All Vulnerabilities

  • 18-001 (January 2, 2018)
     Publish Date:  03 de января de 2018
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Microsoft Office
    1008801 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11884)


    NTP Server Linux
    1008320 - Network Time Protocol Daemon 'peer_xmit' Mode Denial Of Service Vulnerability (CVE-2017-6464)


    RADIUS Server
    1008614 - FreeRADIUS Heap Buffer Overflow Vulnerability (CVE-2017-10984)


    Web Client Common
    1008656* - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8718)
    1008805 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2017-8718) - 1


    Web Client Internet Explorer/Edge
    1008803 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11812)
    1008616* - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-8641)
    1008698* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11856)


    Web Server Oracle
    1008808 - Oracle WebLogic WLS Security Component Remote Code Execution Vulnerabilities


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-060 (December 26, 2017)
     Publish Date:  27 de декабря de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    HP Intelligent Management Center (IMC)
    1008748 - HPE Intelligent Management Center PLAT flexFileUpload Arbitrary File Upload Vulnerability (CVE-2017-8961)


    Unix RPC Services
    1008314* - Oracle Solaris Remote Code Execution Vulnerability (CVE-2017-3623)


    Web Application PHP Based
    1008518 - PHP Double Free Memory Corruption Vulnerability (CVE-2016-5772)
    1008520 - PHP Malicious Object Injection In Deserialization Vulnerability (CVE-2016-7124)


    Web Client Internet Explorer/Edge
    1008636* - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11793)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-059 (December 19, 2017)
     Publish Date:  20 de декабря de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008717 - Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-11771)


    DHCP Server
    1008591* - FreeRADIUS Integer Underflow Out Of Bounds Read Vulnerability (CVE-2017-10986)


    HP Intelligent Management Center Dbman
    1008749* - HPE Intelligent Management Center Dbman Stack Buffer Overflow Vulnerability (CVE-2017-8956)


    RRAS Service
    1008769* - Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885)


    Remote Desktop Protocol Server
    1008307* - Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176)


    Unix Samba
    1008791* - Samba Arbitrary Code Execution Vulnerability (CVE-2017-14746)


    Web Application PHP Based
    1008550 - PHP 'imagegammacorrect' Function Arbitrary Write Access vulnerability (CVE-2016-7127)
    1008562 - PHP libgd Signedness Heap Overflow Vulnerability (CVE-2016-3074)


    Web Application Ruby Based
    1008574 - Ruby On Rails Development Web Console Code Execution Vulnerability (CVE-2015-3224)


    Web Client Common
    1008583 - Foxit Reader Arbitrary File Write Remote Code Execution Vulnerability (CVE-2017-10952)
    1008582 - Foxit Reader Remote Code Execution Vulnerability (CVE-2017-10951)


    Web Server Miscellaneous
    1008763* - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1008792 - Microsoft Windows Security Events - 4
  • 17-058 (December 12, 2017)
     Publish Date:  13 de декабря de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)


    DHCP Server
    1008591 - FreeRADIUS Integer Underflow Out Of Bounds Read Vulnerability (CVE-2017-10986)


    Microsoft Office
    1008788 - Microsoft Excel Remote Code Execution Vulnerability (CVE-2017-11935)
    1008661* - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826)


    RRAS Service
    1008769 - Microsoft Windows RRAS Service Remote Code Execution Vulnerability (CVE-2017-11885)


    Solr Service
    1008691* - Apache Solr XML External Entity Expansion Remote Code Execution (CVE-2017-12629)


    Unix RPC Services
    1008371* - rpcbind Remote Denial Of Service Vulnerability (CVE-2017-8779)


    Unix Samba
    1008791 - Samba Arbitrary Code Execution Vulnerability (CVE-2017-14746)


    VoIP Smart
    1008465 - Asterisk PJSIP Heap Overflow Vulnerability (CVE-2017-9372)


    Web Client Common
    1008736* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
    1008740* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 7
    1008789 - Microsoft Malware Protection Engine Remote Code Execution Vulnerability (CVE-2017-11937)
    1008643* - Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727)
    1008672 - Microsoft Windows XML External Entity Information Disclosure Vulnerability (CVE-2017-8710)


    Web Client Internet Explorer/Edge
    1008771 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11888)
    1008772 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11889)
    1008774 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11893)
    1008780 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11909)
    1008781 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11911)
    1008783 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11914)
    1008784 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11916)
    1008785 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11918)
    1008682 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11811)
    1008775 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11894)
    1008776 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11895)
    1008787 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-11930)
    1008770 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11886)
    1008773 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11890)
    1008777 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11901)
    1008778 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11903)
    1008779 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11907)
    1008782 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11913)


    Web Server Apache
    1008683* - Apache HTTP Server Memory Corruption Vulnerability (CVE-2017-9788)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    1003843* - Microsoft Windows Security Events
    1004057* - Microsoft Windows Security Events - 1
    1003987* - Microsoft Windows Security Events - 2
    1008670 - Microsoft Windows Security Events - 3
  • 17-057 (December 5, 2017)
     Publish Date:  06 de декабря de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008622 - Identified NTLMv1 Authentication Attempt Over SMB
    1008660* - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)


    DNS Client
    1002657* - DNS Insufficient Socket Entropy Vulnerability
    1005020* - Detected Too Many DNS Responses With 'No Such Name' Error
    1005101* - ISC BIND Zero Length RDATA Denial Of Service Vulnerability
    1003928* - Oracle Secure Backup observiced.exe Buffer Overflow


    DNS Server
    1000836* - Microsoft Windows NAT Helper DNS Query DoS
    1000167* - Snort Back Orifice Pre-Processor Buffer Overflow


    HP Intelligent Management Center Dbman
    1008749 - HPE Intelligent Management Center Dbman Stack Buffer Overflow Vulnerability (CVE-2017-8956)


    HP Network Automation
    1008676* - HPE Network Automation FileServlet Information Disclosure Vulnerability (CVE-2017-5811)


    Mail Server Exim
    1008758 - Exim Unix Mailer Multiple Security Vulnerabilities


    SSL/TLS Server
    1008534* - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Server


    Unix Kerberos
    1008561* - Kerberos kadmind Policy Null Pointer Dereference Denial Of Service Vulnerability (CVE-2015-8630)


    Web Application PHP Based
    1008626* - Drupal Services Module Remote Code Execution Vulnerability
    1008548* - PHP Session Data Injection Vulnerability (CVE-2016-7125)


    Web Client Common
    1008702 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2017-11816)


    Web Client Internet Explorer/Edge
    1008635* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11763)


    Web Server Miscellaneous
    1008751 - Apache CouchDB Remote Code Execution Vulnerabilities (CVE-2017-12635)
    1004610* - Oracle Java SE And Java For Business Remote Security Vulnerability (CVE-2010-4476)
    1008763 - Red Hat JBoss Application Server 'doFilter' Insecure Deserialization Vulnerability (CVE-2017-12149)


    Integrity Monitoring Rules:

    1005195* - Microsoft Windows - Log File Attributes Changes Detected
    1005193* - Unix - Log File Attributes Changes Detected


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-056 (November 28, 2017)
     Publish Date:  29 de ноября de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    HP Network Automation
    1008676 - HPE Network Automation FileServlet Information Disclosure Vulnerability (CVE-2017-5811)


    Microsoft Office
    1008716* - Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878)
    1008746* - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)


    SSL Client
    1008533 - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Client


    SSL/TLS Server
    1008534 - GnuTLS Proxy Certificate Information Extension Memory Corruption Vulnerability (CVE-2017-5334) - Server


    Suspicious Client Application Activity
    1008756 - Identified Potentially Malicious RAT Traffic - VII


    Web Application PHP Based
    1008626 - Drupal Services Module Remote Code Execution Vulnerability


    Web Client Common
    1008735* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 5


    Web Client Internet Explorer/Edge
    1008701* - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861)


    Web Server Oracle
    1008688 - Oracle Identity Manager Default Account Vulnerability (CVE-2017-10151)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-055 (November 21, 2017)
     Publish Date:  22 de ноября de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1008660 - Microsoft Windows SMB Out-Of-Bounds Read Denial Of Service Vulnerability (CVE-2017-11781)


    Microsoft Office
    1008746 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882)


    OpenSSL
    1008715 - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Server


    OpenSSL Client
    1008714 - OpenSSL X.509 IPAddressFamily Extension Parsing Out-Of-Bounds Read Vulnerability (CVE-2017-3735) - Client


    Solr Service
    1008691 - Apache Solr XML External Entity Expansion Remote Code Execution (CVE-2017-12629)


    Web Application PHP Based
    1008548 - PHP Session Data Injection Vulnerability (CVE-2016-7125)


    Web Client Common
    1008739 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 1
    1008744 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 2
    1008743 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 3
    1008745 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 4
    1008735 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 5
    1008736 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 6
    1008740 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 7
    1008738 - Adobe Flash Player Multiple Security Vulnerabilities (APSB17-33)


    Web Server Miscellaneous
    1007532* - JBoss Application Server Unauthenticated Remote Command Execution Vulnerability


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-054 (November 14, 2017)
     Publish Date:  15 de ноября de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    Asterisk Server IAX2
    1008467* - Asterisk Skinny Denial Of Service Vulnerability (CVE-2017-9358)


    DHCPv6 Server
    1008651* - Dnsmasq DHCPv6 Buffer Overflow Vulnerability (CVE-2017-14493)


    DNS Client
    1008650* - Dnsmasq Heap Buffer Overflow Vulnerability (CVE-2017-14491)


    HP Intelligent Management Center WSM iNode
    1008551* - HPE Intelligent Management Center Multiple Stack Buffer Overflow Vulnerabilities


    Microsoft Office
    1008695 - Microsoft Word Memory Corruption Vulnerability (CVE-2017-11854)


    Remote Desktop Protocol Server
    1003716* - Identified Too Many Remote Desktop Protocol (RDP) Connection Request


    SSL/TLS Server
    1008553* - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Server


    Unix Kerberos
    1008561 - Kerberos kadmind Policy Null Pointer Dereference Denial Of Service Vulnerability (CVE-2015-8630)
    1008473* - MIT Kerberos Recvauth Message Handling Denial Of Service Vulnerability (CVE-2014-5355)


    VoIP Smart
    1008466* - Asterisk PJSIP Denial Of Service Vulnerability (CVE-2017-9359)


    Web Application Common
    1008530* - ImageMagick WritePTIFImage Denial Of Service Vulnerability (CVE-2017-11640) - 1


    Web Client Common
    1008538* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-24) - 5
    1004133* - Heuristic Detection Of Malicious PDF Documents
    1008716 - Microsoft Excel Memory Corruption Vulnerability (CVE-2017-11878)
    1008630 - Microsoft Office Memory Corruption Vulnerability (CVE-2017-8631)
    1008708 - Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2017-11847)


    Web Client Internet Explorer/Edge
    1008710 - Microsoft Edge Memory Corruption Vulnerability (CVE-2017-11845)
    1008704 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11840)
    1008705 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11841)
    1008701 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11861)
    1008706 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11873)
    1008696 - Microsoft Internet Explorer And Edge Scripting Engine Information Disclosure Vulnerability (CVE-2017-11791)
    1008700 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11837)
    1008707 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11843)
    1008712 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11846)
    1008699 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11858)
    1008697 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11855)
    1008698 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-11856)
    1008703 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2017-11869)


    Web Proxy Apache
    1006244* - Apache HTTP Server 'mod_cache' Module Remote Denial Of Service Vulnerability


    Web Server Apache
    1008556* - Apache Continuum Arbitrary Command Execution Vulnerability
    1008683 - Apache HTTP Server Memory Corruption Vulnerability (CVE-2017-9788)


    Web Server SAP
    1008615* - SAP Netweaver Disp Work Request Resource Exhaustion Denial Of Service Vulnerability (CVE-2017-9845)


    Integrity Monitoring Rules:

    1006683* - TMTR-0016: Suspicious Running Processes Detected


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-053 (November 7, 2017)
     Publish Date:  08 de ноября de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1007114* - Portable Executable File Uploaded On SMB Share


    HP Intelligent Management Center WSM iNode
    1008551 - HPE Intelligent Management Center Multiple Stack Buffer Overflow Vulnerabilities


    Microsoft Office
    1008375* - Microsoft Office Remote Code Execution Vulnerability (CVE-2017-0262)


    SSL Client
    1008552 - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Client


    SSL/TLS Server
    1008553 - GnuTLS DN Decoding Double Free Error Denial Of Service Vulnerability (CVE-2015-6251) - Server


    Symantec Messaging Gateway
    1005286* - Symantec Messaging Gateway Arbitrary File Download Vulnerability


    Unix Kerberos
    1008473 - MIT Kerberos Recvauth Message Handling Denial Of Service Vulnerability (CVE-2014-5355)


    Web Client Internet Explorer/Edge
    1008680 - Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2017-8653)


    Web Server SAP
    1008615 - SAP Netweaver Disp Work Request Resource Exhaustion Denial Of Service Vulnerability (CVE-2017-9845)


    Integrity Monitoring Rules:

    There are no new or updated Integrity Monitoring Rules in this Security Update.


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.
  • 17-052 (October 31, 2017)
     Publish Date:  01 de ноября de 2017
    * indicates a new version of an existing rule

    Deep Packet Inspection Rules:

    DCERPC Services
    1001852* - Identified Attempt To Brute Force Windows Login Credentials
    1008679 - Identified BADRABBIT Ransomware Propagation Over SMB


    Web Client Common
    1006812* - Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113) -1
    1008678 - Identified BADRABBIT Ransomware Download Over HTTP
    1008634* - Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2017-11762)
    1008285* - Microsoft Word Remote Code Execution Vulnerability (CVE-2017-0199)


    Web Client Internet Explorer/Edge
    1008671 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-11802)


    Integrity Monitoring Rules:

    1008684 - Ransomware - BADRABBIT


    Log Inspection Rules:

    There are no new or updated Log Inspection Rules in this Security Update.