Vendor
Checkpoint
Products
37
CVEs
81
Across products
316
Status
Private
Products
37- 148 CVEs
- 41 CVEs
- 19 CVEs
- 19 CVEs
- 19 CVEs
- 9 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- + 7 more — see CVE list below for full coverage.
Recent CVEs
81| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-7169 | Cri | 0.86 | 9.8 | 0.89 | KEV | Sep 25, 2014 | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. |
| CVE-2014-6271 | Cri | 0.86 | 9.8 | 0.94 | KEV | Sep 24, 2014 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. |
| CVE-2008-0662 | Hig | 0.51 | 7.8 | 0.00 | Feb 8, 2008 | The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. | |
| CVE-2004-0079 | Hig | 0.49 | 7.5 | 0.02 | Nov 23, 2004 | The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | |
| CVE-2001-0682 | Med | 0.36 | 5.5 | 0.00 | Aug 29, 2001 | ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting. | |
| CVE-2002-1623 | 0.06 | — | 0.72 | Dec 31, 2002 | The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote. | ||
| CVE-2009-1227 | 0.04 | — | 0.17 | Apr 2, 2009 | NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis. | ||
| CVE-2004-0039 | 0.04 | — | 0.47 | Mar 3, 2004 | Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. | ||
| CVE-2003-0757 | 0.04 | — | 0.07 | Oct 20, 2003 | Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet. | ||
| CVE-2000-1037 | 0.04 | — | 0.12 | Dec 11, 2000 | Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack. | ||
| CVE-2008-7025 | 0.03 | — | 0.02 | Aug 21, 2009 | TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response. | ||
| CVE-2008-7009 | 0.03 | — | 0.00 | Aug 19, 2009 | Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information. | ||
| CVE-2008-1208 | 0.03 | — | 0.01 | Mar 8, 2008 | Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter. | ||
| CVE-2005-4093 | 0.03 | — | 0.04 | Dec 8, 2005 | Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint. | ||
| CVE-2001-1303 | 0.03 | — | 0.04 | Jul 18, 2001 | The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication. | ||
| CVE-2001-0082 | 0.03 | — | 0.02 | Feb 12, 2001 | Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets. | ||
| CVE-2000-0582 | 0.03 | — | 0.05 | Jun 30, 2000 | Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy. | ||
| CVE-2000-0482 | 0.03 | — | 0.06 | Jun 6, 2000 | Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets. | ||
| CVE-2000-0116 | 0.03 | — | 0.02 | Jan 29, 2000 | Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. | ||
| CVE-1999-0770 | 0.03 | — | 0.01 | Jul 29, 1999 | Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. |