Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2018/04/10 12:0 a.m.•25 views

Microsoft Excel Remote Code Execution (CVE-2018-1027)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS5.6AI score0.19167EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•25 views

Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16384)

A buffer over-read vulnerability exists in the exif processing module for a PNG file during XPS conversion. The vulnerability is due to an invalid input leads to an incorrect memory buffer location. A remote attacker may exploit this vulnerability by enticing a target user to open a specially...

9.3CVSS4.9AI score0.06882EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•25 views

Adobe Acrobat and Reader Out-of-bounds Write (APSB17-36: CVE-2017-16415)

A out-of-bounds write vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access sub-elements of an internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted P...

9.3CVSS4.4AI score0.11212EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/10/24 12:0 a.m.•25 views

Microsoft Edge Chakra ParseCatch Type Confusion (CVE-2017-11764)

A type confusion vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to a lack of validation in the ParseCatch method which results in the generation on a malformed Abstract Syntax Tree AST. A remote attacker could exploit this vulnerability by enticing the...

7.6CVSS2.8AI score0.64437EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/08/28 12:0 a.m.•25 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8657)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.5AI score0.54558EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/08/10 12:0 a.m.•25 views

HPE Intelligent Management Center Imcwlandm Stack Buffer Overflow (CVE-2017-5804; CVE-2017-5805)

An integer underflow vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to improper validation of the size field when parsing data. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted packet to the target server...

10CVSS5.4AI score0.22622EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/07/10 12:0 a.m.•25 views

Microsoft Windows Graphics Information Disclosure (CVE-2017-0288)

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system...

1.9CVSS6.3AI score0.02973EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/06/19 12:0 a.m.•25 views

HPE Network Automation FileServlet Information Disclosure (CVE-2017-5811)

An information disclosure vulnerability exists in HPE Network Automation. The vulnerability is due to a lack of sanitization on a user supplied path on requests handled by FileServlet. A remote attacker could exploit this vulnerability by sending a maliciously crafted request to the target server...

7.8CVSS1.2AI score0.17332EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/06/13 12:0 a.m.•25 views

Microsoft Win32k Elevation of Privilege (CVE-2017-8465)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable file...

7.2CVSS7.7AI score0.02341EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/06/05 12:0 a.m.•25 views

Mantis MantisBT Bug Tracker adm_config_report.php move_attachments_page.php XSS (CVE-2017-7309)

Three cross-site scripting vulnerabilities exist in Mantis Bug Tracker MantisBT. These vulnerabilities are due to insufficient input validation of the action, type and configoption HTTP parameters by admconfigreport.php and moveattachmentspage.php. A remote attacker could exploit this vulnerabili...

3.5CVSS2.4AI score0.57319EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/29 12:0 a.m.•25 views

Microsoft Malware Protection Engine Denial of Service (CVE-2017-8535)

A memory corruption vulnerability has been reported in Microsoft Malware Protection Engine. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file. A successful exploitation could lead to a denial of service...

4.3CVSS5.8AI score0.16829EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•25 views

Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-0228)

A memory corruption vulnerability exists in Microsoft Browsers. The vulnerability is due to an error when handling objects in memory. A remote attacker can exploit this vulnerability and execute arbitrary code in the context of the current user...

7.6CVSS8AI score0.16992EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•25 views

Adobe Flash Player Memory Corruption (APSB17-15: CVE-2017-3069)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.7AI score0.04998EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•25 views

Microsoft Windows GDI Elevation of Privilege (MS17-013: CVE-2017-0025)

An elevation of privilege vulnerability exists in Windows Graphics Device Interface GDI. The vulnerability is caused when the Windows Graphics Device Interface fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS4.7AI score0.01835EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/02/27 12:0 a.m.•25 views

Brocade Network Advisor Directory Traversal (CVE-2016-8206; CVE-2016-8207)

A directory traversal vulnerability exists in Brocade Network Advisor. The vulnerability is due to lack of authentication and insufficient input validation when processing HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a request with a crafted URL to t...

6.4CVSS1.7AI score0.15381EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•25 views

Microsoft Office Memory Corruption (MS16-133: CVE-2016-7236)

A use-after-free vulnerability exists in Microsoft Office. A remote attacker can exploit this issue by enticing a user to open a specially crafted .xlsb file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user...

9.3CVSS7.4AI score0.20717EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/03 12:0 a.m.•25 views

Novell Micro Focus GroupWise Multiple Cross Site Scripting (CVE-2016-5760)

A cross-site scripting vulnerability has been reported in the administrator console of Micro Focus GroupWise. The vulnerability is due to failure to properly sanitize user-supplied input. A remote attacker can exploit this vulnerability by enticing a target user to click on a specially crafted UR...

4.3CVSS1.5AI score0.01265EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/10/30 12:0 a.m.•25 views

Joomla Core Unauthorized Account Creation (CVE-2016-8870)

A vulnerability exists in Joomla Core. The vulnerability is due to insufficient validation during user registration. Unauthorized attackers can remotly exploit this vulnerability to create any account in a Joomla system...

6.8CVSS8.5AI score0.82086EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2016/10/06 12:0 a.m.•25 views

Nuuo NVR PHP System Function Unauthenticated Remote Code Execution (CVE-2016-5675)

A remote code execution was discovered in Nuuo Network Video Recording systems with Network Attached Storage. The vulnerability is due to fails in sanitising by the PHP system function. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...

10CVSS3.1AI score0.70877EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•25 views

Micro Focus GroupWise Post Office Agent Integer Overflow (CVE-2016-5762)

An integer overflow vulnerability leading to a heap-based buffer overflow exists in the Post Office Agent component of Micro Focus GroupWise. The vulnerability is due to insufficient validation of usernames and passwords submitted to the Post Office Agent. A successful attack could result in...

7.5CVSS3.2AI score0.05726EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/08/14 12:0 a.m.•25 views

HPE Data Protector EXEC_BAR domain Buffer Overflow (CVE-2016-2006)

A buffer overflow vulnerability has been found in the Omnilnet.exe component of HPE Data Protector. This vulnerability is due to lack of boundary checks on the domain field in EXECBAR requests. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to a...

10CVSS9.6AI score0.20412EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•25 views

Nagios XI SQL Injection (CVE-2018-8734)

An SQL injection vulnerability exists in Nagios XI. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data...

7.5CVSS4.2AI score0.53247EPSS
Exploits9
Check Point Advisories
Check Point Advisories
•added 2016/07/10 12:0 a.m.•25 views

HPE Data Protector EXEC_BAR username Buffer Overflow (CVE-2016-2005)

A buffer overflow vulnerability has been found in the OmniInet.exe component of HPE Data Protector. This vulnerability is due to lack of boundary checks on the username field in EXECBAR requests. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to...

10CVSS9.7AI score0.20412EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•25 views

Microsoft Windows PDF Library Information Disclosure (MS16-080: CVE-2016-3201)

An out of bound memory access vulnerability was discovered within Microsoft Edge PDF reader and Windows PDF Library. The vulnerability is due to an error in parsing a malformed PDF document. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted PDF file...

4.3CVSS6.3AI score0.2363EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/04/12 12:0 a.m.•25 views

Microsoft Office Memory Corruption (MS16-042: CVE-2016-0127)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.8AI score0.19541EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/04/12 12:0 a.m.•25 views

Microsoft Office Memory Corruption (MS16-042: CVE-2016-0122)

A remote code execution vulnerability exists in Microsoft Excel. The vulnerability is due to an error in the way Microsoft Excel improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted fi...

9.3CVSS7.8AI score0.41126EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2016/04/03 12:0 a.m.•25 views

Microsoft Windows RPC Authentication Downgrade (MS16-047: CVE-2016-0128; CVE-2016-2118)

A security bypass vulnerability, also referred to as BadLock, exists in Microsoft Windows clients connecting to Samba Servers. The vulnerability is due to an authentication design weakness...

6.8CVSS3.7AI score0.3693EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/14 12:0 a.m.•25 views

Oracle Application Testing Suite ReportImage tempfilename Directory Traversal (CVE-2016-0489)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation in the Oracle Test Manager component while processing the HTTP request parameter tempfilename. A remote, authenticated attacker could exploit this...

6.5CVSS2.1AI score0.54782EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•25 views

Adobe Flash Player Use After Free Code Execution (APSB15-32: CVE-2015-8655; CVE-2015-8658)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

9.3CVSS3.5AI score0.07926EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/23 12:0 a.m.•25 views

Ignite Realtime Openfire group-summary.jsp Cross-Site Scripting (CVE-2015-6972)

A cross-site scripting vulnerability has been reported in Ignite Realtime Openfire Server. The vulnerability is due to insufficient validation of the "search" parameter within the group-summary.jsp page. By convincing an authenticated user to visit a malicious website, a remote attacker can explo...

4.3CVSS4.8AI score0.07998EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/01/12 12:0 a.m.•25 views

Microsoft Silverlight Runtime Remote Code Execution (MS16-006: CVE-2016-0034)

A remote code execution vulnerability exists in Microsoft Silverlight. The vulnerability is due to incorrect handling of certain open and close requests that can result in read and write access violations. A remote attacker could exploit this vulnerability by enticing a vulnerable user to open a...

9.3CVSS2.3AI score0.69709EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/12/08 12:0 a.m.•25 views

Microsoft Windows Media Center Information Disclosure (MS15-134: CVE-2015-6127)

An information disclosure vulnerability has been reported in Microsoft Media Center. The vulnerability is due to an error in the way Media Center renders MCL files which redirects to the MCL file itself. A remote attacker can exploit this issue by enticing a user to open a specially crafted MCL...

4.3CVSS3.5AI score0.46006EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2015/12/08 12:0 a.m.•25 views

Microsoft Internet Explorer Memory Corruption (MS15-124: CVE-2015-6149)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...

9.3CVSS7.1AI score0.18763EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/10/13 12:0 a.m.•25 views

Microsoft Internet Explorer Elevation of Privilege (MS15-106: CVE-2015-6047)

An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...

6.8CVSS7.7AI score0.13855EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/10/13 12:0 a.m.•25 views

Microsoft Office Memory Corruption (MS15-110: CVE-2015-2555)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS6.9AI score0.20151EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/10/07 12:0 a.m.•25 views

General Electric MDS PulseNET FileDownloadServlet Directory Traversal (CVE-2015-6459)

A directory traversal vulnerability exists in the General Electric MDS PulseNET products. The vulnerability is due to insufficient validation in FileDownloadServlet. An unauthenticated remote attacker can exploit this vulnerability to read and then delete an arbitrary file on the system...

10CVSS5.3AI score0.03052EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/10/06 12:0 a.m.•25 views

Oracle Endeca Information Discovery Integrator ETL Server CopyFile Directory Traversal (CVE-2015-2604)

A directory traversal vulnerability exists in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to insufficient input validation while processing SOAP requests to the CopyFile operation. By sending crafted SOAP requests to the target system, a remote authenticate...

7.5CVSS3.9AI score0.02974EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/09/08 12:0 a.m.•25 views

Microsoft Windows OpenType Font Parsing Denial Of Service (MS15-097: CVE-2015-2506)

A denial of service vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file...

9.3CVSS6AI score0.15881EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/09/08 12:0 a.m.•25 views

Microsoft Internet Explorer Memory Corruption (MS15-094: CVE-2015-2485)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handle element identifiers since it fails to detect a specific failure case which can be abused to corrupt arbitrary memory. A remote attacker can exploit...

9.3CVSS7.1AI score0.16505EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/08/13 12:0 a.m.•25 views

Wavelink Emulation License Server HTTP Header Processing Buffer Overflow (CVE-2015-4059)

A buffer overflow vulnerability exists in Wavelink Emulation License Server. The vulnerability is due to a boundary error when parsing HTTP headers. By sending crafted requests to a vulnerable server, a remote unauthenticated attacker can possibly exploit this vulnerability to execute arbitrary...

10CVSS3.9AI score0.0488EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/08/11 12:0 a.m.•25 views

Microsoft Graphics Component Remote Code Execution (MS15-080: CVE-2015-2455)

A remote code execution vulnerability has been reported in Microsoft Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted TTF files. A remote attacker can exploit this issue by enticing a user to view TTF files in shared content...

9.3CVSS7AI score0.37429EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2015/08/03 12:0 a.m.•25 views

Oracle Data Quality Trillium Based SetEntities Type Confusion (CVE-2015-0444)

A remote code execution vulnerability exists in Oracle Data Quality TSS12.LoaderWizard.lwctrl ActiveX control. The vulnerability is due to a type confusion when handling data passed to SetEntities. A remote attacker can exploit this vulnerability by enticing a user to access a maliciously crafted...

6.8CVSS3.4AI score0.0189EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/07/14 12:0 a.m.•25 views

Microsoft SQL Server Remote Code Execution (MS15-058; CVE-2015-1762)

A remote code execution vulnerability exists in Microsoft SQL Server. The vulnerability is caused when Microsoft SQL Server incorrectly handles internal function calls to uninitialized memory. An attacker could exploit the vulnerability if a privileged user runs a specially crafted query on an...

7.1CVSS7.3AI score0.10359EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•25 views

Microsoft Windows GDI+ BMP File Parsing Integer Overflow (MS08-052) - Ver2 (CVE-2008-3015)

Bitmap BMP is an image file format used to store bitmap digital images. A remote code execution vulnerability has been discovered in the way GDI+ handles integer calculations for BMP files. The vulnerability is due to a buffer overflow when GDI+ fails to properly processes a malformed header in a...

9.3CVSS7.7AI score0.39272EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•25 views

Microsoft Windows NT 4.0 DHCP Server Request Buffer Overflow attack - Ver2 (CVE-2004-0900)

A buffer overflow vulnerability has been reported in Microsoft Windows NT. An attacker could exploit this vulnerability via a malformed DHCP message. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application...

10CVSS7.4AI score0.26041EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•25 views

Microsoft Internet Explorer HTTP Response Double Free Memory Corruption (MS08-045) - Ver2 (CVE-2008-2256)

Microsoft Internet Explorer is the most widely used Internet browser. . A remote code execution vulnerability was reported in the way Microsoft Internet Explorer accesses an object that has not been correctly initialized or that has been deleted. By convincing a user to visit a specially crafted...

9.3CVSS2.2AI score0.29284EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•25 views

ScadaTEC ScadaPhone and ModbusTagServer SCADA Remote Code Execution - Ver2 (CVE-2011-4535)

A stack buffer overflow vulnerability has been reported in ScadaTEC ScadaPhone and ModbusTagServer. The vulnerability is due to a boundary check error. A remote attacker can exploit this issue by enticing a victim to open a specially crafted ZIP archive file with the affected product. Successful...

6.8CVSS4.7AI score0.27003EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•25 views

CoolPDF Reader Image Stream Processing Buffer Overflow - Ver2 (CVE-2012-4914)

A buffer overflow vulnerability has been reported in CoolPDF Reader. The vulnerability is due to insufficient validation of streams while processing PDF files. An attacker could exploit this vulnerability by enticing an unsuspecting user to download and process a specially crafted PDF file, which...

9.3CVSS4.8AI score0.28391EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•25 views

PHP Core Unserialize Key Name Code Execution - Ver2 (CVE-2015-0231)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a w...

7.5CVSS3.1AI score0.42593EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/05/18 12:0 a.m.•25 views

Microsoft Excel Malformed Chart Sheet Substream Memory Corruption (MS10-038) - Ver2 (CVE-2010-0823)

Microsoft Excel is a spreadsheet application released by the Microsoft Corporation. Its native file format is the Binary Interchange File Format BIFF, which is available is several versions. An Excel file contains information about the various spreadsheets that form an Excel workbook, the data an...

9.3CVSS2.4AI score0.20463EPSS
Exploits1
Total number of security vulnerabilities5000