Views:
Table of Contents
--------------------------
  New Filters - 11
  Modified Filters (logic changes) - 4
  Modified Filters (metadata changes only) - 6
  Removed Filters - 0
  New Filters: 

    45143: TCP: Ivanti Avalanche InfoRail Denial-of-Service Vulnerability (ZDI-24-1491)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: High
      - Description: This filter detects an attempt to exploit a denial-of-service vulnerability in Ivanti Avalanche Enterprise Service.
      - Deployment: Not enabled by default in any deployment.
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-50320
        - Zero Day Initiative: ZDI-24-1491
      - Classification: Vulnerability - Denial of Service (Crash/Reboot)
      - Protocol: TCP (Generic)
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 17, 2024

    45167: HTTP: Raisecom Gateway Command Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a command injection vulnerability in Raisecom.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-7120
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Other Server Application or Service
      - Release Date: December 17, 2024

    45168: HTTP: Jeecg-Boot SQL Injection Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Exploits
      - Severity: High
      - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Jeecg-Boot.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2023-38992
      - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc)
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 17, 2024

    45170: HTTP: WordPress Contact Form 7 File Stored Cross-Site Scripting Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a file upload vulnerability in the WordPress Contact Form 7 plugin.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2022-0595
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 17, 2024

    45174: ZDI-CAN-25713: Zero Day Initiative Vulnerability (Ivanti Avalanche)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Ivanti Avalanche.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 17, 2024

    45179: PWN2OWN ZDI-CAN-25606: Zero Day Initiative Vulnerability (Sonos Era 300)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting Sonos Era 300.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 17, 2024

    45186: PWN2OWN ZDI-CAN-25613: Zero Day Initiative Vulnerability (Synology BeeStation BST150-4T)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Synology BeeStation BST150-4T.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 17, 2024

    45187: PWN2OWN ZDI-CAN-25623: Zero Day Initiative Vulnerability (Synology BeeStation BST150-4T)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Synology BeeStation BST150-4T.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 17, 2024

    45188: PWN2OWN ZDI-CAN-25658: Zero Day Initiative Vulnerability (Synology BeeStation BST150-4T)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Synology BeeStation BST150-4T.
      - Deployments:
        - Deployment: Security-Optimized (Block / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 17, 2024

    45192: PWN2OWN ZDI-CAN-25482: Zero Day Initiative Vulnerability (QNAP TS-464)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter protects against exploitation of a zero-day vulnerability affecting QNAP TS-464.
      - Deployments:
        - Deployment: Default (Block / Notify / Trace)
        - Deployment: Evaluation (Permit / Notify / Trace)
      - Classification: Vulnerability - Other
      - Protocol: Other Protocol
      - Platform: Other Server Application or Service
      - Release Date: December 17, 2024

    45193: HTTP: Cleo Managed File Transfer Lexicom, VLTransfer, and Harmony Directory Traversal Vulnerability
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Category: Vulnerabilities
      - Severity: Critical
      - Description: This filter detects an attempt to exploit a directory traversal vulnerability in Cleo Managed File Transfer software including the applications LexiCom, VLTransfer, and Harmony.
      - Deployments:
        - Deployment: Default (Block / Notify)
        - Deployment: Evaluation (Permit / Notify)
      - References:
        - Common Vulnerabilities and Exposures: CVE-2024-50623
      - Classification: Vulnerability - Other
      - Protocol: HTTP
      - Platform: Multi-Platform Server Application or Service
      - Release Date: December 17, 2024

  Modified Filters (logic changes):
    * = Enabled in Default deployments

    43943: HTTP: Centreon updateServiceHost_MC SQL Injection Vulnerability (ZDI-24-595,ZDI-24-596,ZDI-24-899)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Detection logic updated.
      - Vulnerability references updated.
      - Release Date: March 05, 2024
      - Last Modified Date: December 17, 2024

    44995: PWN2OWN ZDI-CAN-25607: Zero Day Initiative Vulnerability (Synology DiskStation DS1823xs+)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Detection logic updated.
      - Release Date: October 29, 2024
      - Last Modified Date: December 17, 2024

    * 45010: PWN2OWN ZDI-CAN-25581: Zero Day Initiative Vulnerability (Samsung Galaxy S24)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Detection logic updated.
      - Release Date: October 29, 2024
      - Last Modified Date: December 17, 2024

    * 45015: PWN2OWN ZDI-CAN-25672: Zero Day Initiative Vulnerability (QNAP Qhora-322)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: Not available.
      - Requires: IPS N-Platform, NX-Platform, or TPS models.
      - Detection logic updated.
      - Release Date: October 29, 2024
      - Last Modified Date: December 17, 2024

  Modified Filters (metadata changes only):
    * = Enabled in Default deployments

    44611: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Buffer Overflow Vulnerability (ZDI-24-1625)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "44611: ZDI-CAN-24664: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 13, 2024
      - Last Modified Date: December 17, 2024

    44629: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Buffer Overflow Vulnerability (ZDI-24-1626)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "44629: ZDI-CAN-24768: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 13, 2024
      - Last Modified Date: December 17, 2024

    44630: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Out-Of-Bounds Write Vulnerability (ZDI-24-1627)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "44630: ZDI-CAN-24769: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 13, 2024
      - Last Modified Date: December 17, 2024

    44631: HTTP: Fuji Electric Tellus Lite V-Simulator 5 V8 Buffer Overflow Vulnerability (ZDI-24-1628)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "44631: ZDI-CAN-24770: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 13, 2024
      - Last Modified Date: December 17, 2024

    44633: HTTP: Fuji Electric Tellus Lite V-Simulator Out-Of-Bounds Write Vulnerability (ZDI-24-1629)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "44633: ZDI-CAN-24771: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 5)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 13, 2024
      - Last Modified Date: December 17, 2024

    44634: HTTP: Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Vulnerability (ZDI-24-1623)
      - IPS Version: 3.9.5 and after.
      - TPS Version: 5.2.2 and after.
      - vTPS Version: 5.2.2 and after.
      - Name changed from "44634: ZDI-CAN-24662: Zero Day Initiative Vulnerability (Fuji Electric Monitouch V-SFT)".
      - Description updated.
      - Vulnerability references updated.
      - Release Date: August 13, 2024
      - Last Modified Date: December 17, 2024

  Removed Filters: None