Filtered by vendor Checkpoint
Subscriptions
Total
125 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8454 | 2 Checkpoint, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 7.0 High |
| A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. | ||||
| CVE-2019-8453 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | N/A |
| Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client. | ||||
| CVE-2019-8452 | 1 Checkpoint | 2 Endpoint Security, Zonealarm | 2024-11-21 | 7.8 High |
| A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file. | ||||
| CVE-2018-8790 | 1 Checkpoint | 1 Zonealarm | 2024-11-21 | N/A |
| Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. | ||||
| CVE-2024-24914 | 1 Checkpoint | 7 Clusterxl, Multi-domain Management, Quantum Appliances and 4 more | 2024-11-08 | 8 High |
| Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available. | ||||