All Vulnerabilities

  • 22-005 (February 1, 2022)
     Publish date:  02 de febrero de 2022
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Unix Samba
    1011294 - Samba AppleDouble Remote Code Execution Vulnerability (CVE-2021-44142)


    Web Application PHP Based
    1011286 - WordPress 'True Ranker' Plugin Directory Traversal Vulnerability (CVE-2021-39312)
    1011285* - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)


    Web Server Common
    1010175* - Cross-Site Scripting (XSS) Decoder


    Web Server HTTPS
    1011290 - Apache HTTP Server 'mod_proxy' NULL Pointer Dereference Vulnerability (CVE-2021-44224)


    Web Server Miscellaneous
    1011288 - Ivanti Avalanche Enterprise Service Command Injection Vulnerability (CVE-2021-42129)


    Integrity Monitoring Rules:

    1002771* - Linux/Unix - File permissions in the /var/log directory modified (ATT&CK T1222.002)


    Log Inspection Rules:

    1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
    1002831* - Unix - Syslog
  • 22-004 (January 25, 2022)
     Publish date:  26 de enero de 2022
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    H2 Database
    1011281 - H2 Database Console JNDI Injection Vulnerability (CVE-2021-42392)


    LDAP Client
    1011269 - Identified Java Code Download Attempt Over LDAP


    Web Application Common
    1011103* - PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)


    Web Application PHP Based
    1011278* - October CMS Security Bypass Vulnerability (CVE-2021-32648)
    1011266* - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
    1011264* - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
    1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)
    1011283 - WordPress 'Wp-Stats-Manager' Plugin SQL Injection Vulnerability (CVE-2021-24750)


    Web Server Common
    1011279 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046) - 1
    1011274* - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
    1011262* - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)
    1011285 - WordPress Core 'WP_Query' SQL Injection Vulnerability (CVE-2022-21661)


    Web Server HTTPS
    1011247* - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22238)


    Web Server Miscellaneous
    1011253 - Jenkins 'Active Choices' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21699)
    1011163* - Spring Boot Actuator Directory Traversal Vulnerability (CVE-2021-21234)


    Zoho ManageEngine
    1011284 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37918)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 22-003 (January 18, 2022)
     Publish date:  19 de enero de 2022
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Mail Server Common
    1010001* - Dovecot And Pigeonhole Remote Code Execution Vulnerability (CVE-2019-11500)


    Web Application PHP Based
    1011278 - October CMS Security Bypass Vulnerability (CVE-2021-32648)


    Web Application Ruby Based
    1011231* - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)


    Web Client Common
    1011276 - Adobe Acrobat And Reader Improper Access Control Vulnerability (CVE-2021-44702)
    1011275 - Adobe Acrobat And Reader Improper Input Validation Vulnerability (CVE-2021-44739)
    1011277 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB22-01)


    Web Server Apache
    1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


    Web Server Common
    1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
    1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
    1011270 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) - 1
    1011274 - Microsoft Windows HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907)
    1011262 - SuiteCRM Remote Code Execution Vulnerability (CVE-2021-42840)


    Web Server HTTPS
    1011247 - GitLab Stored Cross-Site Scripting Vulnerability (CVE-2021-22238)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1011273 - Microsoft Windows Firewall Events
    1011250* - Web Server - Apache - 2
  • 22-002 (January 11, 2022)
     Publish date:  12 de enero de 2022
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Linux Kernel TIPC
    1011263 - Linux Kernel TIPC Heap Buffer Overflow Vulnerability (CVE-2021-43267)


    SolarWinds Network Performance Monitor
    1011230* - SolarWinds Patch Manager 'WSAsyncExecuteTasks' Deserialization Vulnerability (CVE-2021-35217)


    Web Application Common
    1011259* - Dolibarr ERP And CRM Command Injection Vulnerability (CVE-2021-33816)
    1011258* - Dolibarr ERP And CRM Stored Cross-Site Scripting Vulnerability (CVE-2021-33618)
    1011198* - Strapi Framework Remote Code Execution Vulnerability (CVE-2019-19609)


    Web Application PHP Based
    1011266 - WordPress 'All-In-One-Seo-Pack' Plugin Remote Code Execution Vulnerability (CVE-2021-24307)
    1011252* - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)
    1011261 - WordPress 'DZS Zoomsounds' Plugin Directory Traversal Vulnerability (CVE-2021-39316)
    1011264 - WordPress 'Popular Posts' Plugin Arbitrary File Upload Vulnerability (CVE-2021-42362)
    1011013* - WordPress 'Stop Spammers' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24245)
    1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
    1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)


    Web Application Ruby Based
    1011243* - Grafana Path Traversal Vulnerability (CVE-2021-43798)


    Web Client Common
    1011032* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-51)


    Web Server Common
    1011245* - Apache APISIX 'uri-block' Plugin Path Traversal Vulnerability (CVE-2021-43557)
    1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
    1011265 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-45046)


    Web Server HTTPS
    1011196* - ACME mini_httpd Server Arbitrary File Read Vulnerability (CVE-2018-18778)


    Web Server Miscellaneous
    1011256* - Jenkins 'Artifact Repository Parameter' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21622)


    Web Server SharePoint
    1011233* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-40487)


    Windows SMB Server
    1011251* - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over SMB (CVE-2021-42278)


    Zoho ManageEngine
    1011248* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)
    1011257* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37921)
    1011255* - Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 22-001 (January 4, 2022)
     Publish date:  05 de enero de 2022
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application Common
    1011259 - Dolibarr ERP And CRM Command Injection Vulnerability (CVE-2021-33816)
    1011258 - Dolibarr ERP And CRM Stored Cross-Site Scripting Vulnerability (CVE-2021-33618)


    Web Application PHP Based
    1011252 - WordPress 'Catch Themes Demo Import' Plugin Remote Code Execution Vulnerability (CVE-2021-39352)


    Web Server Common
    1011245 - Apache APISIX 'uri-block' Plugin Path Traversal Vulnerability (CVE-2021-43557)
    1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228 and CVE-2021-45046)


    Web Server Miscellaneous
    1011256 - Jenkins 'Artifact Repository Parameter' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-21622)


    Web Server Oracle
    1008317* - Oracle WebLogic JBoss Interceptors Deserialization Of Untrusted Data Vulnerability (CVE-2016-3510)


    Zoho ManageEngine
    1011257 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37921)
    1011255 - Zoho ManageEngine ServiceDesk Plus Authentication Bypass Vulnerability (CVE-2021-37415)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1008670* - Microsoft Windows Security Events - 3
  • 21-058 (December 17, 2021)
     Publish date:  20 de diciembre de 2021
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Server Common
    1011249 - Apache Log4j Denial of Service Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 21-057 (December 15, 2021)
     Publish date:  17 de diciembre de 2021
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Server Common
    1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 21-056 (December 14, 2021)
     Publish date:  17 de diciembre de 2021
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Apache Storm Nimbus
    1011236 - Apache Storm Command Injection Vulnerability (CVE-2021-38294)


    SolarWinds Network Performance Monitor
    1011229 - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
    1011221 - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)


    Web Application Ruby Based
    1011243 - Grafana Path Traversal Vulnerability (CVE-2021-43798)


    Web Client Common
    1011240 - Chromium Memory Corruption Vulnerability (CVE-2021-21118)
    1011244 - Chromium Sandbox Bypass Vulnerability (CVE-2021-21132)
    1011239 - Google Chrome Type Confusion Vulnerability (CVE-2021-30588)
    1011238 - Google Chrome Use After Free Vulnerability (CVE-2020-15994)


    Web Server Common
    1011242* - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


    Web Server SharePoint
    1011224 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)


    Web Server Squid
    1011234 - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)


    Zoho ManageEngine
    1011237 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)


    Integrity Monitoring Rules:

    1010856* - Linux/Unix - Static boot loader files modified (ATT&CK T1542)


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 21-055 (December 12, 2021)
     Publish date:  13 de diciembre de 2021
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Server Common
    1011242 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1011241 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)
  • 21-054 (December 7, 2021)
     Publish date:  09 de diciembre de 2021
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application Common
    1011171* - Apache HTTP Server Directory Traversal Vulnerability (CVE-2021-41773 and CVE-2021-42013)


    Web Application PHP Based
    1010488* - Identified WordPress Database Reset Attempt
    1010818* - WordPress 'Code Snippets' Plugin Cross-Site Request Forgery Vulnerability (CVE-2020-8417)
    1010712* - WordPress 'Contact Form 7' Plugin Arbitrary File Upload Vulnerability (CVE-2020-35489)
    1011170* - WordPress 'Contact Form' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24276)
    1011220* - WordPress 'Download Manager' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-24773)
    1010490* - WordPress 'File Manager' Plugin Remote Code Execution Vulnerability (CVE-2020-25213)
    1010194* - WordPress 'GDPR Cookie Consent Plugin' Stored Cross-Site Scripting Vulnerability
    1011060* - WordPress 'LearnPress' Plugin Blind SQL Injection Vulnerability (CVE-2020-6010)
    1011209* - WordPress 'LearnPress' Plugin Stored Cross-Site Scripting Vulnerability (CVE-2021-39348)
    1011047* - WordPress 'Modern Events Calendar' Plugin Remote Code Execution Vulnerability (CVE-2021-24145)
    1011015* - WordPress 'Poll, Survey, Questionnaire and Voting system' Plugin Blind SQL Injection Vulnerability
    1011173* - WordPress 'Redirect 404 To Parent' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24286)
    1011056* - WordPress 'SP Project & Document Manager' Plugin Remote Code Execution Vulnerability (CVE-2021-24347)
    1011174* - WordPress 'Select All Categories and Taxonomies' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24287)
    1011169* - WordPress 'Supsystic Popup' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24275)
    1011168* - WordPress 'Supsystic Ultimate Maps' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24274)
    1011172* - WordPress 'TranslatePress' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24610)
    1011165* - WordPress 'Woo-Order-Export-Lite' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2021-24169)
    1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)
    1011043* - WordPress 'XCloner' Plugin Remote Code Execution Vulnerability (CVE-2020-35948)
    1010172* - WordPress InfiniteWP And Time Capsule Plugin Client Authentication Bypass Vulnerability (CVE-2020-8771)
    1009751* - WordPress PayPal Checkout Payment Gateway Plugin Parameter Tampering Vulnerability (CVE-2019-7441)
    1010122* - WordPress Plainview Activity Monitor Plugin Remote Code Execution Vulnerability (CVE-2018-15877)
    1009487* - WordPress Total Donations Plugin Remote Administrative Access Vulnerability (CVE-2019-6703)
    1010942* - WordPress XML External Entity Injection Vulnerability (CVE-2021-29447)
    1010648* - Wordpress Woody Ad Snippets Plugin Remote Code Execution Vulnerability (CVE-2019-15858)


    Web Application Ruby Based
    1011231 - Grafana Cross Site Scripting Vulnerability (CVE-2021-41174)


    Web Client Common
    1011225 - Microsoft Project MPT File Parsing Out-Of-Bounds Read Vulnerability (ZDI-CAN-14518)
    1011223 - Microsoft Teams amsVideo Cross Site Scripting Vulnerability (ZDI-CAN-13482)


    Web Proxy Squid
    1011213* - Squid Proxy Denial Of Service Vulnerability (CVE-2021-33620)
    1011215* - Squid Proxy Denial of Service Vulnerability (CVE-2021-28662)


    Web Server Apache
    1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


    Web Server Common
    1011227 - Apache Druid Arbitrary File Read Vulnerability (CVE-2021-36749)


    Web Server HTTPS
    1011235 - Microsoft Exchange Server Reflected Cross-Site Scripting Vulnerability (CVE-2021-41349)
    1011232 - Montala Limited ResourceSpace Arbitrary File Deletion Vulnerability (CVE-2021-41950)


    Web Server Miscellaneous
    1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
    1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)


    Web Server SharePoint
    1011233 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-40487)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1008670* - Microsoft Windows Security Events - 3