VYPR

Vendor CVEs

Checkpoint

All CVEs

138 total · sorted by risk
  • CVE-2006-3540Jul 13, 2006
    risk 0.00cvss epss 0.01

    Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain…

  • CVE-2006-0255Jan 18, 2006
    risk 0.00cvss epss 0.00

    Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program.

  • CVE-2005-2932Dec 31, 2005
    risk 0.00cvss epss 0.00

    Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.

  • CVE-2005-3673Nov 18, 2005
    risk 0.00cvss epss 0.05

    The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory,…

  • CVE-2005-2889Sep 14, 2005
    risk 0.00cvss epss 0.02

    Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions.

  • CVE-2005-2313Jul 19, 2005
    risk 0.00cvss epss 0.00

    Check Point SecuRemote NG with Application Intelligence R54 allows attackers to obtain credentials and gain privileges via unknown attack vectors.

  • CVE-2005-0114Feb 11, 2005
    risk 0.00cvss epss 0.00

    vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory…

  • CVE-2004-1860Dec 31, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker.

  • CVE-2004-2679Dec 31, 2004
    risk 0.00cvss epss 0.01

    Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information.

  • CVE-2004-0612Dec 6, 2004
    risk 0.00cvss epss 0.01

    The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL…

  • CVE-2004-0699Sep 28, 2004
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.

  • CVE-2004-0469Jul 7, 2004
    risk 0.00cvss epss 0.05

    Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel…

  • CVE-2002-2405Dec 31, 2002
    risk 0.00cvss epss 0.01

    Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall.

  • CVE-2002-0428Aug 12, 2002
    risk 0.00cvss epss 0.02

    Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.

  • CVE-2001-1171Apr 1, 2002
    risk 0.00cvss epss 0.00

    Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy.

  • CVE-2001-1499Dec 31, 2001
    risk 0.00cvss epss 0.02

    Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.

  • CVE-2001-1431Oct 8, 2001
    risk 0.00cvss epss 0.01

    Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly…

  • CVE-2001-0940Sep 21, 2001
    risk 0.00cvss epss 0.04

    Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name.

  • CVE-2001-1102Sep 8, 2001
    risk 0.00cvss epss 0.00

    Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable.

  • CVE-2001-1101Sep 8, 2001
    risk 0.00cvss epss 0.01

    The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to…

  • CVE-2000-1201Aug 31, 2001
    risk 0.00cvss epss 0.01

    Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.

  • CVE-2001-1176Jul 12, 2001
    risk 0.00cvss epss 0.03

    Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.

  • CVE-2001-1158Jul 9, 2001
    risk 0.00cvss epss 0.03

    Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.

  • CVE-2001-0182Mar 26, 2001
    risk 0.00cvss epss 0.02

    FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources.

  • CVE-2000-1032Dec 11, 2000
    risk 0.00cvss epss 0.02

    The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall.

  • CVE-2000-0805Nov 14, 2000
    risk 0.00cvss epss 0.01

    Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."

  • CVE-2000-0807Nov 14, 2000
    risk 0.00cvss epss 0.02

    The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."

  • CVE-2000-0813Nov 14, 2000
    risk 0.00cvss epss 0.02

    Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."

  • CVE-2000-0806Nov 14, 2000
    risk 0.00cvss epss 0.02

    The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."

  • CVE-2000-0804Nov 14, 2000
    risk 0.00cvss epss 0.02

    Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."

  • CVE-2000-0808Nov 14, 2000
    risk 0.00cvss epss 0.02

    The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."

  • CVE-2000-0809Nov 14, 2000
    risk 0.00cvss epss 0.02

    Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service.

  • CVE-2000-0779Oct 20, 2000
    risk 0.00cvss epss 0.02

    Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.

  • CVE-2000-0181Mar 11, 2000
    risk 0.00cvss epss 0.02

    Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection.

  • CVE-2000-0150Feb 12, 2000
    risk 0.00cvss epss 0.02

    Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.

  • CVE-1999-0895Oct 20, 1999
    risk 0.00cvss epss 0.01

    Firewall-1 does not properly restrict access to LDAP attributes.

  • CVE-1999-0675Aug 9, 1999
    risk 0.00cvss epss 0.01

    Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.

  • CVE-1999-1204May 11, 1998
    risk 0.00cvss epss 0.01

    Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.

Page 3 of 3