Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1012075* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability Over SMB (CVE-2024-38112)
Ivanti Avalanche
1012053* - Ivanti Avalanche Directory Traversal Vulnerability (CVE-2024-24994)
Ivanti Endpoint Manager
1012149 - Ivanti Endpoint Manager Multiple SQL Injection Vulnerabilities - 1
Kubernetes API Server
1012151 - Kubernetes Ingress-Nginx Command Injection Vulnerability (CVE-2024-7646)
PaperCut
1012041* - PaperCut NG And MF Reflected Cross-Site Scripting Vulnerability (CVE-2024-1883)
SAP NetWeaver Java Application Server
1012085* - SAP NetWeaver AS JAVA SQL Injection Vulnerability (CVE-2016-2386)
SolarWinds Dameware Web Help Desk
1012127* - SolarWinds Dameware Web Help Desk Deserialization Remote Code Execution Vulnerability (CVE-2024-28986)
Web Server HTTPS
1011980* - Centreon SQL Injection Vulnerability (CVE-2024-23119)
1012081* - Centreon SQL Injection Vulnerability (CVE-2024-32501 and CVE-2024-5723)
1012092* - Progress WhatsUp Gold Path Traversal Vulnerability (CVE-2024-5018)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
DCERPC Services - Client
1012075* - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability Over SMB (CVE-2024-38112)
Ivanti Avalanche
1012053* - Ivanti Avalanche Directory Traversal Vulnerability (CVE-2024-24994)
Ivanti Endpoint Manager
1012149 - Ivanti Endpoint Manager Multiple SQL Injection Vulnerabilities - 1
Kubernetes API Server
1012151 - Kubernetes Ingress-Nginx Command Injection Vulnerability (CVE-2024-7646)
PaperCut
1012041* - PaperCut NG And MF Reflected Cross-Site Scripting Vulnerability (CVE-2024-1883)
SAP NetWeaver Java Application Server
1012085* - SAP NetWeaver AS JAVA SQL Injection Vulnerability (CVE-2016-2386)
SolarWinds Dameware Web Help Desk
1012127* - SolarWinds Dameware Web Help Desk Deserialization Remote Code Execution Vulnerability (CVE-2024-28986)
Web Server HTTPS
1011980* - Centreon SQL Injection Vulnerability (CVE-2024-23119)
1012081* - Centreon SQL Injection Vulnerability (CVE-2024-32501 and CVE-2024-5723)
1012092* - Progress WhatsUp Gold Path Traversal Vulnerability (CVE-2024-5018)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Arcserve Unified Data Protection
1012077* - Arcserve Unified Data Protection Remote Code Execution Vulnerability (CVE-2023-26258)
Ivanti Endpoint Manager
1012154 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32842)
1012155 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32845)
1012156 - Ivanti Endpoint Manager XML External Entity Information Disclosure Vulnerability (CVE-2024-37397)
SolarWinds Access Rights Manager
1012124 - SolarWinds Access Rights Manager Directory Traversal Vulnerability (CVE-2024-28992)
Web Application PHP Based
1012125* - OpenCart Directory Traversal Vulnerability (CVE-2024-21518)
Web Server HTTPS
1012068* - Ivanti Endpoint Manager Multiple SQL Injection Vulnerabilities (CVE-2024-29828 & CVE-2024-29829)
1012049* - SolarWinds Access Rights Manager Insecure Deserialization Vulnerability (CVE-2024-23478)
Web Server Oracle
1012098* - Oracle WebLogic Server Information Disclosure Vulnerability (CVE-2024-21006)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Arcserve Unified Data Protection
1012077* - Arcserve Unified Data Protection Remote Code Execution Vulnerability (CVE-2023-26258)
Ivanti Endpoint Manager
1012154 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32842)
1012155 - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-32845)
1012156 - Ivanti Endpoint Manager XML External Entity Information Disclosure Vulnerability (CVE-2024-37397)
SolarWinds Access Rights Manager
1012124 - SolarWinds Access Rights Manager Directory Traversal Vulnerability (CVE-2024-28992)
Web Application PHP Based
1012125* - OpenCart Directory Traversal Vulnerability (CVE-2024-21518)
Web Server HTTPS
1012068* - Ivanti Endpoint Manager Multiple SQL Injection Vulnerabilities (CVE-2024-29828 & CVE-2024-29829)
1012049* - SolarWinds Access Rights Manager Insecure Deserialization Vulnerability (CVE-2024-23478)
Web Server Oracle
1012098* - Oracle WebLogic Server Information Disclosure Vulnerability (CVE-2024-21006)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Unix CUPS Client
1012160 - CUPS Remote Code Execution Vulnerability (CVE-2024-47076)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Unix CUPS Client
1012160 - CUPS Remote Code Execution Vulnerability (CVE-2024-47076)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Nifi
1012122* - Apache NiFi Stored Cross-Site Scripting Vulnerability (CVE-2024-37389)
Progress WhatsUp Gold WCF service
1012129 - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-4885)
Web Application PHP Based
1012148 - SPIP Remote Code Execution Vulnerability (CVE-2024-7954)
1012126* - WordPress 'SEO' Plugin SQL Injection Vulnerability (CVE-2024-6497)
1012104* - phpMyAdmin SQL Injection Vulnerability (CVE-2019-11768)
Web Server HTTPS
1012130 - Cacti Stored Cross-Site Scripting Vulnerability (CVE-2024-31444)
1012116* - Progress WhatsUp Gold Remote Code Execution Vulnerability (CVE-2024-5008)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache Nifi
1012122* - Apache NiFi Stored Cross-Site Scripting Vulnerability (CVE-2024-37389)
Progress WhatsUp Gold WCF service
1012129 - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-4885)
Web Application PHP Based
1012148 - SPIP Remote Code Execution Vulnerability (CVE-2024-7954)
1012126* - WordPress 'SEO' Plugin SQL Injection Vulnerability (CVE-2024-6497)
1012104* - phpMyAdmin SQL Injection Vulnerability (CVE-2019-11768)
Web Server HTTPS
1012130 - Cacti Stored Cross-Site Scripting Vulnerability (CVE-2024-31444)
1012116* - Progress WhatsUp Gold Remote Code Execution Vulnerability (CVE-2024-5008)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
SolarWinds Dameware Web Help Desk
1012127* - SolarWinds Dameware Web Help Desk Deserialization Remote Code Execution Vulnerability (CVE-2024-28986)
Web Application PHP Based
1012121* - LibreNMS SQL Injection Vulnerability (CVE-2024-32480)
1012106 - WordPress 'Hash Form' Plugin Arbitrary File Upload Vulnerability (CVE-2024-5084)
1012146 - WordPress 'Porto' Theme Local File Inclusion Vulnerability (CVE-2024-3806 and CVE-2024-3807)
Web Server HTTPS
1012131 - Dolibarr ERP And CRM Reflected Cross-Site Scripting Vulnerability (CVE-2024-34051)
1012139 - Progress WhatsUp Gold SQL Injection Vulnerability (CVE-2024-6672)
Web Server Miscellaneous
1012132* - XWiki Cross-Site Scripting Vulnerability (CVE-2024-37900)
1012138 - XWiki Server-Side Template Injection Vulnerability (CVE-2024-37901)
Web Server SharePoint BDC
1012113* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2024-38023)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
SolarWinds Dameware Web Help Desk
1012127* - SolarWinds Dameware Web Help Desk Deserialization Remote Code Execution Vulnerability (CVE-2024-28986)
Web Application PHP Based
1012121* - LibreNMS SQL Injection Vulnerability (CVE-2024-32480)
1012106 - WordPress 'Hash Form' Plugin Arbitrary File Upload Vulnerability (CVE-2024-5084)
1012146 - WordPress 'Porto' Theme Local File Inclusion Vulnerability (CVE-2024-3806 and CVE-2024-3807)
Web Server HTTPS
1012131 - Dolibarr ERP And CRM Reflected Cross-Site Scripting Vulnerability (CVE-2024-34051)
1012139 - Progress WhatsUp Gold SQL Injection Vulnerability (CVE-2024-6672)
Web Server Miscellaneous
1012132* - XWiki Cross-Site Scripting Vulnerability (CVE-2024-37900)
1012138 - XWiki Server-Side Template Injection Vulnerability (CVE-2024-37901)
Web Server SharePoint BDC
1012113* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2024-38023)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Client Common
1012141 - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)
1012142 - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461) - 1
Web Server Adobe ColdFusion
1012140 - Adobe ColdFusion Deserialization Of Untrusted Data Vulnerability (CVE-2024-41874)
Web Server HTTPS
1012093* - Cacti SQL Injection Vulnerability (CVE-2024-31445)
1012107* - Cacti SQL Injection Vulnerability (CVE-2024-31458)
1012099* - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-5019)
1012079* - SolarWinds Serv-U Directory Traversal Vulnerability (CVE-2024-28995)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Client Common
1012141 - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)
1012142 - Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461) - 1
Web Server Adobe ColdFusion
1012140 - Adobe ColdFusion Deserialization Of Untrusted Data Vulnerability (CVE-2024-41874)
Web Server HTTPS
1012093* - Cacti SQL Injection Vulnerability (CVE-2024-31445)
1012107* - Cacti SQL Injection Vulnerability (CVE-2024-31458)
1012099* - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-5019)
1012079* - SolarWinds Serv-U Directory Traversal Vulnerability (CVE-2024-28995)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Nifi
1012122 - Apache NiFi Stored Cross-Site Scripting Vulnerability (CVE-2024-37389)
DHCP Failover Protocol Server
1012136 - Microsoft Windows DHCP Server Denial of Service Vulnerability (CVE-2024-30070)
Openfire Jabber Server
1011841* - Openfire Authentication Bypass Vulnerability (CVE-2023-32315)
Progress Telerik Reporting
1012042* - Progress Telerik Report Server Insecure Deserialization Vulnerability (CVE-2024-1800)
Web Application PHP Based
1012104 - phpMyAdmin SQL Injection Vulnerability (CVE-2019-11768)
Web Client Common
1012109* - Microsoft Windows LNK NTLM Spoofing Vulnerability Over HTTP (CVE-2024-30081)
Web Server HTTPS
1012128 - GitLab Denial of Service Vulnerability (CVE-2024-2874)
1012119 - Progress WhatsUp Gold Denial Of Service Vulnerability (CVE-2024-5011)
Web Server Miscellaneous
1012055* - Atlassian Confluence Data Center and Server Remote Code Execution Vulnerability (CVE-2024-21683)
1012033* - XWiki Code Injection Vulnerability (CVE-2024-31465)
Web Server Oracle
1010171* - Oracle Weblogic Server Insecure Deserialization Vulnerability (CVE-2020-2551)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Apache Nifi
1012122 - Apache NiFi Stored Cross-Site Scripting Vulnerability (CVE-2024-37389)
DHCP Failover Protocol Server
1012136 - Microsoft Windows DHCP Server Denial of Service Vulnerability (CVE-2024-30070)
Openfire Jabber Server
1011841* - Openfire Authentication Bypass Vulnerability (CVE-2023-32315)
Progress Telerik Reporting
1012042* - Progress Telerik Report Server Insecure Deserialization Vulnerability (CVE-2024-1800)
Web Application PHP Based
1012104 - phpMyAdmin SQL Injection Vulnerability (CVE-2019-11768)
Web Client Common
1012109* - Microsoft Windows LNK NTLM Spoofing Vulnerability Over HTTP (CVE-2024-30081)
Web Server HTTPS
1012128 - GitLab Denial of Service Vulnerability (CVE-2024-2874)
1012119 - Progress WhatsUp Gold Denial Of Service Vulnerability (CVE-2024-5011)
Web Server Miscellaneous
1012055* - Atlassian Confluence Data Center and Server Remote Code Execution Vulnerability (CVE-2024-21683)
1012033* - XWiki Code Injection Vulnerability (CVE-2024-31465)
Web Server Oracle
1010171* - Oracle Weblogic Server Insecure Deserialization Vulnerability (CVE-2020-2551)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
MLflow
1012096 - MLflow Path Traversal Vulnerability (CVE-2023-6909)
Progress WhatsUp Gold WCF service
1012123 - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5015)
Web Client Common
1012114 - Microsoft Windows Themes Spoofing Vulnerability (CVE-2024-38030)
Web Server HTTPS
1012083* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2023-6371)
1012100* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-29823)
1012116 - Progress WhatsUp Gold Remote Code Execution Vulnerability (CVE-2024-5008)
1012118 - Progress WhatsUp Gold Unrestricted File Upload Vulnerability (CVE-2024-4884)
Web Server Miscellaneous
1012047* - XWiki Code Injection Vulnerability (CVE-2024-31997)
1012132 - XWiki Cross-Site Scripting Vulnerability (CVE-2024-37900)
Web Server SharePoint BDC
1012135 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2024-38024)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
MLflow
1012096 - MLflow Path Traversal Vulnerability (CVE-2023-6909)
Progress WhatsUp Gold WCF service
1012123 - Progress WhatsUp Gold Information Disclosure Vulnerability (CVE-2024-5015)
Web Client Common
1012114 - Microsoft Windows Themes Spoofing Vulnerability (CVE-2024-38030)
Web Server HTTPS
1012083* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2023-6371)
1012100* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-29823)
1012116 - Progress WhatsUp Gold Remote Code Execution Vulnerability (CVE-2024-5008)
1012118 - Progress WhatsUp Gold Unrestricted File Upload Vulnerability (CVE-2024-4884)
Web Server Miscellaneous
1012047* - XWiki Code Injection Vulnerability (CVE-2024-31997)
1012132 - XWiki Cross-Site Scripting Vulnerability (CVE-2024-37900)
Web Server SharePoint BDC
1012135 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2024-38024)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP Intelligent Management Center (IMC)
1012103 - Apache OFBiz Directory Traversal Vulnerability (CVE-2024-32113 and CVE-2024-36104)
PaperCut
1012082* - PaperCut NG and MF Remote Code Execution Vulnerability (CVE-2024-1882)
Progress WhatsUp Gold WCF service
1012117 - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-4883)
SolarWinds Dameware Web Help Desk
1012127* - SolarWinds Dameware Web Help Desk Deserialization Remote Code Execution Vulnerability (CVE-2024-28986)
Web Application Common
1012110 - GeoServer Remote Code Execution Vulnerability (CVE-2024-36401)
1011998* - Kafka UI Remote Code Execution Vulnerability (CVE-2023-52251)
Web Application PHP Based
1012121 - LibreNMS SQL Injection Vulnerability (CVE-2024-32480)
1012125 - OpenCart Directory Traversal Vulnerability (CVE-2024-21518)
1012126 - WordPress 'SEO' Plugin SQL Injection Vulnerability (CVE-2024-6497)
Web Server HTTPS
1012089* - GitLab Regular Expression Denial of Service Vulnerability (CVE-2024-2829)
1012088* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-29826)
1012084* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-29830)
Web Server Miscellaneous
1012043* - XWiki Code Injection Vulnerability (CVE-2024-31984)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
HP Intelligent Management Center (IMC)
1012103 - Apache OFBiz Directory Traversal Vulnerability (CVE-2024-32113 and CVE-2024-36104)
PaperCut
1012082* - PaperCut NG and MF Remote Code Execution Vulnerability (CVE-2024-1882)
Progress WhatsUp Gold WCF service
1012117 - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-4883)
SolarWinds Dameware Web Help Desk
1012127* - SolarWinds Dameware Web Help Desk Deserialization Remote Code Execution Vulnerability (CVE-2024-28986)
Web Application Common
1012110 - GeoServer Remote Code Execution Vulnerability (CVE-2024-36401)
1011998* - Kafka UI Remote Code Execution Vulnerability (CVE-2023-52251)
Web Application PHP Based
1012121 - LibreNMS SQL Injection Vulnerability (CVE-2024-32480)
1012125 - OpenCart Directory Traversal Vulnerability (CVE-2024-21518)
1012126 - WordPress 'SEO' Plugin SQL Injection Vulnerability (CVE-2024-6497)
Web Server HTTPS
1012089* - GitLab Regular Expression Denial of Service Vulnerability (CVE-2024-2829)
1012088* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-29826)
1012084* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-29830)
Web Server Miscellaneous
1012043* - XWiki Code Injection Vulnerability (CVE-2024-31984)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
CentOS Web Panel
1012095 - CentOS Web Panel Arbitrary File Write Vulnerability (CVE-2021-45466)
1012071 - CentOS Web Panel File Inclusion Vulnerability (CVE-2021-45467)
HP Intelligent Management Center (IMC)
1012120 - Apache OFBiz Authentication Bypass Vulnerability (CVE-2024-38856)
SolarWinds Dameware Web Help Desk
1012127 - SolarWinds Dameware Web Help Desk Zero Day Initiative Vulnerability (ZDI-CAN-25136)
Splunk Enterprise
1012108 - Splunk Enterprise Directory Traversal Vulnerability (CVE-2024-36991)
Web Application Common
1012079* - SolarWinds Serv-U Directory Traversal Vulnerability (CVE-2024-28995)
Web Application PHP Based
1012073* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2024-32479)
1012097 - LibreNMS SQL Injection Vulnerability (CVE-2024-32461)
Web Client Common
1012109 - Microsoft Windows LNK NTLM Spoofing Vulnerability Over HTTP (CVE-2024-30081)
Web Server HTTPS
1012093 - Cacti SQL Injection Vulnerability (CVE-2024-31445)
1012107 - Cacti SQL Injection Vulnerability (CVE-2024-31458)
1012112 - GitLab Denial Of Service Vulnerability (CVE-2024-2651)
1012105 - GitLab Regular Expression Denial Of Service Vulnerability (CVE-2024-2878)
1012087* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-29822 and CVE-2024-29824)
1012099 - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-5019)
1012092* - Progress WhatsUp Gold Path Traversal Vulnerability (CVE-2024-5018)
Web Server Miscellaneous
1012111 - Apache JSPWiki Stored Cross-Site Scripting Vulnerability (CVE-2024-27136)
1012048* - GitLab Cross-Site Scripting Vulnerability (CVE-2024-1451)
1012017* - Identified Restricted file upload with specific extension
Web Server Rejetto
1012086 - Rejetto HTTP File Server (HFS) Server Side Template Injection Vulnerability (CVE-2024-23692)
Web Server SharePoint BDC
1012113 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2024-38023)
Zabbix Server
1012090 - Zabbix SQL Injection Vulnerability (CVE-2024-22120)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
CentOS Web Panel
1012095 - CentOS Web Panel Arbitrary File Write Vulnerability (CVE-2021-45466)
1012071 - CentOS Web Panel File Inclusion Vulnerability (CVE-2021-45467)
HP Intelligent Management Center (IMC)
1012120 - Apache OFBiz Authentication Bypass Vulnerability (CVE-2024-38856)
SolarWinds Dameware Web Help Desk
1012127 - SolarWinds Dameware Web Help Desk Zero Day Initiative Vulnerability (ZDI-CAN-25136)
Splunk Enterprise
1012108 - Splunk Enterprise Directory Traversal Vulnerability (CVE-2024-36991)
Web Application Common
1012079* - SolarWinds Serv-U Directory Traversal Vulnerability (CVE-2024-28995)
Web Application PHP Based
1012073* - LibreNMS Cross-Site Scripting Vulnerability (CVE-2024-32479)
1012097 - LibreNMS SQL Injection Vulnerability (CVE-2024-32461)
Web Client Common
1012109 - Microsoft Windows LNK NTLM Spoofing Vulnerability Over HTTP (CVE-2024-30081)
Web Server HTTPS
1012093 - Cacti SQL Injection Vulnerability (CVE-2024-31445)
1012107 - Cacti SQL Injection Vulnerability (CVE-2024-31458)
1012112 - GitLab Denial Of Service Vulnerability (CVE-2024-2651)
1012105 - GitLab Regular Expression Denial Of Service Vulnerability (CVE-2024-2878)
1012087* - Ivanti Endpoint Manager SQL Injection Vulnerability (CVE-2024-29822 and CVE-2024-29824)
1012099 - Progress WhatsUp Gold Directory Traversal Vulnerability (CVE-2024-5019)
1012092* - Progress WhatsUp Gold Path Traversal Vulnerability (CVE-2024-5018)
Web Server Miscellaneous
1012111 - Apache JSPWiki Stored Cross-Site Scripting Vulnerability (CVE-2024-27136)
1012048* - GitLab Cross-Site Scripting Vulnerability (CVE-2024-1451)
1012017* - Identified Restricted file upload with specific extension
Web Server Rejetto
1012086 - Rejetto HTTP File Server (HFS) Server Side Template Injection Vulnerability (CVE-2024-23692)
Web Server SharePoint BDC
1012113 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2024-38023)
Zabbix Server
1012090 - Zabbix SQL Injection Vulnerability (CVE-2024-22120)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more