Lucene search
K
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2021/03/02 12:0 a.m.•34 views

Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)

A remote code execution vulnerability exists in Microsoft Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.5AI score0.99999EPSS
Exploits65
Check Point Advisories
Check Point Advisories
•added 2020/12/27 12:0 a.m.•34 views

Apache Kylin Remote Code Execution (CVE-2020-1956)

A command execution vulnerability exists in Apache kylin 2.3.2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.8AI score0.97337EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/12/20 12:0 a.m.•34 views

Libbpg Project Out of Bounds Write (CVE-2016-8710)

A remote code execution vulnerability exists in Libbpg project Libbpg. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.9AI score0.03388EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2020/10/29 12:0 a.m.•34 views

Sangoma FreePBX Authentication Bypass (CVE-2019-19006)

An authentication bypass vulnerability exists in Sangoma FreePBX. A remote attacker could exploit this flaw by sending specially crafted packets to the affected server. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized...

7.5CVSS5.5AI score0.36615EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2020/08/27 12:0 a.m.•34 views

Microsoft Diagnostic Hub Standard Collector Elevation Of Privilege (CVE-2018-0952)

An elevation of privilege vulnerability exists in Microsoft visual studio 2015 update3. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.2CVSS7.9AI score0.06232EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2020/05/14 12:0 a.m.•34 views

SonicWall SMA100 and SRA Buffer Overflow (CVE-2019-7482)

A buffer overflow vulnerability exists in SonicWall SMA100 and SonicWall SRA systems. Successful exploitation could result in arbitrary code execution in the context of the affected application...

7.5CVSS4.5AI score0.08817EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/04/30 12:0 a.m.•34 views

WordPress LearnDash Plugin SQL Injection (CVE-2020-6009)

An SQL injection vulnerability exists in the WordPress LearnDash Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS4.8AI score0.0184EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2020/03/26 12:0 a.m.•34 views

WordPress Tutor LMS Plugin Cross Site Request Forgery (CVE-2020-8615)

A cross site request forgery vulnerability exists in WordPress Tutor LMS Plugin. Successful exploitation of this vulnerability can result in the execution of arbitrary code in the effected system...

2.6CVSS2.6AI score0.0883EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2020/03/01 12:0 a.m.•34 views

Apache James Server Command Injection (CVE-2015-7611)

A command injection vulnerability exists in Apache James server. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands on the affected system...

9.3CVSS7.7AI score0.68603EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2019/12/30 12:0 a.m.•34 views

Microsoft Exchange Privilege Escalation (CVE-2019-0724)

An elevation of privilege vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS5.5AI score0.23799EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2019/11/25 12:0 a.m.•34 views

Advantech WebAccess Stack-based Buffer Overflow (CVE-2018-17910)

A stack-based buffer overflow vulnerability exists in Advantech WebAccess. Successful exploitation could lead to arbitrary code execution on the affected...

9.3CVSS4.1AI score0.05219EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/09/24 12:0 a.m.•34 views

Microsoft Internet Explorer Use After free (CVE-2019-1367)

A use-after-free vulnerability exists in Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6CVSS8AI score0.52729EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/08/13 12:0 a.m.•34 views

Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-1196)

A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6CVSS5.1AI score0.01934EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/05/20 12:0 a.m.•34 views

PostgreSQL Remote Code Execution (CVE-2019-9193)

A remote code execution vulnerability exists in PostgreSQL. Successful exploitation of this vulnerability could result in arbitrary code execution on the victim machine...

9CVSS3.9AI score0.91877EPSS
Exploits17
Check Point Advisories
Check Point Advisories
•added 2019/04/23 12:0 a.m.•34 views

Oracle Business Intelligence / XML Publisher XML External Entity Injection (CVE-2019-2616)

An XML External Entity Injection vulnerability exists in Oracle Business Intelligence and XML Publisher. Successful exploitation of this vulnerability could result in unauthorized access to critical data in Oracle BI Publisher...

6.4CVSS2.9AI score0.92183EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2019/04/09 12:0 a.m.•34 views

Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2019-0812)

A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6CVSS7.9AI score0.1866EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/04/09 12:0 a.m.•34 views

Microsoft Office Remote Code Execution (CVE-2019-0801)

A remote code execution vulnerability exists in Microsoft Office. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.9AI score0.18515EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2019/03/26 12:0 a.m.•34 views

LG SuperSign EZ CMS 2.5 Remote Code Execution (CVE-2018-17173)

A remote code execution vulnerability is exist in LG SuperSign EZ CMS. Successful exploitation could result in arbitrary code execution on the target system...

7.5CVSS5.8AI score0.56237EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2019/01/08 12:0 a.m.•34 views

Microsoft Windows Elevation of Privilege (CVE-2019-0543)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.6CVSS8.2AI score0.04679EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2019/01/03 12:0 a.m.•34 views

PhpSpreadsheet XML External Entity Injection (CVE-2018-19277)

An XML external entity injection vulnerability exists in PhpSpreadsheet library. The vulnerability is due to a failure to properly handle external entity references in XML files. A successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...

6.8CVSS1AI score0.07791EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2018/11/06 12:0 a.m.•35 views

Yi Technology Home Camera Time Sync Code Execution (CVE-2018-3892)

A remote code execution exists in the time syncing functionality of Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS4.5AI score0.02655EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2018/07/10 12:0 a.m.•34 views

Microsoft Chakra Scripting Engine Memory Corruption (CVE-2018-8298)

A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6CVSS5AI score0.75339EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2018/07/05 12:0 a.m.•34 views

Fortinet FortiOS SSH backdoor (CVE-2016-1909) - Ver2

An information disclosure vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

10CVSS8AI score0.71268EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2018/06/28 12:0 a.m.•34 views

Microsoft IIS Command Execution (CVE-2001-0500) - Ver2

A command execution vulnerability exists in Microsoft IIS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS7.1AI score0.96731EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2018/04/04 12:0 a.m.•34 views

Google Chrome Type Confusion (CVE-2018-6064)

A type confusion vulnerability exists in Google Chrome. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.8CVSS5.1AI score0.06892EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2018/03/13 12:0 a.m.•35 views

Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-0934)

A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6CVSS5.1AI score0.66473EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2018/02/13 12:0 a.m.•34 views

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-0866)

A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS7.7AI score0.44265EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2018/02/13 12:0 a.m.•34 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0834)

A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS7.7AI score0.55563EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2018/01/11 12:0 a.m.•34 views

Trend Micro Mobile Security Enterprise get_dep_profile id SQL Injection (CVE-2017-14078)

An SQL injection vulnerability exists in Trend Micro Mobile Security Enterprise. The vulnerability is due to insufficient validation of the id request parameter with getdepprofile action...

10CVSS2.2AI score0.50166EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/12/20 12:0 a.m.•34 views

Microsoft Internet Explorer Scripting Engine Information Disclosure (CVE-2017-11906)

An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the scripting engine improperly handles objects in memory in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with ...

2.6CVSS5.5AI score0.25116EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/11/21 12:0 a.m.•34 views

Viscom Software Movie Player Pro SDK ActiveX Buffer Overflow (CVE-2010-0356)

A buffer overflow vulnerability has been reported in Viscom Software Movie Player Pro SDK. The vulnerability is due to mishandling of an overly long string. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS5.3AI score0.30383EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2017/10/19 12:0 a.m.•34 views

IBM Lotus Notes encodeURI DOS (CVE-2017-1129)

A denial of service vulnerability exists in IBM Lotus Notes. A remote attacker can exploit this vulnerability by sending a specially crafted message to an affected system...

4.3CVSS3.8AI score0.30074EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2017/10/10 12:0 a.m.•34 views

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11793)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Microsoft Internet Explorer handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

7.6CVSS7.8AI score0.48907EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/10/08 12:0 a.m.•34 views

Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100)

A command execution vulnerability exists in Digium Asterisk. The vulnerability is due to insufficient validation of Caller-IDs within SIP requests when the MinivmNotify dialplan function is used with an external notification program. A remote, authenticated attacker could exploit this vulnerabili...

7.5CVSS4.4AI score0.14907EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/08/10 12:0 a.m.•34 views

Nginx ngx_http_range_filter_module Integer Overflow (CVE-2017-7529)

An integer overflow vulnerability exists in Nginx. The vulnerability is due to insufficient validation of requested byte ranges...

5CVSS3.9AI score0.62597EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2017/08/08 12:0 a.m.•34 views

Cisco Prime Collaboration Provisioning logconfigtracer.jsp Directory Traversal (CVE-2017-6621)

An information disclosure vulnerability exists in Cisco Prime Collaboration Provisioning. The vulnerability is due to insufficient validation on user supplied paths when a request is sent to logconfigtracer.jsp page. A remote, unauthenticated attacker can exploit this vulnerability by sending a...

5CVSS3.3AI score0.06174EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/08/01 12:0 a.m.•34 views

ManageEngine Desktop Central Remote Code Execution (CVE-2017-11346)

A remote Code Execution vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to insufficient check of parameter. By sending crafted request ,a remote attacker can place a file under a directory that allows server-side scripts to run...

7.5CVSS3.7AI score0.4327EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/07/17 12:0 a.m.•34 views

Schneider Electric U.motion Builder localize.php SQL Injection (CVE-2017-7973)

An SQL injection vulnerability has been reported in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the username HTTP request parameter in requests made to localize.php. A remote, unauthenticated user can exploit this vulnerability by sending a crafted...

7.5CVSS1.2AI score0.01472EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/06/21 12:0 a.m.•34 views

Schneider Electric U.motion Builder loadtemplate.php SQL Injection (CVE-2017-7973)

An SQL injection vulnerability exists in Schneider Electric U.motion Builder. The vulnerability is due to insufficient validation of the tpl HTTP parameter of the loadtemplate.php request. A remote, unauthenticated user can exploit this vulnerability by sending a crafted HTTP request to the...

7.5CVSS1.1AI score0.01472EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/29 12:0 a.m.•34 views

Microsoft Malware Protection Engine Remote Code Execution (CVE-2017-8541)

A memory corruption vulnerability has been reported in Microsoft Malware Protection Engine. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file. A successful exploitation could lead to arbitrary code execution...

9.3CVSS5AI score0.50281EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/21 12:0 a.m.•34 views

Joomla com_fields Component SQL Injection (CVE-2017-8917)

An SQL injection vulnerability exists in Joomla comfields Component. Remote attackers may leverage this vulnerability to gain arbitrary code execution over the vulnerable server...

7.5CVSS6.6AI score0.99826EPSS
Exploits21
Check Point Advisories
Check Point Advisories
•added 2017/05/04 12:0 a.m.•34 views

ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization (CVE-2016-9498)

An insecure deserialization vulnerability exists in ManageEngine Applications Manager. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization. A remote, unauthenticated attacker can exploit...

10CVSS3.5AI score0.22011EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•34 views

Microsoft Win32k Elevation of Privilege (MS17-018: CVE-2017-0079; CVE-2017-0078)

An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application...

7.2CVSS7.4AI score0.02388EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•34 views

Microsoft Office Memory Corruption (MS17-014: CVE-2017-0006)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to the way Microsoft Office improperly handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.6AI score0.16607EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/26 12:0 a.m.•34 views

Advantech WebAccess updateTemplate.aspx SQL Injection (CVE-2017-5154)

An SQL injection vulnerability has been reported in Advantech WebAccess. The vulnerability is due to insufficient validation of the template parameter in HTTP request sent to the updateTemplate.aspx. A remote attacker could exploit this vulnerability by sending a HTTP request with a malicious SQL...

7.5CVSS1.5AI score0.04398EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•34 views

Microsoft Edge Use After Free (MS16-145: CVE-2016-7288)

A use after free vulnerability exists in Microsoft Edge. The vulnerability is due to incorrect memory handling leading to a use after free condition when processing a maliciously crafted file. Successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote...

7.6CVSS8AI score0.70354EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/08/09 12:0 a.m.•34 views

Microsoft Office Memory Corruption (MS16-099: CVE-2016-3316)

A memory corruption vulnerability has been reported in Microsoft Word. The application fails to properly handle certain objects in memory when parsing specially crafted files with a large sprmSDyaTop value. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to op...

9.3CVSS3.7AI score0.47194EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2015/12/08 12:0 a.m.•34 views

Microsoft Internet Explorer Memory Corruption (MS15-124: CVE-2015-6134)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer verifies an argument of a certain function. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page wi...

9.3CVSS7AI score0.18763EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/10/13 12:0 a.m.•34 views

Microsoft VBScript and JScript ASLR Bypass (MS15-106: CVE-2015-6052)

A security feature bypass vulnerability has been discovered in JScript and VBScript scripting engines. The vulnerability is due to the way that the VBScript scripting engine uses the Address Space Layout Randomization ASLR security feature. A remote attacker can exploit this issue by enticing a...

4.3CVSS7.5AI score0.14898EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/08/12 12:0 a.m.•34 views

Google Android Stagefright MP4 Multiple Atoms Integer Underflow (CVE-2015-1539; CVE-2015-3827)

A remote code execution vulnerability, known as Stagefright Vulnerability, has been reported in Android devices core. The vulnerability is due to an integer underflow condition in multiple MP4 atoms. Successful exploitation would allow an attacker to execute arbitrary code on the target system...

10CVSS4AI score0.85792EPSS
Exploits0
Total number of security vulnerabilities5000