All Vulnerabilities

  • 17-055 (November 21, 2017)
     Publish date:  22 de noviembre de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008660 - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)


    Microsoft Office
    1008746 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)


    OpenSSL
    1008715 - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Server


    OpenSSL Client
    1008714 - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Client


    Solr Service
    1008691 - Apache Solr XML External Entity Expansion Remote Code Execution (CVE-2017-12629)


    Web Application PHP Based
    1008548 - PHP Session Data Injection Vulnerability (CVE-2016-7125)


    Web Client Common
    1008739 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 1
    1008744 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 2
    1008743 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 3
    1008745 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 4
    1008735 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 5
    1008736 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
    1008740 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 7
    1008738 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-33)


    Web Server Miscellaneous
    1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-054 (November 14, 2017)
     Publish date:  15 de noviembre de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Asterisk Server IAX2
    1008467* - Asterisk Skinny Denial Of Service Vulnerability (CVE-2017-9358)


    DHCPv6 Server
    1008651* - Dnsmasq DHCPv6 Buffer Overflow Vulnerability (CVE-2017-14493)


    DNS Client
    1008650* - Dnsmasq Heap Buffer Overflow Vulnerability (CVE-2017-14491)


    HP Intelligent Management Center WSM iNode
    1008551* - HPE Intelligent Management Center Multiple Stack Buffer Overflow Vulnerabilities


    Microsoft Office
    1008695 - Microsoft Word Memory Corruption Vulnerability (CVE-2017-11854)


    Remote Desktop Protocol Server
    1003716* - Identified Too Many Remote Desktop Protocol (RDP) Connection Request


    SSL/TLS Server
    1008553* - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Server


    Unix Kerberos
    1008561 - Kerberos kadmind Policy Null Pointer Dereference Denial Of Service Vulnerability (CVE-2015-8630)
    1008473* - MIT Kerberos Recvauth Message Handling Denial Of Service Vulnerability (CVE-2014-5355)


    VoIP Smart
    1008466* - Asterisk PJSIP Denial Of Service Vulnerability (CVE-2017-9359)


    Web Application Common
    1008530* - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640) - 1


    Web Client Common
    1008538* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 5
    1004133* - Heuristic Detection Of Malicious PDF Documents
    1008716 - Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878)
    1008630 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-8631)
    1008708 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-11847)


    Web Client Internet Explorer/Edge
    1008710 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11845)
    1008704 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11840)
    1008705 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11841)
    1008701 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861)
    1008706 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11873)
    1008696 - Microsoft Internet Explorer And Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-11791)
    1008700 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11837)
    1008707 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11843)
    1008712 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11846)
    1008699 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11858)
    1008697 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11855)
    1008698 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11856)
    1008703 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11869)


    Web Proxy Apache
    1006244* - Apache HTTP Server 'mod_cache' Module Remote Denial Of Service Vulnerability


    Web Server Apache
    1008556* - Apache Continuum Arbitrary Command Execution Vulnerability
    1008683 - Apache HTTP Server Memory Corruption Vulnerability (CVE-2017-9788)


    Web Server SAP
    1008615* - SAP Netweaver Disp Work Request Resource Exhaustion Denial Of Service Vulnerability (CVE-2017-9845)


    Integrity Monitoring Rules:

    1006683* - TMTR-0016: Suspicious Running Processes Detected


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-053 (November 7, 2017)
     Publish date:  08 de noviembre de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007114* - Portable Executable File Uploaded On SMB Share


    HP Intelligent Management Center WSM iNode
    1008551 - HPE Intelligent Management Center Multiple Stack Buffer Overflow Vulnerabilities


    Microsoft Office
    1008375* - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0262)


    SSL Client
    1008552 - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Client


    SSL/TLS Server
    1008553 - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Server


    Symantec Messaging Gateway
    1005286* - Symantec Messaging Gateway Arbitrary File Download Vulnerability


    Unix Kerberos
    1008473 - MIT Kerberos Recvauth Message Handling Denial Of Service Vulnerability (CVE-2014-5355)


    Web Client Internet Explorer/Edge
    1008680 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-8653)


    Web Server SAP
    1008615 - SAP Netweaver Disp Work Request Resource Exhaustion Denial Of Service Vulnerability (CVE-2017-9845)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-052 (October 31, 2017)
     Publish date:  01 de noviembre de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1001852* - Identified Attempt To Brute Force Windows Login Credentials
    1008679 - Identified BADRABBIT Ransomware Propagation Over SMB


    Web Client Common
    1006812* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113) -1
    1008678 - Identified BADRABBIT Ransomware Download Over HTTP
    1008634* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
    1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)


    Web Client Internet Explorer/Edge
    1008671 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11802)


    Integrity Monitoring Rules:

    1008684 - Ransomware - BADRABBIT


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-051 (October 24, 2017)
     Publish date:  24 de octubre de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Web Application Common
    1008530 - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640) - 1


    Web Client Common
    1008645 - Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2017-11227)
    1008544* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 4
    1008667* - Adobe Flash Player Type Confusion Vulnerability (CVE-2017-11292)
    1008529 - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640)


    Web Server Apache
    1008556 - Apache Continuum Arbitrary Command Execution Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-050 (October 17, 2017)
     Publish date:  18 de octubre de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Asterisk Server IAX2
    1008467 - Asterisk Skinny Denial Of Service Vulnerability (CVE-2017-9358)


    DHCPv6 Server
    1008651 - Dnsmasq DHCPv6 Buffer Overflow Vulnerability (CVE-2017-14493)


    DNS Client
    1008650 - Dnsmasq Heap Buffer Overflow Vulnerability (CVE-2017-14491)


    HP Intelligent Management Center IMC Syslog Daemon
    1008505* - HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (CVE-2017-5815)


    Microsoft Office
    1008661 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826)
    1008629 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-8744)


    VoIP Smart
    1008466 - Asterisk PJSIP Denial Of Service Vulnerability (CVE-2017-9359)


    Web Application Common
    1008606* - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535) - 1


    Web Client Common
    1008667 - Adobe Flash Player Type Confusion Vulnerability (CVE-2017-11292)
    1008655 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8717)
    1008656 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8718)


    Web Client Internet Explorer/Edge
    1008657 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-11794)
    1008153* - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-0037)


    Web Server Apache
    1008127* - Apache Commons File Upload Boundary Denial Of Service Vulnerability (CVE-2016-3092)


    Web Server IIS
    1004398* - Request Header Buffer Overflow Vulnerability


    Web Server Miscellaneous
    1008620* - Apache Struts Denial Of Service Vulnerability (CVE-2017-9793)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-049 (October 10, 2017)
     Publish date:  11 de octubre de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Backup Server Veritas
    1008584* - Veritas Backup Exec Windows Remote File Access (CVE-2005-2611)


    HP Intelligent Management Center Dbman
    1008506* - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities


    Suspicious Server Ransomware Activity
    1007580* - Ransomware HTTP Request-1


    Web Application Common
    1008587* - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
    1008510* - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446) - 1
    1008608* - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1


    Web Client Common
    1008478* - Microsoft MsMpEng Use After Free Vulnerability (CVE-2017-8540)
    1008623 - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-8570)
    1008628 - Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2017-8743)
    1008634 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
    1008643 - Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727)
    1008627 - Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-8692)
    1008592* - Microsoft Windows Win32k Graphics Multiple Security Vulnerabilities (Sep-2017)
    1008642 - Microsoft Windows Win32k Multiple Elevation Of Privilege Vulnerabilities (October-2017)


    Web Client Internet Explorer/Edge
    1008595* - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-8734)
    1008637 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11798)
    1008638 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11800)
    1008586 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8657)
    1008631 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8661)
    1008624 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8729)
    1008597* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8738)
    1008625 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8740)
    1008640 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11822)
    1008636 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793)
    1008639 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11810)
    1008635 - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)


    Web Server Apache
    1008127 - Apache Commons File Upload Boundary Denial Of Service Vulnerability (CVE-2016-3092)
    1008618* - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)


    Web Server Common
    1008621* - Disallow Upload Of A JSP File


    Web Server Miscellaneous
    1008590* - Apache Struts 2 REST Plugin XStream Remote Code Execution Vulnerability (CVE-2017-9805)
    1005528* - Identified Apache Struts Allow Direct Member Access Method In HTTP Request


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-048 (October 3, 2017)
     Publish date:  04 de octubre de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    HP Intelligent Management Center IMC Syslog Daemon
    1008505 - HPE Intelligent Management Center (iMC) Remote Code Execution Vulnerability (CVE-2017-5815)


    Suspicious Client Application Activity
    1005294* - TMTR-0004: GHOST RAT HTTP Request


    Web Application Common
    1008606 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535) - 1


    Web Client Common
    1008607 - ImageMagick WritePSImage Information Disclosure Vulnerability (CVE-2017-11535)
    1008197 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability (CVE-2016-0151)
    1008549 - Microsoft Windows DVD Maker Cross-Site Request Forgery Vulnerability (CVE-2017-0045)
    1008264 - Microsoft Windows Multiple Security Vulnerabilities (MS16-062)
    1008521* - Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2017-0291)


    Web Client Mozilla Firefox
    1008579 - Mozilla Firefox Use-After-Free Vulnerability (CVE-2016-1960)


    Web Server IIS
    1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)


    Web Server Miscellaneous
    1008620 - Apache Struts Denial Of Service Vulnerability (CVE-2017-9793)


    Integrity Monitoring Rules:

    1006544* - Adware - Suspicious Microsoft Windows Superfish Detected
    1004950* - Microsoft Visual Studio - New Add-In Created
    1006801* - TMTR-0004: Suspicious Files Detected In Operating System Directories


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-047 (September 26, 2017)
     Publish date:  27 de septiembre de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    HP Intelligent Management Center Dbman
    1004677* - HP 3COM/H3C Intelligent Management Center dbman sprintf Remote Code Execution Vulnerability
    1008506 - HPE Intelligent Management Center Multiple dbman Opcode Command Injection Remote Code Execution Vulnerabilities


    Web Application Common
    1008587 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252) - 1
    1008608 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531) - 1


    Web Client Common
    1008576 - Adobe Reader DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2017-3040)
    1008588 - ImageMagick MagickCore IsOptionMember Denial Of Service Vulnerability (CVE-2016-10252)
    1008609 - ImageMagick WriteHISTOGRAMImage Information Disclosure Vulnerability (CVE-2017-11531)
    1008258 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-039)
    1008602* - Microsoft Windows PDF Library Multiple Remote Code Execution Vulnerabilities (Sep-2017)
    1008617 - Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2017-0293)
    1008263 - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0099)
    1007559* - Microsoft Windows Secondary Logon Elevation Of Privilege Vulnerability (CVE-2016-0135)
    1008196 - Microsoft Windows WebDAV Elevation Of Privilege Vulnerability (CVE-2016-0051)


    Web Client Internet Explorer/Edge
    1008565 - Microsoft Edge Information Disclosure Vulnerability (CVE-2017-8646)
    1008563* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8671)


    Web Server Apache
    1008618 - Apache HTTP OPTIONS Information Disclosure Vulnerability (CVE-2017-9798)


    Web Server Common
    1008621 - Disallow Upload Of A JSP File


    Web Server Miscellaneous
    1008610 - Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request


    Integrity Monitoring Rules:

    1005041* - Malware - Suspicious Microsoft Windows Files Detected
    1007210* - TMTR-0018: Suspicious Files Detected In User Profile Directory


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-046 (September 19, 2017)
     Publish date:  20 de septiembre de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Backup Server Veritas
    1008584 - Veritas Backup Exec Windows Remote File Access (CVE-2005-2611)


    DCERPC Services - Client
    1008585 - Microsoft Windows LNK Remote Code Execution Over SMB (CVE-2017-8464)


    Directory Server LDAP
    1008453* - OpenLDAP ldapsearch pagesize Double Free Denial Of Service Vulnerability (CVE-2017-9287)


    Web Application Common
    1008512* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9261) - 1
    1008514* - ImageMagick Denial Of Service Vulnerability (CVE-2017-9262) - 1
    1008508* - ImageMagick Heap-Based Buffer Overflow Vulnerability (CVE-2017-10928) - 1
    1008540* - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11644) - 1
    1008542* - ImageMagick ReadMATImage Information Disclosure Vulnerability (CVE-2017-11724) - 1
    1008510 - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446) - 1


    Web Client Common
    1008613 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-28)
    1008509 - ImageMagick ReadPESImage Denial Of Service Vulnerability (CVE-2017-11446)
    1008616 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8641)
    1008199 - Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-3219)
    1008604* - Microsoft Windows .NET Framework Remote Code Execution Vulnerability (CVE-2017-8759)
    1008198 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2016-0180)
    1008435* - Microsoft Windows LNK Remote Code Execution Vulnerability (CVE-2017-8464)
    1008612 - Microsoft Windows LNK Remote Code Execution Vulnerability Over WebDAV (CVE-2017-8464)
    1008200 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-073)
    1008265 - Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-098)
    1008259 - Microsoft Windows Multiple Security Vulnerabilities (MS16-090)


    Web Client Internet Explorer/Edge
    1008568 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8635)
    1008569 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8636)


    Web Server Common
    1004859* - Disallowed HTTP Header


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.