Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2013/05/14 12:0 a.m.•28 views

Microsoft Visio SVG File Information Disclosure (MS13-044; CVE-2013-1301)

An information disclosure vulnerability has been reported in Microsoft Visio. The vulnerability is caused when Microsoft Visio improperly handles XML external entities that are resolved within other XML external entity declarations. An attacker who successfully exploited this vulnerability could...

5.4AI score0.16707EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/04/15 12:0 a.m.•28 views

Microsoft LSASS Authentication Process Integer Overflow (MS09-059; CVE-2009-2524) - high confidence

An elevation of privilege vulnerability has been discovered in the Microsoft Windows Local Security Authority Subsystem Service LSASS. The vulnerability is due to the Windows NTLM implementation in LSASS improper handling of malformed packets during NTLM authentication. A remote attacker could...

6.4AI score0.2847EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2013/04/14 12:0 a.m.•28 views

Adobe Photoshop PNG Image Processing Buffer Overflow - Improved Performance (CVE-2012-4170)

A heap buffer overflow vulnerability has been reported in Adobe Photoshop CS6. The vulnerability is due to an error while handling certain chunks within a specially crafted PNG file. A remote attacker can exploit this vulnerability by enticing a user to open a malicious PNG file. Successful...

7AI score0.1136EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2013/03/21 12:0 a.m.•28 views

Microsoft Word CSS Processing Code Execution - Improved Performance (MS08-026; CVE-2008-1434)

A remote code execution vulnerability has been identified in Microsoft Word...

3.1AI score0.30869EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2012/11/18 12:0 a.m.•28 views

Trend Micro Control Manager ad hoc query Module SQL Injection (CVE-2012-2998)

An SQL injection vulnerability has been reported in Trend Micro Control Manager...

7.7AI score0.06089EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2012/09/04 12:0 a.m.•28 views

Zend Technologies Zend Framework Zend_XmlRpc Information Disclosure (CVE-2012-3363)

An information disclosure vulnerability has been reported in Zend Technologies Zend Framework...

5.8AI score0.50248EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2012/04/30 12:0 a.m.•28 views

Microsoft Excel Incorrect BIFF2 Record Parsing Code Execution (MS11-072; CVE-2011-1988)

A remote code execution vulnerability has been reported in Microsoft Excel...

7.3AI score0.18609EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2012/04/16 12:0 a.m.•28 views

Flexera InstallShield DoFindReplace Multiple Heap Buffer Overflows (CVE-2011-3174)

Multiple heap buffer overflow vulnerabilities have been reported in Flexera Software InstallShield...

7.2AI score0.029EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2012/04/16 12:0 a.m.•28 views

CA Total Defense Suite UNCWS getDBConfigSettings Credential Information Disclosure (CVE-2011-1655)

An information disclosure vulnerability has been reported in CA Total Defense Suite. The vulnerability is due to insufficient access control when handling requests to the getDBConfigSettings web method. A remote attacker may exploit this vulnerability by sending a specially crafted SOAP xml to th...

7.5CVSS6.9AI score0.11975EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2012/03/26 12:0 a.m.•28 views

Microsoft Exchange Server IMAP Command Denial of Service (MS07-026; CVE-2007-0221)

An integer overflow vulnerability has been reported in Microsoft Exchange Server...

6.6AI score0.37239EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2012/03/12 12:0 a.m.•28 views

Microsoft Visual Studio Add-In Insecure Library Loading (MS12-021; CVE-2012-0008)

An elevation of privilege vulnerability has been reported in Microsoft Visual Studio...

6.4AI score0.01686EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2011/11/15 12:0 a.m.•28 views

libsndfile PAF File Integer Overflow (CVE-2011-2696)

A heap buffer overflow vulnerability has been reported in libsndfile C library. The vulnerability is due to an error in the Paris Audio Format PAF processing code of the libsndfile library. A remote attacker could exploit this vulnerability by enticing a target user to download and open a special...

6.8CVSS7.4AI score0.04647EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2011/11/06 12:0 a.m.•28 views

Microsoft Windows TrueType Font File Parsing Code Execution (CVE-2011-3402)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper bounds checking when parsing specially crafted TrueType Font TTF files. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted TTF...

9.3CVSS7.2AI score0.78285EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2011/09/13 12:0 a.m.•28 views

Preemptive Protection against Microsoft Office Excel Use-after-free Code Execution (MS11-072; CVE-2011-1986)

A remote code execution vulnerability has been reported in Microsoft Office Excel. A remote attacker could exploit this vulnerability to execute arbitrary code in an affected system...

9.3CVSS7.6AI score0.21507EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2011/05/15 12:0 a.m.•28 views

HP Data Protector Backup Client Service EXEC_SETUP Code Execution (CVE-2011-0922)

HP OpenView Storage Data Protector is a backup solution tailored for enterprise and distributed environments. The Data Protector environment consists of a Cell Manager, backup agents, and backup device servers. The backup agent supports various message types in its communication with clients in...

10CVSS7.6AI score0.64219EPSS
Exploits20
Check Point Advisories
Check Point Advisories
•added 2011/03/27 12:0 a.m.•28 views

Microsoft Internet Explorer JPEG Rendering Buffer Overflow (MS05-038; CVE-2005-1988; CVE-2005-2308)

The Microsoft Internet Explorer supports the rendering of Joint Photographic Experts Group JPEG images in HTML pages. A buffer overflow vulnerability has been reported in the Microsoft Internet Explorer JPEG image rendering component. The vulnerability is due to the improper validation of user...

7.5CVSS7.4AI score0.45597EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/12/14 12:0 a.m.•28 views

Internet Explorer HTML Object use after free Memory Corruption (MS10-090; CVE-2010-3340)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been initialized or has been deleted. To trigger this...

9.3CVSS7.3AI score0.25317EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/10/12 12:0 a.m.•28 views

Microsoft Word Index Value Parsing Memory Corruption (MS10-079; CVE-2010-3219)

Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to an error in Microsoft Word that fails to properly parse specially crafted Word files. A remote attacker could trigger this flaw by...

9.3CVSS7.2AI score0.20833EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/10/12 12:0 a.m.•28 views

Internet Explorer toStaticHTML API Cross-Site-Scripting (MS10-072; CVE-2010-3324)

Multiple memory corruption vulnerabilities have been reported in Microsoft Internet Explorer. An information disclosure vulnerability has been reported in the way that the toStaticHTML API sanitizes HTML. The vulnerability is due to the way that Internet Explorer handles content using specific...

4.3CVSS5.9AI score0.17219EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2010/09/14 12:0 a.m.•28 views

Microsoft Windows LSASS Malformed LDAP Messages Heap Overflow (MS10-060; CVE-2010-0820)

Active Directory provides central authentication and authorization services for Windows-based systems. Active Directory Application Mode ADAM is a Lightweight Directory Access Protocol LDAP directory service that runs as a user service. An authenticated elevation of privilege vulnerability has be...

9CVSS7.3AI score0.14361EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/08/16 12:0 a.m.•28 views

HP OpenView NNM ovwebsnmpsrv.exe Invalid Option Buffer Overflow (CVE-2010-1960)

The HP OpenView product consists of a suite of network and system management software applications developed by HP. It includes several optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, and OpenView Network Node Manager. A buffer overflow vulnerabili...

10CVSS7.1AI score0.6911EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2010/07/29 12:0 a.m.•28 views

CA BrightStor ARCserve Backup Tape Engine RPC ReserveGroup Buffer Overflow (CVE-2006-6917)

Computer Associates BrightStor ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including Backup and Restore, Data Migration, and Threat Management. There exists a...

10CVSS8.1AI score0.29353EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/07/13 12:0 a.m.•28 views

Internet Explorer Access ActiveX Controls Remote Code Execution (MS10-044; CVE-2010-0814)

A remote code execution vulnerability exists in Access ActiveX controls due to the way that multiple ActiveX controls are loaded by Internet Explorer. The vulnerability is due to the way that Internet Explorer handles memory allocation when instantiating a succession of Access ActiveX controls. T...

9.3CVSS7.1AI score0.22886EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/07/04 12:0 a.m.•28 views

Microsoft Word Array Data Handling Buffer Overflow (MS07-024; CVE-2007-0035)

A buffer overflow vulnerability exists in the way Microsoft Word processes word documents. The vulnerability is the result of an infinite loop. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Word document, potentially causing arbitrary code to be...

9.3CVSS7.3AI score0.32093EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/06/14 12:0 a.m.•28 views

Openwsman HTTP Basic Authentication Buffer Overflow (CVE-2008-2234)

Openwsman is an implementation of Web Services Management WS-Management specification. It uses the WS-Management protocol, which is a SOAP-based protocol using HTTP for exchange of information related to management of devices and applications in a platform independent manner. There exists a stack...

7.5CVSS7.8AI score0.04318EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2010/06/10 12:0 a.m.•28 views

Microsoft Excel Embedded Shockwave Flash Object Code Execution (MS06-069; CVE-2006-3014)

Microsoft Excel is a popular spreadsheet application that is usually released as a part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulas, and various data sources. The common extension used for Microsoft Excel documents is .xls. A...

5.1CVSS6.9AI score0.30101EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/06/06 12:0 a.m.•28 views

BitDefender Antivirus PDF Processing Memory Corruption (CVE-2008-5409)

There exists a memory corruption vulnerability in multiple BitDefender products. The vulnerability is due to boundary errors within the BitDefender PDF Scanner plugin pdf.xmd. A remote attacker can exploit this vulnerability by delivering a crafted PDF file to the vulnerable system, potentially...

9.3CVSS7.6AI score0.11112EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/05/26 12:0 a.m.•28 views

Oracle Java Soundbank Resource Name Stack Buffer Overflow (CVE-2010-0839)

Java Technology is a programming platform which aims to provide a system for developing and deploying cross-platform applications. It is distributed in the form of various tools such as Java Runtime Environment JRE and Java Development Kit JDK. A stack buffer overflow vulnerability has been...

7.5CVSS8AI score0.03538EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2010/05/09 12:0 a.m.•28 views

Squid strListGetItem Denial of Service (CVE-2009-2855)

A denial of service vulnerability exists in the way Squid handles HTTP headers. The vulnerability is due to an infinite loop error when processing HTTP headers containing a specific delimiter character. Remote unauthenticated attackers can exploit this vulnerability by sending specially crafted...

5CVSS6.3AI score0.36732EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/04/08 12:0 a.m.•28 views

CA BrightStor ARCserve Backup XDR Parsing Buffer Overflow (CVE-2008-2242)

Computer Associates BrightStor ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including Backup and Restore, Data Migration, and Threat Management. There exists a...

7.5CVSS8.1AI score0.14716EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2010/04/01 12:0 a.m.•28 views

Internet Explorer Mouse Leave Event Handler Memory Corruption (MS10-018; CVE-2010-0267)

Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To trigger this...

9.3CVSS7.3AI score0.34408EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/04/01 12:0 a.m.•28 views

Internet Explorer HTML CSS Tag Rendering Memory Corruption (MS10-018; CVE-2010-0807)

A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has been deleted. To trigger this issue, an attacker may create a malicious web page that will cause Internet Explorer to exit unexpectedly...

9.3CVSS7.4AI score0.29284EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/03/22 12:0 a.m.•28 views

Microsoft Word Section Table Array Buffer Overflow (MS07-14; CVE-2007-0515)

Microsoft Word is a document authoring product released by the Microsoft Corporation. Microsoft Word is available packaged with the Microsoft Office suite, as well as in form of a standalone product. Its native file format is the Word Document, normally identified by the .doc file extension. A Wo...

9.3CVSS7.2AI score0.3816EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/03/08 12:0 a.m.•29 views

Microsoft Office Jet Engine MDB File Parsing Buffer Overflow (CVE-2007-6026)

Microsoft Office Access, previously known as Microsoft Access, is a relational database management system from Microsoft which combines the relational Microsoft Jet Database Engine with a graphical user interface and software development tools. There exists a buffer overflow vulnerability in...

9.3CVSS7.6AI score0.28268EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2010/02/24 12:0 a.m.•28 views

Internet Explorer OnBeforeUnload JavaScript Address Bar Spoofing (MS07-057; CVE-2007-3826)

Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to web browsing, such as displaying HTML encoded pages, downloading files, etc. An address bar spoofing vulnerability...

9.3CVSS6AI score0.28739EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/02/22 12:0 a.m.•28 views

Microsoft Windows GDIplus GpFont.SetData Integer Overflow (CVE-2009-1217)

A vulnerability has been reported in Microsoft Windows Graphics Device Interface GDI. The problem is caused by improper handling the length of EmfPlusFont in EMF files. Remote attackers can exploit this vulnerability by enticing target users to open a specially crafted EMF file. Triggering this...

4.3CVSS6.1AI score0.16327EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2010/02/11 12:0 a.m.•28 views

Internet Explorer DOM Object Cache Management Memory Corruption (MS07-069; CVE-2007-5344)

Microsoft Internet Explorer IE is the most widely used web browser application. The browser is capable of processing HTML, scripting languages, and interpretation of various other popular Internet specifications. There are numerous versions of the HTML standard that are interpreted by the browser...

6.8CVSS7.5AI score0.27483EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2010/02/10 12:0 a.m.•28 views

Digium Asterisk Invalid RTP Payload Type Number Memory Corruption (CVE-2008-1289)

Asterisk is an open source software implementation of a telephone private branch exchange. Like any PBX, it allows a number of attached telephones to make calls to one another, and to connect to other telephone services including the public switched telephone network. Asterisk supports a wide ran...

7.5CVSS8.1AI score0.11523EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2010/01/05 12:0 a.m.•28 views

CA BrightStor ARCserve Backup Universal Agent Buffer Overflow (CVE-2005-1018)

Computer Associates CA BrightStor ARCserve Backup software offers data protection for distributed servers, clients, databases and applications. The CA backup servers are capable of backing up files as well as system settings. The backups are performed across a local network using the UniversalAge...

7.5CVSS7.2AI score0.58983EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2010/01/04 12:0 a.m.•28 views

RealNetworks RealPlayer RealMedia Security Bypass (CVE-2005-2055)

RealPlayer is a media player produced by RealNetworks, Inc. that supports a variety of open and proprietary multimedia stream and file formats. Versions of RealPlayer are available for most common platforms such as Windows, Linux, Solaris, etc. A vulnerability exists in the way that RealNetworks...

5CVSS6.2AI score0.00905EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/12/30 12:0 a.m.•28 views

Arkeia Network Backup Client Buffer Overflow (CVE-2005-0491)

Arkeia Backup is a commercial network backup software that runs on a variety of platforms including AIX, FreeBSD, HP-UX, Linux, MacOS, NetWare, OpenBSD, Solaris, Tru64 Unix, and Windows. There exists an unchecked buffer vulnerability in the Arkeia Network Backup agent module. A crafted message ca...

10CVSS7AI score0.64901EPSS
Exploits13
Check Point Advisories
Check Point Advisories
•added 2009/12/13 12:0 a.m.•28 views

Internet Explorer Request Header Cross-Domain Information Disclosure (MS08-031; CVE-2008-1544)

An information disclosure vulnerability has been reported in the way that Internet Explorer handles certain request headers. The vulnerability is due to an error in Internet Explorer that incorrectly parses a specially crafted request header, allowing a violation of the same origin policy. To...

7.1CVSS5.7AI score0.26317EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/12/10 12:0 a.m.•28 views

Internet Explorer Object Reference Counting Memory Corruption (MS07-069; CVE-2007-3902)

Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to web browsing, such as displaying HTML encoded pages, downloading files, etc. A memory corruption vulnerability exist...

9.3CVSS7.7AI score0.35508EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/12/10 12:0 a.m.•28 views

Yahoo! Messenger File Transfer Filename Spoofing (CVE-2005-0243)

Yahoo Messenger is a service providing instant messages, similar to MSN Messenger and ICQ. Yahoo! Messenger allows users to see when their friends come online, send instant messages, join chat rooms, and exchange files. There exists a vulnerability in the way Yahoo! Messenger displays file names ...

5CVSS6.3AI score0.01041EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2009/11/18 12:0 a.m.•28 views

Novell Groupwise Internet Agent RCPT Command Buffer Overflow (CVE-2009-0410)

Novell GroupWise is a client-server collaborative software and email system provided by Novell. The Novell GroupWise Client application is capable of communicating with Novell Group server, as well as Internet email gateways using SMTP, POP, and IMAP protocols. There exists a stack buffer overflo...

10CVSS7.9AI score0.09655EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2009/11/10 12:0 a.m.•28 views

Microsoft Web Services on Devices API Memory Corruption (MS09-063; CVE-2009-2512)

The WSDAPI is an implementation of the Devices Profile for Web Services DPWS for Windows Vista and Windows Server 2008. The DPWS constrains Web Services specifications so that clients can easily discover devices. A remote code execution vulnerability has been reported in the Web Service on Device...

9.3CVSS7.7AI score0.31215EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/11/03 12:0 a.m.•28 views

Oracle Database Server SYS.LT.FINDRICSET Function SQL Injection (CVE-2007-5511)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

6.5CVSS8AI score0.31758EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2009/10/19 12:0 a.m.•28 views

Novell NetMail IMAP APPEND Command Buffer Overflow (CVE-2006-6425)

Novell NetMail is an electronic mail server product. Novell NetMail supports various email access and exchange protocols, including IMAP. The Internet Message Access Protocol IMAP specifies a protocol for the access and manipulation of electronic mail. The protocol permits the manipulation of...

9CVSS7.8AI score0.58474EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2009/10/19 12:0 a.m.•28 views

Microsoft Design Tools msdds.dll Memory Corruption (MS05-052; CVE-2005-2127)

Microsoft Internet Explorer allows HTML documents to embed ActiveX controls for the authoring of dynamic web content. ActiveX controls are based on the Component Object Model COM technology. There exists a vulnerability in the Microsoft Design Tools Diagram Surface COM object, an object bundled...

7.5CVSS7.4AI score0.63665EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2009/10/06 12:0 a.m.•28 views

Microsoft Visio Version Number Handling Code Execution (MS07-030; CVE-2007-0934)

Microsoft Visio is a diagramming application that is part of the Microsoft Office suite. Microsoft Office is a popular productivity application suite released by Microsoft Corporation. It includes a word processor, a spreadsheet application, a presentation editor, and a number of other applicatio...

9.3CVSS7.2AI score0.30914EPSS
Exploits0
Total number of security vulnerabilities5000