All Vulnerabilities

  • 17-015 (April 11, 2017)
     Publish Date:  12 avril 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services - Client
    1008284 - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197)
    1008201 - Microsoft Windows DLL Loading Vulnerability Over Network Share (CVE-2016-0100)


    DNS Server
    1008188 - PowerDNS Authoritative Server Dot Character Denial Of Service Vulnerability (CVE-2016-5427)


    Directory Server LDAP
    1008278 - Microsoft LDAP Elevation Of Privilege Vulnerability (CVE-2017-0166)


    FTP Server ProFTPD
    1006743* - ProFTPD Remote Command Execution Vulnerability (CVE-2015-3306)


    HP OpenView
    1008256 - HP Data Protector EXEC_SETUP Remote Code Execution Vulnerability (CVE-2011-0922)


    Microsoft Office
    1004311* - Identified Suspicious Microsoft PowerPoint Document


    Suspicious Client Ransomware Activity
    1007705* - Ransomware Network Traffic - 2
    1007706* - Ransomware Network Traffic - 3


    Web Application Common
    1008205 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049)
    1008190 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677)


    Web Application PHP Based
    1008143 - Joomla Media Manager Privilege Escalation Vulnerability (CVE-2013-5576)
    1008146 - WordPress UserPro Plugin Remote File Upload Vulnerability


    Web Application Ruby Based
    1008181 - Ruby On Rails Action Pack Remote Code Execution Vulnerability (CVE-2016-2098)


    Web Client Common
    1004593* - Heuristic Detection Of Malicious PDF Documents - 2
    1008297 - Identified Suspicious RTF File With Obfuscated Powershell Execution
    1008206 - ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability (CVE-2016-10049) - 1
    1008189 - ImageMagick ImageFile MagickCore Buffer Overflow Vulnerability (CVE-2016-8677) - 1
    1008292 - Microsoft Office DLL Loading Vulnerability Over WebDAV (CVE-2017-0197)
    1008283 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-0194)
    1008282 - Microsoft Windows ATMFD.dll Information Disclosure Vulnerability (CVE-2017-0192)
    1008202 - Microsoft Windows DLL Loading Vulnerability Over WebDAV (CVE-2016-0100)
    1008238* - Microsoft Windows GDI+ Information Disclosure vulnerability (CVE-2017-0060)
    1008241* - Microsoft Windows GDI+ Remote Code Execution Vulnerability (CVE-2017-0108)
    1008169* - Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0014)
    1008274 - Microsoft Windows Multiple Security Vulnerabilities (April-2017)
    1008168* - Microsoft Windows PDF Library Memory Corruption Vulnerability (CVE-2017-0023)
    1008247* - Microsoft Windows Registry Elevation Of Privilege Vulnerability (CVE-2017-0103)
    1008235* - Microsoft Windows Uniscribe Multiple Remote Code Execution Vulnerabilities (MS17-011) - 2
    1008285 - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)
    1008175 - Oracle Java Runtime Environment Use After Free Remote Code Execution Vulnerability (CVE-2016-5568)
    1008295 - Restrict Microsoft Word RTF File With Embedded OLE2link Object


    Web Client Internet Explorer/Edge
    1007662* - Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
    1008286 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200)
    1008290 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0205)
    1008291 - Microsoft Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-0208)
    1008217* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0071)
    1008218* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0094)
    1008153* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)
    1008152* - Microsoft Internet Explorer And Edge Spoofing Vulnerability (CVE-2017-0033)
    1008294 - Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2017-0210)
    1008208* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0059)
    1008288 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-0202)
    1008275 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0158)
    1008287 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-0201)
    1008174* - Microsoft Windows DirectShow Information Disclosure Vulnerability (CVE-2017-0042)


    Web Server Miscellaneous
    1004911* - Apache Struts2 Multiple Vulnerabilities
    1008130 - Oracle Application Testing Suite Multiple Security Vulnerabilities
    1008142 - Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability (CVE-2016-0491)


    Web Server Oracle
    1007968 - Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization Vulnerability (CVE-2013-2186)


    Integrity Monitoring Rules:

    1008271 - Application - Docker


    Log Inspection Rules:

    1008145 - Web Server - Nginx
    1002835* - Web Server - Web Access Events
  • 17-014 (March 28, 2017)
     Publish Date:  29 mars 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007596* - Identified Possible Ransomware File Extension Rename Activity Over Network Share
    1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
    1008225* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0145)
    1008228* - Microsoft Windows SMB Remote Code Execution Vulnerability (CVE-2017-0148)


    DCERPC Services - Client
    1007913* - Identified Possible Ransomware File Extension Rename Activity Over Network Share - Client


    Suspicious Client Application Activity
    1005067* - Identified Potentially Harmful Client Traffic


    Suspicious Server Application Activity
    1005090* - Identified Potentially Harmful Server Traffic


    Web Application PHP Based
    1008193 - PHP exif_convert_any_to_int Denial Of Service Vulnerability (CVE-2016-10158)
    1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)


    Web Client Common
    1008255 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0061)
    1008254 - Microsoft Color Management Information Disclosure Vulnerability (CVE-2017-0063)
    1008252 - Microsoft Windows Uniscribe Information Disclosure Vulnerability (CVE-2017-0085)
    1008067* - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
    1008253 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0084)


    Web Client Internet Explorer/Edge
    1008211* - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-0065)
    1008156* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0010)


    Web Server Apache
    1008117 - Apache Subversion mod_authz_svn Module Denial Of Service Vulnerability (CVE-2016-2168)


    Web Server Common
    1008194 - Oracle Java SE Remote Security Vulnerability (CVE-2017-3241)


    Web Server IIS
    1008266 - Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability (CVE-2017-7269)


    Web Server Miscellaneous
    1008178 - Novell Service Desk clientImportUploadForm Directory Traversal Vulnerability (CVE-2016-1593)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-013 (March 21, 2017)
     Publish Date:  22 mars 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DNS Client
    1008180* - ISC BIND Inconsistent DS Record Assertion Failure Denial Of Service Vulnerability (CVE-2016-9444)
    1008136* - ISC BIND RRSIG Record Response Assertion Failure Denial Of Service (CVE-2016-9147)


    NTP Server Linux
    1007741* - NTP Crypto-NAK Packets Symmetric Association Authentication Bypass Vulnerability (CVE-2015-7871)


    Web Application PHP Based
    1008125* - Joomla Denial Of Service Vulnerability (CVE-2013-3242)
    1008135* - PHP Exif Null Pointer Dereference Vulnerability (CVE-2016-6292)
    1008037* - PHP GC Use After Free Vulnerability (CVE-2016-5771)
    1008144* - PHP Remote Code Execution Vulnerability (CVE-2017-5340)
    1008131* - PHP Unserialize() ZVAL Reference Counter Overflow Vulnerability (CVE-2007-1286)
    1007289* - PHP cURL Lib NULL Byte Injection Vulnerability
    1008182* - PHP phar_parse_pharfile Integer Overflow Vulnerability (CVE-2016-10159)
    1008148 - WordPress Ninja Forms Unauthenticated File Upload Vulnerability (CVE-2016-1209)
    1003085* - WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting
    1008186* - phpMyAdmin Authenticated Remote Code Execution Vulnerability (CVE-2013-3238)


    Web Client Common
    1008251 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-07)
    1004335* - Apple QuickTime 'QuickTimeStreaming.qtx' Remote Stack Buffer Overflow
    1008107 - Oracle Java Remote Code Execution Vulnerability (CVE-2016-3598)


    Web Client Internet Explorer/Edge
    1008149* - Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2017-0008)


    Web Server Adobe ColdFusion
    1008113* - Adobe ColdFusion OOXML XXE Information Disclosure Vulnerability (CVE-2016-4264)


    Web Server HTTPS
    1008137 - Identified TLS/SSL DES Cipher Suite Is Being Supported


    Web Server Miscellaneous
    1008104* - Apache ActiveMQ Multiple Remote Code Execution Vulnerabilities (CVE-2016-3088)
    1008207* - Apache Struts2 Remote Code Execution Vulnerability (CVE-2017-5638)
    1008141* - Jetty Path Sanitization Vulnerability (CVE-2016-4800)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.
  • A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.
  • A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.
  • A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.
  • A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.
  • A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user's system.
  • A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in memory. An attacker who successfully exploited these vulnerabilities could obtain information to further compromise the user’s system.