VYPR

Vendor CVEs

Checkpoint

All CVEs

138 total · sorted by risk
  • CVE-2014-7169CriKEVSep 25, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…

  • CVE-2014-6271CriKEVSep 24, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…

  • CVE-2026-50751CriKEVJun 8, 2026
    risk 0.80cvss 9.3epss 0.71

    A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

  • CVE-2025-15389HigDec 31, 2025
    risk 0.57cvss 8.8epss 0.01

    VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

  • CVE-2025-15388HigDec 31, 2025
    risk 0.57cvss 8.8epss 0.01

    VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

  • CVE-2025-15387HigDec 31, 2025
    risk 0.57cvss 8.8epss 0.00

    VPN Firewall developed by QNO Technology has a Insufficient Entropy vulnerability, allowing unauthenticated remote attackers to obtain any logged-in user session through brute-force attacks and subsequently log into the system.

  • CVE-2026-10847HigJun 11, 2026
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process.…

  • CVE-2022-23742HigMay 12, 2022
    risk 0.51cvss 7.8epss 0.04

    Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or…

  • CVE-2008-0662HigFeb 8, 2008
    risk 0.51cvss 7.8epss 0.00

    The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing…

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-2026-48133HigMay 26, 2026
    risk 0.49cvss 7.5epss 0.05

    When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.

  • CVE-2025-9142HigJan 14, 2026
    risk 0.49cvss 7.5epss 0.00

    A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

  • CVE-2026-50752HigJun 8, 2026
    risk 0.48cvss 7.4epss 0.05

    A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful…

  • CVE-2025-8305MedDec 22, 2025
    risk 0.42cvss 6.5epss 0.00

    An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.

  • CVE-2025-8304MedDec 22, 2025
    risk 0.42cvss 6.5epss 0.00

    An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.

  • CVE-2026-48134MedMay 26, 2026
    risk 0.36cvss 5.6epss 0.04

    When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information.…

  • CVE-2001-0682MedAug 29, 2001
    risk 0.36cvss 5.5epss 0.00

    ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.

  • CVE-2024-24919KEVMay 28, 2024
    risk 0.29cvss epss 1.00

    Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

  • CVE-2026-48136MedMay 26, 2026
    risk 0.27cvss 4.1epss 0.04

    When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has…

  • CVE-2009-1227Apr 2, 2009
    risk 0.04cvss epss 0.07

    NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP…

  • CVE-2002-1623Dec 31, 2002
    risk 0.04cvss epss 0.49

    The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses…

  • CVE-2001-1303Jul 18, 2001
    risk 0.04cvss epss 0.09

    The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.

  • CVE-2000-0582Jun 30, 2000
    risk 0.04cvss epss 0.07

    Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy.

  • CVE-2000-0482Jun 6, 2000
    risk 0.04cvss epss 0.06

    Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets.

  • CVE-2019-8452Apr 22, 2019
    risk 0.03cvss epss 0.01

    A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with…

  • CVE-2008-7025Aug 21, 2009
    risk 0.03cvss epss 0.02

    TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response.

  • CVE-2008-7009Aug 19, 2009
    risk 0.03cvss epss 0.01

    Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information.

  • CVE-2008-1208Mar 8, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter.

  • CVE-2007-2083Apr 18, 2007
    risk 0.03cvss epss 0.01

    vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted…

  • CVE-2005-4093Dec 8, 2005
    risk 0.03cvss epss 0.03

    Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.

  • CVE-2003-0757Oct 20, 2003
    risk 0.03cvss epss 0.03

    Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.

  • CVE-2001-0082Feb 12, 2001
    risk 0.03cvss epss 0.02

    Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets.

  • CVE-2000-1037Dec 11, 2000
    risk 0.03cvss epss 0.03

    Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.

  • CVE-2000-0116Jan 29, 2000
    risk 0.03cvss epss 0.02

    Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.

  • CVE-1999-0770Jul 29, 1999
    risk 0.03cvss epss 0.01

    Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.

  • CVE-2021-30357Jun 8, 2021
    risk 0.02cvss epss 0.23

    SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.

  • CVE-2004-0081Nov 23, 2004
    risk 0.01cvss epss 0.07

    OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

  • CVE-2004-0112Nov 23, 2004
    risk 0.01cvss epss 0.10

    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake…

  • CVE-2004-0040Mar 3, 2004
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.

  • CVE-2004-0039Mar 3, 2004
    risk 0.01cvss epss 0.09

    Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP…

  • CVE-2024-24911Feb 6, 2025
    risk 0.00cvss epss 0.00

    In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL…

  • CVE-2024-6233Nov 22, 2024
    risk 0.00cvss epss 0.00

    Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to…

  • CVE-2024-24912May 1, 2024
    risk 0.00cvss epss 0.00

    A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.

  • CVE-2024-24910Apr 18, 2024
    risk 0.00cvss epss 0.00

    A local attacker can erscalate privileges on affected Check Point ZoneAlarm ExtremeSecurity NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged…

  • CVE-2023-28134Nov 12, 2023
    risk 0.00cvss epss 0.00

    Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

  • CVE-2023-39421Sep 7, 2023
    risk 0.00cvss epss 0.00

    The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services.

  • CVE-2023-28130Jul 26, 2023
    risk 0.00cvss epss 0.21

    Local user may lead to privilege escalation using Gaia Portal hostnames page.

  • CVE-2023-28133Jul 23, 2023
    risk 0.00cvss epss 0.06

    Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file

  • CVE-2022-23746Nov 30, 2022
    risk 0.00cvss epss 0.01

    The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.

  • CVE-2022-41604Sep 27, 2022
    risk 0.00cvss epss 0.01

    Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory, and a self-protection driver bypass that allows creation of a…

Page 1 of 3