Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9463.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9463.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 22
Modified Filters (logic changes) - 19
Modified Filters (metadata changes only) - 6
Removed Filters - 0
Filters
----------------
New Filters:
38208: HTTP: Nagios XI users.php do_update_user Cross-Site Scripting Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a stored cross-site scripting vulnerability in Nagios XI. - Deployments: - Deployment: Security-Optimized (Block / Notify) - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 06, 2020 38210: ZDI-CAN-11851: Zero Day Initiative Vulnerability (Multiple NETGEAR Routers) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Multiple NETGEAR Routers. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38211: ZDI-CAN-11881: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38212: ZDI-CAN-11885: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38213: ZDI-CAN-11891: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38214: ZDI-CAN-11892: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38215: ZDI-CAN-11906: Zero Day Initiative Vulnerability (Microsoft Chakra) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Microsoft Chakra. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38216: ZDI-CAN-11910: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38217: ZDI-CAN-11911: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38218: ZDI-CAN-11912: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38219: ZDI-CAN-11914: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38220: ZDI-CAN-11915: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38221: ZDI-CAN-11927: Zero Day Initiative Vulnerability (Siemens JT2Go) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens JT2Go. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: October 06, 2020 38222: HTTP: Nmap Scripting Engine adobe-coldfusion-apsa1301 Detection (ATT&CK T1018,T1210,T1190,T1046) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an adobe-coldfusion-apsa1301 vulnerability scan by the Nmap Scripting Engine. - Deployment: Not enabled by default in any deployment. - Classification: Reconnaissance / Suspicious Access - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 06, 2020 38223: HTTP: Nmap Scripting Engine http-apache-server-status Detection (ATT&CK T1518,T1018,T1046) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an http-apache-server-status scan by the Nmap Scripting Engine. In some installations of Apache, this script parses useful information such as system uptime, Apache version, and recent HTTP requests. - Deployment: Not enabled by default in any deployment. - Classification: Reconnaissance / Suspicious Access - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 06, 2020 38224: HTTP: Nmap Scripting Engine http-aspnet-debug Detection (ATT&CK T1518,T1018,T1046) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an http-aspnet-debug request by the Nmap Scripting Engine. The HTTP DEBUG command is used for debugging applications in ASP.NET. - Deployment: Not enabled by default in any deployment. - Classification: Reconnaissance / Suspicious Access - Other - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 06, 2020 38225: HTTP: Nmap Scripting Engine http-avaya-ipoffice-users Detection (ATT&CK T1018,T1033,T1046) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an http-avaya-ipoffice-users request by the Nmap Scripting Engine. Avaya IP Office systems allow unauthenticated access to specific endpoints. An attacker could leverage this to disclose sensitive user information. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 06, 2020 38226: HTTP: Nmap Scripting Engine http-axis2-dir-traversal Detection (ATT&CK T1046,T1018,T1007) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an http-axis2-dir-traversal enumeration attempt by the Nmap Scripting Engine. Specific installations of Apache Axis2 are vulnerable to a directory traversal vulnerability. To exploit this vulnerability, an adversary must first locate a valid service, often through the Apache Axis2 configuration file. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 06, 2020 38227: HTTP: Nmap Scripting Engine http-backup-finder Detection (ATT&CK T1046) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects an http-backup-finder enumeration attempt by the Nmap Scripting Engine. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 06, 2020 38231: HTTP: MobileIron Core & Connector Command Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Exploits - Severity: Critical - Description: This filter detects an attempt to exploit a command injection vulnerability in MobileIron Core & Connector. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-15505 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service - Release Date: October 06, 2020 38237: HTTP: Suspicious SQL ELT Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Moderate - Description: This filter detects the usage of the ELT method with some suspicious elements in a SQL command via HTTP. - Deployment: Not enabled by default in any deployment. - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: October 06, 2020 38242: HTTP: Sophos XG Firewall SQL Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a SQL injection vulnerability in Sophos XG Firewall, in the user and admin web interfaces, and in the email quarantine release feature. - Deployments: - Deployment: Security-Optimized (Block / Notify) - References: - Common Vulnerabilities and Exposures: CVE-2020-12271, CVE-2020-15504 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: UNIX/Linux Server Application or Service - Release Date: October 06, 2020 Modified Filters (logic changes): * = Enabled in Default deployments * 30341: HTTP: Microsoft Windows LNK Memory Corruption Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: February 13, 2018 - Last Modified Date: October 06, 2020 37232: HTTP: Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read (ZDI-20-799) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37232: ZDI-CAN-10471: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 06, 2020 37233: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-796) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37233: ZDI-CAN-10472: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 06, 2020 37239: HTTP: Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read (ZDI-20-795) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37239: ZDI-CAN-10480: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 06, 2020 37240: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-794) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37240: ZDI-CAN-10481: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 06, 2020 37241: HTTP: Delta Industrial Automation DOPSoft File Parsing Out-Of-Bounds Read Vulnerability (ZDI-20-793) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37241: ZDI-CAN-10483: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 06, 2020 37248: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Out-Of-Bounds Read (ZDI-20-310) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37248: ZDI-CAN-10420: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 06, 2020 37252: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB Buffer Overflow Vulnerability(ZDI-20-309) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37252: ZDI-CAN-10413: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 06, 2020 37257: HTTP: Trend Micro InterScan Web Security VA Directory Traversal Vulnerability (ZDI-20-678) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37257: ZDI-CAN-10329: Zero Day Initiative Vulnerability (Trend Micro InterScan Web Security)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 06, 2020 37258: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-951) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37258: ZDI-CAN-10188: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 06, 2020 37259: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Double Free Vulnerability (ZDI-20-952) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37259: ZDI-CAN-10187: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 03, 2020 - Last Modified Date: October 06, 2020 37285: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Buffer Overflow Vulnerability (ZDI-20-950) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37285: ZDI-CAN-10121: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)". - Severity changed from "High" to "Critical". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 10, 2020 - Last Modified Date: October 06, 2020 37330: HTTP: Advantech WebAccess/HMI Designer PM3 File Parsing Type Confusion Vulnerability (ZDI-20-954) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37330: ZDI-CAN-10139: Zero Day Initiative Vulnerability (Advantech WebAccess/HMI Designer)". - Category changed from "Vulnerabilities" to "Exploits". - Severity changed from "High" to "Critical". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 17, 2020 - Last Modified Date: October 06, 2020 37380: HTTP: Delta Industrial Automation DOPSoft DPA Out-Of-Bounds Read Vulnerability (ZDI-20-791) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37380: ZDI-CAN-10508: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: March 24, 2020 - Last Modified Date: October 06, 2020 37474: HTTP: WECON LeviStudioU XYSet WordAddr Buffer Overflow Vulnerability (ZDI-20-1059-63) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37474: ZDI-CAN-10533-37: Zero Day Initiative Vulnerability (WECON LeviStudioU)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 07, 2020 - Last Modified Date: October 06, 2020 37659: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Buffer Overflow (ZDI-20-943) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37659: ZDI-CAN-10881: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft ScreenEditor)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 28, 2020 - Last Modified Date: October 06, 2020 37664: HTTP: Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write (ZDI-20-820) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37664: ZDI-CAN-10896: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 28, 2020 - Last Modified Date: October 06, 2020 37666: HTTP: Microsoft Windows hevcdecoder_store MKV File Parsing Use-After-Free Vulnerability (ZDI-20-815) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37666: ZDI-CAN-10936: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 28, 2020 - Last Modified Date: October 06, 2020 37667: HTTP: Microsoft Windows hevcdecoder_store MKV File Parsing Out-Of-Bounds Write (ZDI-20-1081) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37667: ZDI-CAN-10962: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: April 28, 2020 - Last Modified Date: October 06, 2020 Modified Filters (metadata changes only): * = Enabled in Default deployments 13855: TCP: XML External Entity (XXE) Usage - IPS Version: 1.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: April 28, 2014 - Last Modified Date: October 06, 2020 19715: TCP: Java Management Extensions (JMX) JRMI Usage (ZDI-15-455,ZDI-20-1216) - IPS Version: 3.1.3 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "19715: TCP: Java Management Extensions (JMX) JRMI Usage (ZDI-15-455)". - Description updated. - Vulnerability references updated. - Release Date: April 21, 2015 - Last Modified Date: October 06, 2020 36086: HTTP: AWStats Totals multisort Code Injection Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Miscellaneous modification. - Release Date: September 03, 2019 - Last Modified Date: October 06, 2020 37332: HTTP: Delta Industrial Automation DPB File Parsing GifName Buffer Overflow Vulnerability(ZDI-20-308) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Vulnerability references updated. - Release Date: March 17, 2020 - Last Modified Date: October 06, 2020 37581: ZDI-CAN-10611: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Miscellaneous modification. - Release Date: April 14, 2020 - Last Modified Date: October 06, 2020 37585: ZDI-CAN-10675: Zero Day Initiative Vulnerability (Fuji Electric Tellus Lite V-Simulator 6) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Miscellaneous modification. - Release Date: April 14, 2020 - Last Modified Date: October 06, 2020 Removed Filters: NoneTop of the Page