE-2022-39810)


    Web Application Common
    1011588 - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-40871)
    1011577* - Fastify Denial Of Service Vulnerability (CVE-2022-39288)
    1007170* - Identified Suspicious China Chopper Webshell Communication (ATT&CK T1505.003)


    Web Application PHP Based
    1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
    1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
    1011584 - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
    1011582 - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)


    Web Server Miscellaneous
    1011581* - Apache JSPWiki 'UserPreferences.jsp' Cross-Site Request Forgery Vulnerability (CVE-2022-28731)
    1011572* - Vm2 Sandbox Remote Code Execution Vulnerability (CVE-2021-23449)
    1011583 - XWiki Code Injection Vulnerability (CVE-2022-36100)
    1011569 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36094)
    1011578 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36096)


    Zoho ManageEngine
    1011549* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-40300)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
    1011453* - Microsoft Windows WMI Events - 1
  • 21-059 (December 21, 2021)
     Gravité: :    
     Publish Date:  21 décembre 2021
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Apache Storm Nimbus
    1011236* - Apache Storm Command Injection Vulnerability (CVE-2021-38294)


    Directory Server LDAP
    1011246 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over LDAP (CVE-2021-42278)


    SolarWinds Network Performance Monitor
    1011229* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
    1011221* - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)
    1011230 - SolarWinds Patch Manager 'WSAsyncExecuteTasks' Deserialization Vulnerability (CVE-2021-35217)


    Web Application Common
    1010423* - Primetek Primefaces Remote Code Execution Vulnerability (CVE-2017-1000486)
    1011198 - Strapi Framework Remote Code Execution Vulnerability (CVE-2019-19609)


    Web Server Common
    1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
    1008581* - Identified Suspicious IP Addresses In XFF HTTP Header


    Web Server HTTPS
    1011232* - Montala Limited ResourceSpace Arbitrary File Deletion Vulnerability (CVE-2021-41950)


    Web Server SharePoint
    1011224* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)


    Web Server Squid
    1011234* - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)


    Windows SMB Server
    1011251 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over SMB (CVE-2021-42278)


    Zoho ManageEngine
    1011237* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
    1011248 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1011250 - Web Server - Apache - 2
  • 21-048 (November 2, 2021)
     Gravité: :    
     Publish Date:  02 novembre 2021
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Azure Open Management Infrastructure Tool
    1011147* - Open Management Infrastructure Remote Code Execution Vulnerability (CVE-2021-38647)


    Memcached
    1011098* - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2390)


    Suspicious Server Application Activity
    1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1021.001)


    Web Application PHP Based
    1011193 - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)


    Web Client Common
    1010806* - Identified Directory Traversal Attack In HTTP Response Headers
    1011054* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-31206)


    Web Server Apache
    1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


    Web Server HTTPS
    1011196 - ACME mini_httpd Server Arbitrary File Read Vulnerability (CVE-2018-18778)
    1011190 - Centreon 'ProceduresProxy.class.php' SQL Injection Vulnerability (CVE-2021-37558)


    Web Server Nagios
    1011191* - Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-40344)


    Zoho ManageEngine
    1011188* - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)


    Zoho ManageEngine ADSelfService Plus
    1011194 - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
  • 21-047 (October 26, 2021)
     Gravité: :    
     Publish Date:  26 octobre 2021
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Memcached
    1011097* - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2389)
    1011098 - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2390)


    Web Client Common
    1011127* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-55) - 2
    1011185 - Chromium V8 Out Of Bounds Write Vulnerability (CVE-2021-30632)
    1010207* - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities (CVE-2020-1020 and CVE-2020-0938)


    Web Server HTTPS
    1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)


    Web Server Miscellaneous
    1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
    1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)
    1011163* - Spring Boot Actuator Directory Traversal Vulnerability (CVE-2021-21234)


    Web Server Nagios
    1011191 - Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-40344)


    Web Server Squid
    1011159* - Squid HTTP Request Smuggling Vulnerability (CVE-2019-18678)


    Zoho ManageEngine
    1011188 - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)


    Integrity Monitoring Rules:

    1002786* - Microsoft Windows - Microsoft hotfixes registry keys modified (ATT&CK T1112)


    Log Inspection Rules:

    1004488* - Database Server - Microsoft SQL
    1010595* - Microsoft LDAP Query Execution
  • 21-030 (July 2, 2021)
     Gravité: :    
     Publish Date:  02 juillet 2021
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Port Mapper Windows
    1001033* - Windows Port Mapper Decoder


    Windows SMB Server
    1011018 - Identified DCERPC AddPrinterDriverEx Call Over SMB Protocol


    Windows Services RPC Server DCERPC
    1011016 - Identified DCERPC AddPrinterDriverEx Call Over TCP Protocol


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1011017 - Microsoft Windows - Print Spooler Failed Loading Plugin Module (PrintNightmare)
  • 19-012 (March 12, 2019)
     Gravité: :    
     Publish Date:  13 mars 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1009579 - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2019-0703)


    Web Application Common
    1009540 - Red Hat Ceph Storage Debug Shell Remote Command Injection (CVE-2018-14649)


    Web Application PHP Based
    1009545 - PHP 'phar_tar_writeheaders()' Function Stack Buffer Overflow Vulnerability (CVE-2016-2554)


    Web Client Common
    1009266 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 11
    1009212* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 5
    1009322 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-8392)
    1009428* - Microsoft Outlook Remote Code Execution Vulnerability (CVE-2018-8587)
    1009475 - Microsoft Windows Data Sharing Service Elevation Of Privilege Vulnerability (CVE-2019-0571)
    1009294 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8396)
    1009486 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8595)
    1009571 - Microsoft Windows Multiple Information Disclosure Vulnerabilities (March 2019)
    1009576 - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0666)
    1009583 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0797)
    1009582 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0808)
    1009554 - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)


    Web Client Internet Explorer/Edge
    1009415* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8629)
    1009577 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0592)
    1009574 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0639)
    1009564 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0769)
    1009565 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0770)
    1009566 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0771)
    1009567 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0773)
    1009573 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2019-0612)
    1009575 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0609)
    1009414* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8631)
    1009568 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2019-0763)
    1009569 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0680)
    1009570 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2019-0768)
    1009371* - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8552)
    1009563 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0665)
    1009578 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0667)


    Web Server SharePoint
    1009535 - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604)


    Integrity Monitoring Rules:

    1009434 - Kubernetes Cluster Node


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 19-011 (March 8, 2019)
     Gravité: :    
     Publish Date:  09 mars 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Client Common
    1009572 - Google Chrome FileReader Use-After-Free Vulnerability (CVE-2019-5786)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 19-010 (March 5, 2019)
     Gravité: :    
     Publish Date:  06 mars 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application Common
    1009477 - Identified Sensepost Ruler Traffic
    1009457* - Jenkins CI Server XStream Insecure Deserialization Vulnerability (CVE-2016-0792)
    1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
    1009553 - Sonatype Nexus Repository Manager Remote Code Execution Vulnerability (CVE-2019-7238)


    Web Client Common
    1009495 - LibTIFF Arbitrary Sized JBIG Decoding Denial Of Service Vulnerability (CVE-2018-18557)


    Web Server SharePoint
    1009534 - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0594)


    Windows Services RPC Server DCERPC
    1009478* - Identified Remote Service Creation Over DCE/RPC Protocol


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.