All Vulnerabilities

  • 18-059 (October 30, 2018)
     Publish Date:  05 July 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Database Oracle
    1009342 - Oracle Database DIRECTORY Object Information Disclosure Vulnerability (CVE-2005-0298)


    Suspicious Client Application Activity
    1008756* - Identified Potentially Malicious RAT Traffic - VII


    Unix Samba
    1008847 - Samba Information Disclosure Vulnerability (CVE-2017-15275)


    Web Application Common
    1009350 - Telerik UI for ASP.NET AJAX Multiple Arbitrary File Upload Vulnerabilities (CVE-2017-11357 and CVE-2017-11317)
    1009356 - Telerik UI for ASP.NET AJAX RadAsyncUpload Control Path Traversal Vulnerability (CVE-2014-2217)


    Web Client Common
    1009349 - Microsoft Windows Data Sharing Service Arbitrary File Delete Vulnerability
    1009333* - Microsoft Windows Theme API Remote Code Execution Vulnerability (CVE-2018-8413)


    Web Server Apache
    1006027* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2014-0098)


    Web Server HTTPS
    1008857 - Trend Micro Control Manager Multiple SQL Injection Remote Code Execution Vulnerability (CVE-2018-3604)


    Web Server Miscellaneous
    1005527* - Apache Struts OGNL Expression Injection Vulnerability


    Web Server Oracle
    1009353 - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3245)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 18-060 (November 6, 2018)
     Publish Date:  05 July 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Database Oracle
    1009342* - Oracle Database DIRECTORY Object Information Disclosure Vulnerability (CVE-2005-0298)
    1009306* - Oracle PL/SQL Procedures Arbitrary SQL Command Execution Vulnerability (CVE-2004-1370)


    Trend Micro OfficeScan
    1009034 - Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability (CVE-2018-6231)


    Web Application Common
    1009264* - GitLab Arbitrary File Write Vulnerability (CVE-2018-14364)
    1009350* - Telerik UI for ASP.NET AJAX Multiple Arbitrary File Upload Vulnerabilities (CVE-2017-11357 and CVE-2017-11317)
    1009356* - Telerik UI for ASP.NET AJAX RadAsyncUpload Control Path Traversal Vulnerability (CVE-2014-2217)


    Web Client Common
    1008828* - Speculative Execution Information Disclosure Vulnerabilities (Spectre)


    Web Client Internet Explorer/Edge
    1009384 - Microsoft Internet Explorer 'Tree::Notify_InvalidateDisplay' Null Pointer Dereference Vulnerability


    Web Server Apache
    1009045* - Apache httpd 'mod_cache_socache' Denial Of Service Vulnerability (CVE-2018-1303)


    Web Server HTTPS
    1008857* - Trend Micro Control Manager Multiple SQL Injection Remote Code Execution Vulnerability (CVE-2018-3604)


    Web Server Oracle
    1009358 - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3191)
    1009353* - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3245)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 18-061 (November 13, 2018)
     Publish Date:  05 July 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Microsoft Office
    1009368 - Microsoft Word Remote Code Execution Vulnerability (CVE-2018-8539)


    Web Client Common
    1009366 - Microsoft Outlook Multiple Security Vulnerabilities (Nov-2018)
    1009349* - Microsoft Windows ALPC Elevation Of Privilege Vulnerability (CVE-2018-8584)
    1009378 - Microsoft Windows DirectX Information Disclosure Vulnerability (CVE-2018-8563)
    1009372 - Microsoft Windows Graphics Components Remote Code Execution Vulnerability (CVE-2018-8553)
    1009382 - Microsoft Windows Multiple Security Vulnerabilities (Nov-2018)
    1009369 - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8544)


    Web Client Internet Explorer/Edge
    1009383 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8542)
    1009374 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8555)
    1009375 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8556)
    1009376 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8557)
    1009381 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8588)
    1009371 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8552)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 18-062 (November 20, 2018)
     Publish Date:  05 July 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Java RMI
    1009390 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution Vulnerability (CVE-2016-1000031)


    Trend Micro OfficeScan
    1009034* - Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability (CVE-2018-6231)


    Web Application PHP Based
    1009395 - PHP 'imap_open()' Remote Code Execution Vulnerability


    Web Application Tomcat
    1009388 - Apache Tomcat 'mod_jk' Information Disclosure Vulnerability (CVE-2018-11759)


    Web Client Common
    1009394 - Adobe Acrobat And Reader NTLM SSO Hash Information Disclosure Vulnerability (CVE-2018-15979)
    1009393 - Adobe Flash Player Out Of Bounds Read Vulnerability (CVE-2018-15978)
    1009398 - Adobe Flash Player Type Confusion Vulnerability (CVE-2018-15981)
    1004085* - Heuristic Detection Of Malicious PDF Documents - 3


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 18-069 (December 26, 2018)
     Publish Date:  05 July 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    FTP Server Common
    1000153* - FTP MKD Command
    1000151* - FTP PORT Command


    Java RMI
    1009451 - Java Unserialize Remote Code Execution Vulnerability Over RMI


    Remote Desktop Protocol Server
    1009448 - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt


    Suspicious Client Application Activity
    1009432 - Tildeb Acknowledgment Request


    Suspicious Server Application Activity
    1009433 - Tildeb Knock Request


    Web Application PHP Based
    1009445 - WordPress Authenticated Phar Insecure Deserialization Vulnerability


    Web Client Common
    1009454 - Microsoft Windows MsiAdvertiseProduct ReadFile Unauthorized Access Vulnerability


    Web Server Common
    1009450 - Kubernetes API Proxy Request Handling Privilege Escalation Vulnerability (CVE-2018-1002105)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 19-014 (March 19, 2019)
     Publish Date:  05 July 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Port Mapper FTP Client
    1009558 - Remote File Copy Over FTP


    Suspicious Client Ransomware Activity
    1007581* - Ransomware Lectool
    1007711* - Ransomware XORBAT


    Suspicious Server Ransomware Activity
    1007582* - Ransomware Lectool-1


    Web Application Common
    1009319 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624) - 1
    1009421* - ImageMagick Multiple Security Vulnerabilities (Server) - 25
    1009328 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271) - 1


    Web Client Common
    1009207* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 2
    1009239 - Foxit Reader 'addField' Use-After-Free Remote Code Execution Vulnerability (CVE-2018-9935)
    1008829* - Foxit Reader Multiple Information Disclosure Vulnerabilities
    1009318 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624)
    1009329 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271)
    1009489 - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
    1009554* - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)


    Web Client Internet Explorer/Edge
    1009469* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 19-017 (April 2, 2019)
     Publish Date:  05 July 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DHCP Client
    1009597 - Microsoft Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0726)


    DHCP Server
    1009542 - Microsoft Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0626)


    Database PostgreSQL
    1009614 - PostgreSQL Authenticated Arbitrary Remote Code Execution Vulnerability (CVE-2019-9193)


    Kubernetes Web UI (Dashboard)
    1009493* - Kubernetes Dashboard Authentication Bypass Information Disclosure Vulnerability (CVE-2018-18264)


    Microsoft Office
    1009635 - Microsoft Office Multiple Security Vulnerabilities (Dec 2018)


    Solr Service
    1009601* - Apache Solr Remote Code Execution Vulnerability (CVE-2019-0192)


    Suspicious Server Application Activity
    1009549 - Detected Terminal Services (RDP) Server Traffic - 1


    Unix RPC Services
    1009543 - Linux 'rpc.statd' Remote Format String Vulnerability (CVE-2000-0666)


    Web Application Common
    1009560* - Ghostscript Unauthorized Code Execution Vulnerability (CVE-2019-6116) - 1
    1009328* - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271) - 1
    1009540* - Red Hat Ceph Storage Debug Shell Remote Command Injection (CVE-2018-14649)
    1009553* - Sonatype Nexus Repository Manager Remote Code Execution Vulnerability (CVE-2019-7238)
    1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)


    Web Application PHP Based
    1009617 - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
    1009631 - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)


    Web Client Common
    1009624 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8394)
    1009625 - Microsoft Windows GDI Remote Code Execution Vulnerability (CVE-2018-8397)
    1009595 - Microsoft Windows Runtime Elevation Of Privilege Vulnerability (CVE-2019-0570)
    1009296 - Oracle Java Runtime Environment 'JPEGImageEncoderImpl' Remote Heap Buffer Overflow Vulnerability (CVE-2010-0846)
    1009556 - RARLAB WinRAR ACE Directory Traversal Vulnerability (CVE-2018-20251)


    Web Client Internet Explorer/Edge
    1009640* - Microsoft Edge And Internet Explorer Same Origin Policy Bypass Vulnerabilities


    Web Server Apache
    1009170* - Apache Server Side Include Cross Site Scripting Vulnerability (CVE-2002-0840)


    Web Server Common
    1009561 - Kubernetes API Server Denial of Service Vulnerability (CVE-2019-1002100)


    Web Server SharePoint
    1009535* - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 19-020 (April 16, 2019)
     Publish Date:  05 July 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1009490* - Block Administrative Share - 1 (ATT&CK T1077,T1105)
    1005293* - Prevent Windows Administrator User Login Over SMB (ATT&CK T1077)


    DHCP Server
    1009542* - Microsoft Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0626)


    Database PostgreSQL
    1009614* - PostgreSQL Authenticated Arbitrary Remote Code Execution Vulnerability (CVE-2019-9193)


    Microsoft Office
    1009635* - Microsoft Office Multiple Security Vulnerabilities (Dec 2018)


    Port Mapper FTP Client
    1009558* - Remote File Copy Over FTP (ATT&CK T1105)


    Suspicious Server Application Activity
    1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1015,T1043,T1076)


    Trend Micro OfficeScan
    1009608* - Trend Micro Apex One And OfficeScan Directory Traversal Vulnerability (CVE-2019-9489)


    Web Application Common
    1009621 - Identified Directory Traversal Sequence In HTTP Header


    Web Application PHP Based
    1009617* - WordPress Easy SMTP Plugin Unauthenticated Arbitrary 'wp_options' Import Vulnerability
    1009631* - WordPress Social Warfare Unauthenticated Settings Update Vulnerability (CVE-2019-9978)


    Web Application Tomcat
    1009697 - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)


    Web Client Common
    1009555 - Google Chrome Local File Information Disclosure Vulnerability
    1005676* - Identified Download Of XML File With External Entity Reference
    1009619 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-0614)


    Web Server Common
    1005839* - Identified XML External Entity Injection In HTTP Request
    1009561* - Kubernetes API Server Denial of Service Vulnerability (CVE-2019-1002100)


    Web Server IIS HTTPS
    1009641 - Microsoft IIS HTTP/2 Setting Frames Denial Of Service Vulnerability (ADV190005)


    Windows Services RPC Client DCERPC
    1008477* - Identified Usage Of WMI Execute Methods - Client (ATT&CK T1047)


    Windows Services RPC Server DCERPC
    1009478* - Identified Remote Service Creation Over DCE/RPC Protocol (ATT&CK T1050)
    1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)
    1009480* - Identified WMI Query Over DCE/RPC Protocol (ATT&CK T1005)
    1007054* - Remote Schedule Task 'Create' Through SMBv2 Protocol Detected (ATT&CK T1053)
    1007053* - Remote Schedule Task 'Delete' Through SMBv2 Protocol Detected (ATT&CK T1053)
    1007017* - Remote Schedule Task 'Run' Through SMBv2 Protocol Detected (ATT&CK T1053)


    Integrity Monitoring Rules:

    1009628 - AppInit DLLs (ATT&CK: T1103)
    1009626 - Windows Accessibility Features - ImageFileExecution (ATT&CK: T1015,T1183)


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 19-029 (May 21, 2019)
     Publish Date:  05 July 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1006906* - Identified Usage Of PsExec Command Line Tool


    HP Intelligent Management Center Dbman
    1009043 - HPE Intelligent Management Center 'dbman' FileTrans Arbitrary File Write Vulnerability (CVE-2017-5822)
    1009637 - HPE Intelligent Management Center 'dbman' Stack Buffer Overflow Vulnerability (CVE-2018-7115)


    HP OpenView Network Node Manager Web
    1004280* - HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Buffer Overflow


    Remote Desktop Protocol Server
    1009749* - Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)


    Web Application Common
    1009687 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10218) - 1
    1009691 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10220) - 1
    1009423 - ImageMagick Multiple Security Vulnerabilities (Server) - 26


    Web Client Common
    1009234 - Foxit Reader Multiple Security Vulnerabilities - 7
    1009686 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10218)
    1009690 - Ghostscript Remote Code Execution Vulnerability (CVE-2016-10220)
    1009422 - ImageMagick Multiple Security Vulnerabilities (Client) - 26
    1009539* - Microsoft Windows Multiple GDI Information Disclosure Vulnerabilities (Feb 2019)
    1009582* - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0808)
    1009698 - Microsoft Word Information Disclosure Vulnerability (CVE-2019-0561)


    Web Client Internet Explorer/Edge
    1009411* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8617)
    1009463* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
    1009464* - Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)


    Web Server SAP
    1009715* - SAP Gateway 'gw/acl_mode' Command Injection Vulnerability (10KBLAZE)


    Zoho ManageEngine
    1009399 - Zoho ManageEngine OpManager 'oputilsServlet' Authentication Bypass (CVE-2018-17283)


    Integrity Monitoring Rules:

    1007295* - Application - chrony
    1003168* - Unix - Open Port Monitor


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 19-032 (June 11, 2019)
     Publish Date:  05 July 2019
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DHCP Client
    1009116* - DHCP Client Script Code Execution Vulnerability (CVE-2018-1111) - 1


    DHCP Client - Incoming
    1009114* - DHCP Client Script Code Execution Vulnerability (CVE-2018-1111)


    Mail Server Exim
    1009797 - Exim 'deliver_message' Command Injection Vulnerability (CVE-2019-10149)


    Web Application Common
    1009751 - WordPress PayPal Checkout Payment Gateway Plugin Parameter Tampering Vulnerability (CVE-2019-7441)


    Web Client Common
    1009796 - Adobe Flash Player Out-Of-Bounds Read Vulnerability (CVE-2019-7845)
    1009787 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1024)
    1009788 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1051)
    1009792 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1052)
    1009793 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-1055)
    1009764 - Microsoft Office Security Feature Bypass Vulnerability (CVE-2019-0540)
    1009769 - Microsoft Windows Codecs Library Information Disclosure Vulnerability (CVE-2018-8506)
    1009779 - Microsoft Windows Multiple Security Vulnerabilities (June-2019)
    1009778 - Microsoft Windows Speech API Remote Code Execution Vulnerability (CVE-2019-0985)


    Web Client Internet Explorer/Edge
    1009785 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0989)
    1009786 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0991)
    1009783 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0992)
    1009784 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0993)
    1009789 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1002)
    1009790 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1003)
    1009782 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2019-0990)
    1009794 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2019-1023)
    1009781 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0920)
    1009780 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0988)
    1009791 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-1005)


    Web Server SAP
    1009715* - SAP Gateway 'gw/acl_mode' Command Injection Vulnerability (10KBLAZE)


    Integrity Monitoring Rules:

    1009622 - .bash_profile and .bashrc (ATT&CK: T1156)
    1009629 - AppCert DLLs (ATT&CK: T1182)


    Log Inspection Rules:

    1008670* - Microsoft Windows Security Events - 3