Summary
Digital Vaccine #9496 January 26, 2021
Details
Thank you for subscribing to Digital Vaccine updates brought to you by Trend Micro™ TippingPoint DVLabs. New content is now available at the Threat Management Center (TMC): https://tmc.tippingpoint.com. SMS customers can update the Digital Vaccine through the SMS client. From the top-line menu, you can open the "File > Download Digital Vaccine from TMC" menu item to detect and load the latest update. |
System Requirements |
The 3.2.0 DV will run on IPS devices with TOS v3.2.0 and above, all NGFW, and all TPS systems. The 4.0.0 DV will only run on the Virtual Threat Protection System (vTPS) appliance. Please note that vTPS does not currently support pre-disclosed ZDI filters. |
The Digital Vaccine can be manually downloaded from the following URLs: https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=digital_vaccines&contentId=SIG_3.2.0_9496.pkg https://tmc.tippingpoint.com/TMC/ViewPackage?parentFolderId=vsa_dv&contentId=SIG_VTPS_4.0.0_9496.pkg |
Update Details
Table of Contents
--------------------------
Filters
New Filters - 16
Modified Filters (logic changes) - 38
Modified Filters (metadata changes only) - 2
Removed Filters - 0
Filters
----------------
New Filters: 38770: ZDI-CAN-12370: Zero Day Initiative Vulnerability (NETGEAR Nighthawk R7800) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Vulnerabilities - Severity: Critical - Description: This filter provides protection against exploitation of a zero-day vulnerability affecting Netgear Nighthawk R7800. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 26, 2021 38771: ZDI-CAN-12413: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 26, 2021 38772: ZDI-CAN-12418: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 26, 2021 38773: ZDI-CAN-12529: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 26, 2021 38774: ZDI-CAN-12530: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 26, 2021 38775: ZDI-CAN-12531: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 26, 2021 38776: ZDI-CAN-12532: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 26, 2021 38777: ZDI-CAN-12534: Zero Day Initiative Vulnerability (Siemens Solid Edge Viewer) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Siemens Solid Edge Viewer. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 26, 2021 38778: ZDI-CAN-12647: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 26, 2021 38779: ZDI-CAN-12656: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: Not available. - Requires: N/NX-Platform, NGFW, or TPS devices - Category: Exploits - Severity: Critical - Description: This filter protects against the exploitation of a zero-day vulnerability affecting Delta Industrial Automation DOPSoft. - Deployments: - Deployment: Security-Optimized (Block / Notify / Trace) - Classification: Vulnerability - Other - Protocol: Other Protocol - Platform: Other Server Application or Service - Release Date: January 26, 2021 38780: HTTP: Microsoft SharePoint GetUserCollectionFromSite Request (ATT&CK T1589.002, T1589.003, T1087) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a UserGroup.GetUserCollectionFromSite request to a Microsoft Sharepoint instance. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Other Server Application or Service - Release Date: January 26, 2021 38781: HTTP: Microsoft SharePoint GetUserCollectionFromWeb Request (ATT&CK T1589.002, T1589.003, T1087) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a UserGroup.GetUserCollectionFromWeb request to a Microsoft SharePoint instance. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Other Server Application or Service - Release Date: January 26, 2021 38782: HTTP: Microsoft SharePoint GetUserInfo Request (ATT&CK T1589.002, T1589.003, T1087) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a UserGroup.GetUserInfo request to a Microsoft Sharepoint instance. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Other Server Application or Service - Release Date: January 26, 2021 38783: HTTP: Microsoft SharePoint GetRolesAndPermissionsForSite Request (ATT&CK T1069, T1087) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects a UserGroup.GetRolesAndPermissionsForSite request to a Microsoft SharePoint instance. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Other - Protocol: HTTP - Platform: Other Server Application or Service - Release Date: January 26, 2021 38784: DNS: dns2tcp Tunneling Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Security Policy - Severity: Low - Description: This filter detects dns2tcp tunneling attempts. - Deployment: Not enabled by default in any deployment. - Classification: Security Policy - Forbidden Application Access or Service Request - Protocol: DNS - Platform: Multi-Platform Server Application or Service - Release Date: January 26, 2021 38808: HTTP: Oracle WebLogic Server JNDI Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Category: Vulnerabilities - Severity: Critical - Description: This filter detects an attempt to exploit a code execution vulnerability in Oracle WebLogic Server. - Deployments: - Deployment: Default (Block / Notify) - Deployment: Performance-Optimized (Disabled) - References: - Common Vulnerabilities and Exposures: CVE-2021-2109 - Classification: Vulnerability - Input Validation (Command injection, XSS, SQL injection, etc) - Protocol: HTTP - Platform: Multi-Platform Server Application or Service - Release Date: January 26, 2021 Modified Filters (logic changes): * = Enabled in Default deployments * 29728: HTTP: Apache Tomcat HTTP PUT Windows Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: October 17, 2017 - Last Modified Date: January 26, 2021 32163: TCP: Stratum Mining Protocol Usage - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: June 19, 2018 - Last Modified Date: January 26, 2021 36539: HTTP: Cisco Data Center Network Manager getLanIslList SQL Injection Vulnerability (ZDI-20-037) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "36539: ZDI-CAN-9184: Zero Day Initiative Vulnerability (Cisco Data Center Network Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 05, 2019 - Last Modified Date: January 26, 2021 37433: HTTP: JAWS Remote Code Execution Vulnerability - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: April 07, 2020 - Last Modified Date: January 26, 2021 37474: HTTP: WECON LeviStudioU XYSet WordAddr Buffer Overflow Vulnerability (ZDI-20-1059-63) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Vulnerability references updated. - Release Date: April 07, 2020 - Last Modified Date: January 26, 2021 37860: HTTP: D-Link DAP-1860 HNAP Authorization Command Injection Vulnerability (ZDI-20-1428) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37860: ZDI-CAN-10880: Zero Day Initiative Vulnerability (D-Link DAP-1860)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 21, 2020 - Last Modified Date: January 26, 2021 37861: HTTP: D-Link DAP-1860 uHTTPd Authentication Bypass Vulnerability (ZDI-20-1429) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37861: ZDI-CAN-10894: Zero Day Initiative Vulnerability (D-Link DAP-1860)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 21, 2020 - Last Modified Date: January 26, 2021 37862: HTTP: NETGEAR Orbi UA_Parser Host Name Command Injection Vulnerability (ZDI-20-1430) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37862: ZDI-CAN-11076: Zero Day Initiative Vulnerability (Netgear Orbi)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 21, 2020 - Last Modified Date: January 26, 2021 37863: HTTP: NETGEAR Orbi UA_Parser Host Name Command Injection Vulnerability (ZDI-20-1430) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37863: ZDI-CAN-11076: Zero Day Initiative Vulnerability (Netgear Orbi)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 21, 2020 - Last Modified Date: January 26, 2021 37865: HTTP: Microsoft SharePoint DataFormWebPart Information Disclosure Vulnerability (ZDI-20-1398) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37865: ZDI-CAN-11267: Zero Day Initiative Vulnerability (Microsoft SharePoint)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: July 21, 2020 - Last Modified Date: January 26, 2021 37932: HTTP: Trend Micro Multiple Products Improper Access Control Vulnerability (ZDI-20-1374,1387) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "37932: ZDI-CAN-11236: Zero Day Initiative Vulnerability (Trend Micro Multiple Products)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: August 11, 2020 - Last Modified Date: January 26, 2021 38012: HTTP: Apple Safari TextNode Use-After-Free Vulnerability (ZDI-20-1394) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38012: ZDI-CAN-11498: Zero Day Initiative Vulnerability (Apple Safari)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: August 18, 2020 - Last Modified Date: January 26, 2021 38014: HTTP: Adobe Acrobat Reader DC ID Parameter Out-Of-Bounds Read Vulnerability (ZDI-20-1354) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38014: ZDI-CAN-11540: Zero Day Initiative Vulnerability (Adobe Acrobat Reader)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: August 18, 2020 - Last Modified Date: January 26, 2021 38015: HTTP: Panasonic Control FPWIN Pro Project File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-068) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38015: ZDI-CAN-11579: Zero Day Initiative Vulnerability (Panasonic Control FPWIN Pro)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: August 18, 2020 - Last Modified Date: January 26, 2021 38023: HTTP: Delta Industrial Automation DOPSoft DPA Out-Of-Bounds Write Vulnerability (ZDI-21-028) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38023: ZDI-CAN-11644: Zero Day Initiative Vulnerability (Delta Industrial Automation DOPSoft)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: August 18, 2020 - Last Modified Date: January 26, 2021 38123: HTTP: Delta Industrial Automation CNCSoft-B DOPSoft XLS File Parsing Out-Of-Bounds Write(ZDI-21-031) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38123: ZDI-CAN-11712: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 22, 2020 - Last Modified Date: January 26, 2021 38124: HTTP: Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing Buffer Overflow (ZDI-21-039) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38124: ZDI-CAN-11713: Zero Day Initiative Vulnerability (Delta Industrial Automation CNCSoft)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 22, 2020 - Last Modified Date: January 26, 2021 38193: HTTP: Microsoft Windows Camera Codec Pack Out-Of-Bounds Write Vulnerability (ZDI-20-1258) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38193: ZDI-CAN-11981: Zero Day Initiative Vulnerability (Microsoft Windows Camera Codec)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: September 29, 2020 - Last Modified Date: January 26, 2021 38211: HTTP: Siemens JT2Go JT File Parsing Type Confusion Vulnerability (ZDI-21-046) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38211: ZDI-CAN-11881: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 06, 2020 - Last Modified Date: January 26, 2021 38212: HTTP: Siemens JT2Go PAR File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-047) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38212: ZDI-CAN-11885: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 06, 2020 - Last Modified Date: January 26, 2021 38213: HTTP: Siemens JT2Go PAR File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-049) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38213: ZDI-CAN-11891: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 06, 2020 - Last Modified Date: January 26, 2021 38214: HTTP: Siemens JT2Go PAR File Parsing Stack-based Buffer Overflow Vulnerability (ZDI-21-050) - IPS Version: 3.0.0 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38214: ZDI-CAN-11892: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: October 06, 2020 - Last Modified Date: January 26, 2021 38285: HTTP: Siemens JT2Go ASM File Parsing Type Confusion Vulnerability (ZDI-21-055) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38285: ZDI-CAN-11897: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38286: HTTP: Siemens JT2Go CG4 and CGM File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-052) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38286: ZDI-CAN-11898: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38287: HTTP: Siemens JT2Go ASM File Parsing Untrusted Pointer Dereference Vulnerability (ZDI-21-053) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38287: ZDI-CAN-11899: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38291: HTTP: Siemens JT2Go PDF File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-054) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38291: ZDI-CAN-11900: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38327: HTTP: Adobe Acrobat Pro DC PDF Export Out-Of-Bounds Read Vulnerability (ZDI-20-1356) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38327: ZDI-CAN-11958: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38329: HTTP: Siemens JT2Go JT File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-051) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38329: ZDI-CAN-11972: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38331: HTTP: Siemens JT2Go RGB and SGI File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-058) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38331: ZDI-CAN-11986: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38332: HTTP: Siemens JT2Go RGB and SGI File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-056) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38332: ZDI-CAN-11994: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38338: HTTP: Siemens JT2Go JT File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-057) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38338: ZDI-CAN-12014: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38339: HTTP: Adobe Acrobat Reader DC AVDocumentLocal Use-After-Free Vulnerability (ZDI-20-1357) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38339: ZDI-CAN-12015: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)". - Severity changed from "Critical" to "High". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38340: HTTP: Siemens JT2Go TGA File Parsing Heap-based Buffer Overflow Vulnerability (ZDI-21-059) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38340: ZDI-CAN-12017: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38341: HTTP: Microsoft Windows WebM Video Parsing Uninitialized Pointer Vulnerability (ZDI-20-1373) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38341: ZDI-CAN-12020: Zero Day Initiative Vulnerability (Microsoft Windows)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 03, 2020 - Last Modified Date: January 26, 2021 38383: HTTP: Hewlett Packard Enterprise Systems Insight Manager Deserialization Vulnerability (ZDI-20-1449) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38383: ZDI-CAN-11847: Zero Day Initiative Vulnerability(Hewlett Packard Enterprise Systems Insight Manager)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 17, 2020 - Last Modified Date: January 26, 2021 38390: HTTP: Siemens JT2Go TGA File Parsing Buffer Overflow Vulnerability (ZDI-21-061) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38390: ZDI-CAN-12016: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 17, 2020 - Last Modified Date: January 26, 2021 38483: HTTP: Siemens JT2Go CG4 File Parsing Out-Of-Bounds Read Vulnerability (ZDI-21-062) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38483: ZDI-CAN-12027: Zero Day Initiative Vulnerability (Siemens JT2Go)". - Description updated. - Detection logic updated. - Vulnerability references updated. - Release Date: November 24, 2020 - Last Modified Date: January 26, 2021 38676: UPnP: UPnP AddPortMapping() SOAP Request - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Detection logic updated. - Release Date: January 12, 2021 - Last Modified Date: January 26, 2021 Modified Filters (metadata changes only): * = Enabled in Default deployments 38391: HTTP: Microsoft Excel XLS File Memory Corruption Vulnerability (ZDI-21-023) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38391: HTTP: Microsoft Excel XLS File Memory Corruption Vulnerability". - Description updated. - Vulnerability references updated. - Release Date: November 17, 2020 - Last Modified Date: January 26, 2021 38491: HTTP: Microsoft Word DOC File Parsing Out-Of-Bounds Write Vulnerability (ZDI-21-026) - IPS Version: 3.6.2 and after. - NGFW Version: 1.0.0 and after. - TPS Version: 4.0.0 and after. - vTPS Version: 4.0.1 and after. - Name changed from "38491: HTTP: Microsoft Word DOC File Parsing Out-Of-Bounds Write Vulnerability". - Description updated. - Vulnerability references updated. - Release Date: November 24, 2020 - Last Modified Date: January 26, 2021 Removed Filters: NoneTop of the Page