VYPR

Vendor CVEs

Checkpoint

All CVEs

138 total · sorted by risk
  • CVE-2021-30361May 11, 2022
    risk 0.00cvss epss 0.04

    The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

  • CVE-2022-23743May 11, 2022
    risk 0.00cvss epss 0.00

    Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary…

  • CVE-2021-27223Apr 1, 2022
    risk 0.00cvss epss 0.00

    A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits:…

  • CVE-2021-30360Jan 7, 2022
    risk 0.00cvss epss 0.01

    Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote…

  • CVE-2021-30359Oct 22, 2021
    risk 0.00cvss epss 0.04

    The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start…

  • CVE-2021-30358Oct 19, 2021
    risk 0.00cvss epss 0.27

    Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.

  • CVE-2021-30356Apr 22, 2021
    risk 0.00cvss epss 0.01

    A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.

  • CVE-2020-6024Jan 20, 2021
    risk 0.00cvss epss 0.00

    Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all…

  • CVE-2020-6021Dec 3, 2020
    risk 0.00cvss epss 0.00

    Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a…

  • CVE-2020-6015Nov 5, 2020
    risk 0.00cvss epss 0.00

    Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations.

  • CVE-2020-6014Oct 30, 2020
    risk 0.00cvss epss 0.00

    Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution…

  • CVE-2020-6023Oct 27, 2020
    risk 0.00cvss epss 0.00

    Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.

  • CVE-2020-6022Oct 27, 2020
    risk 0.00cvss epss 0.00

    Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.

  • CVE-2020-8097Aug 30, 2020
    risk 0.00cvss epss 0.00

    An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint…

  • CVE-2019-8463Dec 23, 2019
    risk 0.00cvss epss 0.01

    A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations.

  • CVE-2019-8462Oct 2, 2019
    risk 0.00cvss epss 0.01

    In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging.

  • CVE-2019-8461Aug 29, 2019
    risk 0.00cvss epss 0.01

    Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location…

  • CVE-2019-8459Jun 20, 2019
    risk 0.00cvss epss 0.01

    Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one.

  • CVE-2019-8458Jun 20, 2019
    risk 0.00cvss epss 0.01

    Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check…

  • CVE-2019-8454Apr 29, 2019
    risk 0.00cvss epss 0.00

    A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the…

  • CVE-2019-8453Apr 17, 2019
    risk 0.00cvss epss 0.00

    Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.

  • CVE-2019-8455Apr 17, 2019
    risk 0.00cvss epss 0.00

    A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.

  • CVE-2019-8456Apr 9, 2019
    risk 0.00cvss epss 0.20

    Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server.

  • CVE-2018-8790Mar 1, 2019
    risk 0.00cvss epss 0.00

    Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM.

  • CVE-2014-8952Nov 16, 2014
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS…

  • CVE-2014-8951Nov 16, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a…

  • CVE-2014-8950Nov 16, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request.

  • CVE-2013-7350Apr 1, 2014
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important security fixes."

  • CVE-2014-1673Jan 26, 2014
    risk 0.00cvss epss 0.02

    Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors.

  • CVE-2014-1672Jan 26, 2014
    risk 0.00cvss epss 0.01

    Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions.

  • CVE-2013-7311Jan 23, 2014
    risk 0.00cvss epss 0.01

    The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote…

  • CVE-2013-7304Jan 22, 2014
    risk 0.00cvss epss 0.01

    Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client.

  • CVE-2013-5636Nov 30, 2013
    risk 0.00cvss epss 0.00

    Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM…

  • CVE-2013-5635Nov 30, 2013
    risk 0.00cvss epss 0.00

    Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within…

  • CVE-2010-5184Aug 25, 2012
    risk 0.00cvss epss 0.00

    Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space…

  • CVE-2012-2753Jun 19, 2012
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain…

  • CVE-2011-1827Oct 5, 2011
    risk 0.00cvss epss 0.05

    Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX…

  • CVE-2011-2664Jul 8, 2011
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors.

  • CVE-2008-5994Jan 28, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2008-5849Jan 6, 2009
    risk 0.00cvss epss 0.02

    Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing…

  • CVE-2008-1397Mar 20, 2008
    risk 0.00cvss epss 0.02

    Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as…

  • CVE-2007-4216Aug 21, 2007
    risk 0.00cvss epss 0.00

    vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory…

  • CVE-2007-3489Jun 29, 2007
    risk 0.00cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request…

  • CVE-2007-3464Jun 27, 2007
    risk 0.00cvss epss 0.01

    Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended…

  • CVE-2007-3465Jun 27, 2007
    risk 0.00cvss epss 0.01

    Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.

  • CVE-2007-2730May 16, 2007
    risk 0.00cvss epss 0.00

    Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain…

  • CVE-2007-2689May 16, 2007
    risk 0.00cvss epss 0.02

    Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.

  • CVE-2007-2174Apr 24, 2007
    risk 0.00cvss epss 0.00

    The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.

  • CVE-2007-0471Jan 24, 2007
    risk 0.00cvss epss 0.03

    sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a…

  • CVE-2006-3885Jul 27, 2006
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264.