Filtered by vendor Checkpoint
Subscribe
Search
Total
113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1227 | 1 Checkpoint | 1 Firewall-1 Pki Web Service | 2018-10-10 | 10.0 HIGH | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis." | |||||
| CVE-2014-1672 | 1 Checkpoint | 2 Management Server, Security Gateway | 2018-01-03 | 4.0 MEDIUM | N/A |
| Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2001-1102 | 1 Checkpoint | 1 Firewall-1 | 2017-12-19 | 6.2 MEDIUM | N/A |
| Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable. | |||||
| CVE-2001-1101 | 1 Checkpoint | 1 Firewall-1 | 2017-12-19 | 6.4 MEDIUM | N/A |
| The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2004-0040 | 1 Checkpoint | 2 Firewall-1, Vpn-1 | 2017-10-10 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet. | |||||
| CVE-2001-1303 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 5.0 MEDIUM | N/A |
| The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication. | |||||
| CVE-2001-1158 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 7.5 HIGH | N/A |
| Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. | |||||
| CVE-2001-1176 | 1 Checkpoint | 3 Firewall-1, Provider-1, Vpn-1 | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection. | |||||
| CVE-2000-0808 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 7.5 HIGH | N/A |
| The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication." | |||||
| CVE-1999-1204 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 7.5 HIGH | N/A |
| Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator. | |||||
| CVE-2000-0482 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 5.0 MEDIUM | N/A |
| Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets. | |||||
| CVE-2000-0804 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 7.5 HIGH | N/A |
| Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass." | |||||
| CVE-2000-0805 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 7.5 HIGH | N/A |
| Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets." | |||||
| CVE-2000-0806 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 5.0 MEDIUM | N/A |
| The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass." | |||||
| CVE-2000-0807 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 7.5 HIGH | N/A |
| The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability." | |||||
| CVE-2000-0809 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2000-0813 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 5.0 MEDIUM | N/A |
| Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass." | |||||
| CVE-2000-1032 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 5.0 MEDIUM | N/A |
| The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall. | |||||
| CVE-2001-0182 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 5.0 MEDIUM | N/A |
| FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. | |||||
| CVE-2001-0940 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name. | |||||
| CVE-2014-8950 | 1 Checkpoint | 1 Security Gateway | 2017-09-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. | |||||
| CVE-2014-8951 | 1 Checkpoint | 1 Security Gateway | 2017-09-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. | |||||
| CVE-2014-8952 | 1 Checkpoint | 1 Security Gateway | 2017-09-08 | 7.1 HIGH | N/A |
| Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition." | |||||
| CVE-2013-7304 | 1 Checkpoint | 1 Endpoint Security Mi Server R73 | 2017-08-29 | 4.3 MEDIUM | N/A |
| Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client. | |||||
| CVE-2014-1673 | 1 Checkpoint | 1 Session Authentication Agent | 2017-08-29 | 5.0 MEDIUM | N/A |
| Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors. | |||||
| CVE-2011-2664 | 1 Checkpoint | 1 Multi-domain Management\/provider-1 | 2017-08-29 | 3.6 LOW | N/A |
| Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors. | |||||
| CVE-2008-5849 | 1 Checkpoint | 1 Vpn-1 | 2017-08-08 | 5.0 MEDIUM | N/A |
| Check Point VPN-1 R55, R65, and other versions, when Port Address Translation (PAT) is used, allows remote attackers to discover intranet IP addresses via a packet with a small TTL, which triggers an ICMP_TIMXCEED_INTRANS (aka ICMP time exceeded in-transit) response containing an encapsulated IP packet with an intranet address, as demonstrated by a TCP packet to the firewall management server on port 18264. | |||||
| CVE-2008-5994 | 1 Checkpoint | 1 Connectra Ngx | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Check Point Connectra NGX R62 HFA_01 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1397 | 1 Checkpoint | 5 Check Point Vpn-1 Pro, Vpn-1, Vpn-1 Firewall-1 and 2 more | 2017-08-08 | 6.5 MEDIUM | N/A |
| Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. | |||||
| CVE-2004-2679 | 1 Checkpoint | 1 Firewall-1 | 2017-07-29 | 7.8 HIGH | N/A |
| Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information. | |||||
| CVE-2005-2932 | 1 Checkpoint | 2 Zonealarm, Zonealarm Security Suite | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls. | |||||
| CVE-2004-0699 | 1 Checkpoint | 2 Firewall-1, Vpn-1 | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data. | |||||
| CVE-2004-0469 | 1 Checkpoint | 4 Firewall-1, Next Generation, Ng-ai and 1 more | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation. | |||||
| CVE-2004-0039 | 1 Checkpoint | 1 Firewall-1 | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. | |||||
| CVE-2001-1431 | 2 Checkpoint, Nokia | 3 Firewall-1, Vpn-1, Firewall Appliance | 2017-07-11 | 5.0 MEDIUM | N/A |
| Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information. | |||||
| CVE-2001-1499 | 1 Checkpoint | 1 Vpn-1 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks. | |||||
| CVE-2002-1623 | 1 Checkpoint | 1 Vpn-1 Firewall-1 | 2017-07-11 | 5.0 MEDIUM | N/A |
| The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote. | |||||
| CVE-2005-2889 | 1 Checkpoint | 1 Connectra Ngx | 2016-10-18 | 7.5 HIGH | N/A |
| Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2013-7350 | 1 Checkpoint | 1 Security Gateway | 2014-04-01 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important security fixes." | |||||
| CVE-2013-7311 | 1 Checkpoint | 2 Gaia Os, Ipso Os | 2014-01-23 | 5.4 MEDIUM | N/A |
| The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. | |||||
| CVE-2013-5636 | 1 Checkpoint | 1 Endpoint Security | 2013-12-02 | 3.3 LOW | N/A |
| Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses. | |||||
| CVE-2013-5635 | 1 Checkpoint | 1 Endpoint Security | 2013-12-02 | 3.3 LOW | N/A |
| Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously. | |||||
| CVE-2010-5184 | 2 Checkpoint, Microsoft | 2 Zonealarm Extreme Security, Windows Xp | 2012-09-05 | 6.2 MEDIUM | N/A |
| ** DISPUTED ** Race condition in ZoneAlarm Extreme Security 9.1.507.000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute. | |||||
| CVE-2012-2753 | 1 Checkpoint | 4 Endpoint Connect, Endpoint Security, Endpoint Security Vpn and 1 more | 2012-06-26 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2011-1827 | 1 Checkpoint | 3 Connectra Ngx, Vpn-1, Vpn-1 Firewall-1 Vsx | 2012-05-14 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet. | |||||
| CVE-2005-4093 | 1 Checkpoint | 2 Secureclient Ng, Vpn-1 Secureclient | 2011-05-18 | 6.5 MEDIUM | N/A |
| Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint. | |||||
| CVE-2005-3673 | 1 Checkpoint | 5 Check Point, Express, Firewall-1 and 2 more | 2011-03-08 | 7.8 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2000-0582 | 1 Checkpoint | 1 Firewall-1 | 2008-09-10 | 5.0 MEDIUM | N/A |
| Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy. | |||||
| CVE-2000-0779 | 1 Checkpoint | 1 Firewall-1 | 2008-09-10 | 7.5 HIGH | N/A |
| Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests. | |||||
| CVE-2000-0181 | 1 Checkpoint | 1 Firewall-1 | 2008-09-10 | 5.0 MEDIUM | N/A |
| Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. | |||||