All Vulnerabilities

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Asterisk RTP Protocol
1008964 - Digium Asterisk Compound RTCP Out-Of-Bounds Write Vulnerability (CVE-2017-17664)


DCERPC Services - Client
1009331* - Microsoft Filter Manager Elevation Of Privilege Vulnerability (CVE-2018-8333)


Directory Server LDAP
1008842* - OpenLDAP 'deref_parseCtrl' Denial Of Service Vulnerability (CVE-2015-1545)


Mail Server Common
1009117* - Dovecot 'rfc822_parse_domain' Out Of Bounds Read Vulnerability (CVE-2017-14461)


Microsoft Office
1009073* - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-8157)


Remote Desktop Protocol Server
1009343 - Identified Too Many SSL Alert Messages In SSLv3 Over RDP


Web Application Common
1009310 - Microsoft Exchange Server SSRF Vulnerability (CVE-2018-16793)


Web Client Common
1008937 - Apache Subversion Client svn-ssh URL Command Execution Vulnerability (CVE-2017-9800)
1009092* - Foxit PDF Reader JavaScript 'XFA Clone' Remote Code Execution Vulnerability (CVE-2018-3850)
1009237 - Foxit Reader Multiple Security Vulnerabilities - 1
1009231 - Foxit Reader Multiple Security Vulnerabilities - 2
1009236 - Foxit Reader Multiple Security Vulnerabilities - 3
1009232 - Foxit Reader Multiple Security Vulnerabilities - 4
1009235 - Foxit Reader Multiple Security Vulnerabilities - 5
1009147 - Microsoft Windows .NET Framework Device Guard Security Feature Bypass Vulnerability (CVE-2018-1039)
1009171* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8414)
1009238* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8414) - 1
1009338* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8495)


Integrity Monitoring Rules:

1003105* - Database Server - PostgreSQL


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Database Oracle
1009306 - Oracle PL/SQL Procedures Arbitrary SQL Command Execution Vulnerability (CVE-2004-1370)


Web Application Common
1009264 - GitLab Arbitrary File Write Vulnerability (CVE-2018-14364)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Database Oracle
1009342 - Oracle Database DIRECTORY Object Information Disclosure Vulnerability (CVE-2005-0298)


Suspicious Client Application Activity
1008756* - Identified Potentially Malicious RAT Traffic - VII


Unix Samba
1008847 - Samba Information Disclosure Vulnerability (CVE-2017-15275)


Web Application Common
1009350 - Telerik UI for ASP.NET AJAX Multiple Arbitrary File Upload Vulnerabilities (CVE-2017-11357 and CVE-2017-11317)
1009356 - Telerik UI for ASP.NET AJAX RadAsyncUpload Control Path Traversal Vulnerability (CVE-2014-2217)


Web Client Common
1009349 - Microsoft Windows Data Sharing Service Arbitrary File Delete Vulnerability
1009333* - Microsoft Windows Theme API Remote Code Execution Vulnerability (CVE-2018-8413)


Web Server Apache
1006027* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2014-0098)


Web Server HTTPS
1008857 - Trend Micro Control Manager Multiple SQL Injection Remote Code Execution Vulnerability (CVE-2018-3604)


Web Server Miscellaneous
1005527* - Apache Struts OGNL Expression Injection Vulnerability


Web Server Oracle
1009353 - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3245)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Database Oracle
1009342* - Oracle Database DIRECTORY Object Information Disclosure Vulnerability (CVE-2005-0298)
1009306* - Oracle PL/SQL Procedures Arbitrary SQL Command Execution Vulnerability (CVE-2004-1370)


Trend Micro OfficeScan
1009034 - Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability (CVE-2018-6231)


Web Application Common
1009264* - GitLab Arbitrary File Write Vulnerability (CVE-2018-14364)
1009350* - Telerik UI for ASP.NET AJAX Multiple Arbitrary File Upload Vulnerabilities (CVE-2017-11357 and CVE-2017-11317)
1009356* - Telerik UI for ASP.NET AJAX RadAsyncUpload Control Path Traversal Vulnerability (CVE-2014-2217)


Web Client Common
1008828* - Speculative Execution Information Disclosure Vulnerabilities (Spectre)


Web Client Internet Explorer/Edge
1009384 - Microsoft Internet Explorer 'Tree::Notify_InvalidateDisplay' Null Pointer Dereference Vulnerability


Web Server Apache
1009045* - Apache httpd 'mod_cache_socache' Denial Of Service Vulnerability (CVE-2018-1303)


Web Server HTTPS
1008857* - Trend Micro Control Manager Multiple SQL Injection Remote Code Execution Vulnerability (CVE-2018-3604)


Web Server Oracle
1009358 - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3191)
1009353* - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3245)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Microsoft Office
1009368 - Microsoft Word Remote Code Execution Vulnerability (CVE-2018-8539)


Web Client Common
1009366 - Microsoft Outlook Multiple Security Vulnerabilities (Nov-2018)
1009349* - Microsoft Windows ALPC Elevation Of Privilege Vulnerability (CVE-2018-8584)
1009378 - Microsoft Windows DirectX Information Disclosure Vulnerability (CVE-2018-8563)
1009372 - Microsoft Windows Graphics Components Remote Code Execution Vulnerability (CVE-2018-8553)
1009382 - Microsoft Windows Multiple Security Vulnerabilities (Nov-2018)
1009369 - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8544)


Web Client Internet Explorer/Edge
1009383 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8542)
1009374 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8555)
1009375 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8556)
1009376 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8557)
1009381 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8588)
1009371 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8552)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Java RMI
1009390 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution Vulnerability (CVE-2016-1000031)


Trend Micro OfficeScan
1009034* - Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability (CVE-2018-6231)


Web Application PHP Based
1009395 - PHP 'imap_open()' Remote Code Execution Vulnerability


Web Application Tomcat
1009388 - Apache Tomcat 'mod_jk' Information Disclosure Vulnerability (CVE-2018-11759)


Web Client Common
1009394 - Adobe Acrobat And Reader NTLM SSO Hash Information Disclosure Vulnerability (CVE-2018-15979)
1009393 - Adobe Flash Player Out Of Bounds Read Vulnerability (CVE-2018-15978)
1009398 - Adobe Flash Player Type Confusion Vulnerability (CVE-2018-15981)
1004085* - Heuristic Detection Of Malicious PDF Documents - 3


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

FTP Server Common
1000153* - FTP MKD Command
1000151* - FTP PORT Command


Java RMI
1009451 - Java Unserialize Remote Code Execution Vulnerability Over RMI


Remote Desktop Protocol Server
1009448 - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt


Suspicious Client Application Activity
1009432 - Tildeb Acknowledgment Request


Suspicious Server Application Activity
1009433 - Tildeb Knock Request


Web Application PHP Based
1009445 - WordPress Authenticated Phar Insecure Deserialization Vulnerability


Web Client Common
1009454 - Microsoft Windows MsiAdvertiseProduct ReadFile Unauthorized Access Vulnerability


Web Server Common
1009450 - Kubernetes API Proxy Request Handling Privilege Escalation Vulnerability (CVE-2018-1002105)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Port Mapper FTP Client
1009558 - Remote File Copy Over FTP


Suspicious Client Ransomware Activity
1007581* - Ransomware Lectool
1007711* - Ransomware XORBAT


Suspicious Server Ransomware Activity
1007582* - Ransomware Lectool-1


Web Application Common
1009319 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624) - 1
1009421* - ImageMagick Multiple Security Vulnerabilities (Server) - 25
1009328 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271) - 1


Web Client Common
1009207* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 2
1009239 - Foxit Reader 'addField' Use-After-Free Remote Code Execution Vulnerability (CVE-2018-9935)
1008829* - Foxit Reader Multiple Information Disclosure Vulnerabilities
1009318 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624)
1009329 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271)
1009489 - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
1009554* - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)


Web Client Internet Explorer/Edge
1009469* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DHCP Client
1009597 - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0726)


DHCP Server
1009542 - Microsoft Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0626)


Database PostgreSQL
1009614 - PostgreSQL Authenticated Arbitrary Remote Code Execution Vulnerability (CVE-2019-9193)


Kubernetes Web UI (Dashboard)
1009493* - Kubernetes Dashboard Authentication Bypass Information Disclosure Vulnerability (CVE-2018-18264)


Microsoft Office
1009635 - Microsoft Office Multiple Security Vulnerabilities (Dec 2018)


Solr Service
1009601* - Apache Solr Remote Code Execution Vulnerability (CVE-2019-0192)


Suspicious Server Application Activity
1009549 - Detected Terminal Services (RDP) Server Traffic - 1


Unix RPC Services
1009543 - Linux 'rpc.statd' Remote Format String Vulnerability (CVE-2000-0666)


Web Application Common
1009560* - Ghostscript Unauthorized Code Execution Vulnerability (CVE-2019-6116) - 1
1009328* - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271) - 1
1009540* - Red Hat Ceph Storage Debug Shell Remote Command Injection (CVE-2018-14649)
1009553* - Sonatype Nexus Repository Manager Remote Code Execution Vulnerability (CVE-2019-7238)
1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)


Web Application PHP Based
1009617 - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
1009631 - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)


Web Client Common
1009624 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8394)
1009625 - Microsoft Windows GDI Remote Code Execution Vulnerability (CVE-2018-8397)
1009595 - Microsoft Windows Runtime Elevation Of Privilege Vulnerability (CVE-2019-0570)
1009296 - Oracle Java Runtime Environment 'JPEGImageEncoderImpl' Remote Heap Buffer Overflow Vulnerability (CVE-2010-0846)
1009556 - RARLAB WinRAR ACE Directory Traversal Vulnerability (CVE-2018-20251)


Web Client Internet Explorer/Edge
1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities


Web Server Apache
1009170* - Apache Server Side Include Cross Site Scripting Vulnerability (CVE-2002-0840)


Web Server Common
1009561 - Kubernetes API Server Denial of Service Vulnerability (CVE-2019-1002100)


Web Server SharePoint
1009535* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009490* - Block Administrative Share - 1 (ATT&CK T1077,T1105)
1005293* - Prevent Windows Administrator User Login Over SMB (ATT&CK T1077)


DHCP Server
1009542* - Microsoft Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0626)


Database PostgreSQL
1009614* - PostgreSQL Authenticated Arbitrary Remote Code Execution Vulnerability (CVE-2019-9193)


Microsoft Office
1009635* - Microsoft Office Multiple Security Vulnerabilities (Dec 2018)


Port Mapper FTP Client
1009558* - Remote File Copy Over FTP (ATT&CK T1105)


Suspicious Server Application Activity
1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1015,T1043,T1076)


Trend Micro OfficeScan
1009608* - Trend Micro Apex One And OfficeScan Directory Traversal Vulnerability (CVE-2019-9489)


Web Application Common
1009621 - Identified Directory Traversal Sequence In HTTP Header


Web Application PHP Based
1009617* - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)


Web Application Tomcat
1009697 - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)


Web Client Common
1009555 - Google Chrome Local File Information Disclosure Vulnerability
1005676* - Identified Download Of XML File With External Entity Reference
1009619 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-0614)


Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
1009561* - Kubernetes API Server Denial of Service Vulnerability (CVE-2019-1002100)


Web Server IIS HTTPS
1009641 - Microsoft IIS HTTP/2 Setting Frames Denial Of Service Vulnerability (ADV190005)


Windows Services RPC Client DCERPC
1008477* - Identified Usage Of WMI Execute Methods - Client (ATT&CK T1047)


Windows Services RPC Server DCERPC
1009478* - Identified Remote Service Creation Over DCE/RPC Protocol (ATT&CK T1050)
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)
1009480* - Identified WMI Query Over DCE/RPC Protocol (ATT&CK T1005)
1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected (ATT&CK T1053)
1007053* - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected (ATT&CK T1053)
1007017* - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected (ATT&CK T1053)


Integrity Monitoring Rules:

1009628 - AppInit DLLs (ATT&CK: T1103)
1009626 - Windows Accessibility Features - ImageFileExecution (ATT&CK: T1015,T1183)


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.