Lucene search
+L
Checkpoint AdvisoriesMost viewed

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2018/06/28 12:0 a.m.•23 views

WS-FTP Command Execution (CVE-2004-1885) - Ver2

A command execution vulnerability exists in WS-FTP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.2CVSS5.7AI score0.03517EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2018/06/28 12:0 a.m.•23 views

WS-FTP Denial-of-service (CVE-2004-1848) - Ver2

A denial-of-service vulnerability exists in WS-FTP. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

5CVSS6.1AI score0.08085EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2018/06/12 12:0 a.m.•23 views

Microsoft Internet Explorer Memory Corruption (CVE-2018-8249)

A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6CVSS7.8AI score0.13411EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2018/05/14 12:0 a.m.•23 views

Advantech WebAccess SCADA gmicons.asp picfile Arbitrary File Upload (CVE-2017-16736)

An arbitrary file upload vulnerability exists in Advantech WebAccess SCADA software. The vulnerability is due to insufficient input validation of the picfile parameter within gmicons.asp...

5CVSS2.5AI score0.01815EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2018/05/14 12:0 a.m.•23 views

HPE Operations Orchestration backwards-compatibility beanutils Insecure Deserialization (CVE-2017-8994)

An insecure deserialization vulnerability exists in HPE Operations Orchestration. The vulnerability is due to the incomplete fix for deserialization of untrusted data in backwards-compatibility servlets...

7.5CVSS2.3AI score0.0984EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2018/05/14 12:0 a.m.•23 views

Apache Solr Data Import Handler XML External Entity Expansion Information Disclosure (CVE-2018-1308)

An XML external entity expansion vulnerability has been reported in Apache Solr. The vulnerability is due to improper handling of XML external entities in XML content submitted to the DataImportHandler. A remote attacker can exploit this vulnerability by submitting a crafted request to the target...

5CVSS1AI score0.20937EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2018/04/15 12:0 a.m.•23 views

HPE Intelligent Management Center Arbitrary File Upload (CVE-2017-8961) - Ver2

A directory traversal vulnerability exists in HPE Intelligent Management Center. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...

9CVSS5.2AI score0.19398EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2018/04/10 12:0 a.m.•23 views

Microsoft Edge Chakra Scripting Engine Memory Corruption (CVE-2018-0993)

A memory corruption vulnerability exists in Microsoft Edge. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6CVSS7.9AI score0.15556EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2018/04/10 12:0 a.m.•23 views

Microsoft Excel Remote Code Execution (CVE-2018-1011)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS8.1AI score0.20136EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2018/04/10 12:0 a.m.•23 views

Microsoft Excel Remote Code Execution (CVE-2018-1029)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS5.6AI score0.20878EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2018/04/10 12:0 a.m.•23 views

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2018-0988)

A memory corruption vulnerability exists in Microsoft Internet Explorer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.6CVSS8.3AI score0.15556EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2018/02/13 12:0 a.m.•23 views

Adobe Acrobat and Reader Out-of-bounds read (APSB18-02: CVE-2018-4883)

A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

4.3CVSS5.5AI score0.10992EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/20 12:0 a.m.•23 views

Google Chrome WebGL 2 ReadPixels Heap Buffer Overflow (CVE-2017-5112)

A heap buffer overflow vulnerability exists in the WebGL component of Google Chrome. This vulnerability is due to a missing bounds check after calculating a user-controlled offset into a heap buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously craft...

6.8CVSS2.7AI score0.05074EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•23 views

Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16404)

A Out-of-bounds Read vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to the computation that writes data past the end of the intended buffer. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code...

9.3CVSS4.7AI score0.0887EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/01 12:0 a.m.•23 views

Microsoft Windows Search Remote Code Execution (CVE-2017-11771)

A remote code execution vulnerability exists in the Windows Search service of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system...

10CVSS9.2AI score0.64132EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/10/10 12:0 a.m.•23 views

Microsoft Win32k Elevation of Privilege (CVE-2017-8689)

An elevation of privilege vulnerability exists in Windows Kernel-Mode Driver. The vulnerability is due to an error in the way Microsoft Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kern...

6.9CVSS7.8AI score0.01149EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/09/25 12:0 a.m.•23 views

Microsoft Office WordPerfect Document Converter Heap-based Buffer Overflow (CVE-2017-8744)

A heap-based buffer overflow vulnerability exist in WordPerfect Document Converter component of Microsoft Office. The vulnerability is due to improper validation of the document data prior to copying it to a heap-based buffer. A remote attacker could exploit the vulnerability by enticing a victim...

9.3CVSS7.6AI score0.17224EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/09/12 12:0 a.m.•23 views

Microsoft Windows PDF Library Remote Code Execution (CVE-2017-8728)

A remote code execution vulnerability exists in Microsoft Windows PDF Library. The vulnerability is due to the way Microsoft Windows PDF Library handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the...

7.6CVSS8.3AI score0.21531EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/08/07 12:0 a.m.•23 views

Phamm helpers.php Cross-Site Scripting (CVE-2017-0378)

A reflected cross-site scripting vulnerability exists in Phamm. The vulnerability is due to insufficient validation of user-supplied input within views/helpers.php. A remote, unauthenticated attacker could exploit this vulnerability by enticing an user to click a maliciously crafted link or open ...

4.3CVSS2.1AI score0.01455EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/07/26 12:0 a.m.•23 views

Kaspersky Anti-Virus for Linux File Server getReportStatus Directory Traversal (CVE-2017-9812)

A directory traversal vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability is due to a lack of proper validation of a user-supplied path when a request is sent to check the status of a report. A remote, authenticated attacker can exploit this vulnerability by...

5CVSS3.9AI score0.11265EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/07/09 12:0 a.m.•23 views

HPE Intelligent Management Center dbman BackupZipFile Command Injection (CVE-2017-5820)

A command injection vulnerability exist in the dbman component of HPE Intelligent Management Center. The vulnerability is due to missing validation of user-provided parameters when handling BackupZipFile commands. A remote, unauthenticated attacker can exploit the vulnerability by sending a...

10CVSS9.4AI score0.18518EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/06/07 12:0 a.m.•23 views

IBM Domino IMAP Mailbox Name Stack Buffer Overflow (CVE-2017-1274)

A stack buffer overflow vulnerability exist in IBM Domino IMAP Server. The vulnerability is due to incorrect processing of encoded mailbox name arguments in IMAP commands. A remote, authenticated attacker can exploit this vulnerability to cause a buffer overflow...

6.5CVSS4.4AI score0.06792EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/05/29 12:0 a.m.•23 views

Foxit PDF Reader JBIG2 Symbol Dictionary Out of Bounds Read (CVE-2016-8334)

An out-of-bounds vulnerability has been reported in the JBIG2 component of Foxit PDF Reader. This vulnerability is due to improper processing of Symbol Dictionary segment in an embedded JBIG2 image. A remote attacker could exploit this vulnerability by enticing a victim user to visit a malicious...

4.3CVSS4.5AI score0.1856EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/05/10 12:0 a.m.•23 views

Oracle Fusion Middleware MapViewer FileUploaderServlet fileName Directory Traversal (CVE-2017-3230)

A directory traversal vulnerability has been reported in Oracle Fusion Middleware MapViewer. The vulnerability is due to a lack of proper input sanitization on multipart form-data requests in FileUploaderServlet. A remote attacker can exploit this vulnerability by sending a maliciously crafted HT...

9CVSS8.1AI score0.02005EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/05/09 12:0 a.m.•23 views

Microsoft Windows COM Elevation of Privilege (CVE-2017-0214)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way Windows validate input before loading type libraries. A remote attacker can exploit this vulnerability to execute arbitrary code...

4.4CVSS6.9AI score0.03457EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/04/11 12:0 a.m.•23 views

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-0158)

A Use-After-Free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in the way VBScript engine manipulates the assignment of dynamic-array variables. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

7.6CVSS7.3AI score0.12558EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/04/11 12:0 a.m.•24 views

Microsoft Windows Elevation of Privilege (CVE-2017-0165)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way Microsoft Windows sanitizes handles in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

7.2CVSS4.3AI score0.03338EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/04/11 12:0 a.m.•23 views

Microsoft Office Memory Corruption (CVE-2017-0194)

An Out-of-Bounds-Write vulnerability exists in Microsoft Office. The vulnerability is due to a failure of Office software to properly handle objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

4.3CVSS3.1AI score0.2552EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•23 views

Microsoft Edge Memory Corruption (MS17-007: CVE-2017-0034)

A memory corruption vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that wou...

7.6CVSS7.6AI score0.12733EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•23 views

Microsoft Scripting Engine Memory Corruption (MS17-007: CVE-2017-0070)

A use-after-free vulnerability exists in Microsoft Edge. This vulnerability is due to an error while handling objects in memory when processing HTML and script code. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.1AI score0.78538EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•23 views

Microsoft Office Memory Corruption (MS17-014: CVE-2017-0020)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.16387EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•23 views

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0144)

A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...

9.3CVSS3.7AI score0.9923EPSS
Exploits55
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•23 views

Microsoft Windows SMB Remote Code Execution (MS17-010: CVE-2017-0143)

A remote code execution vulnerability exist in Microsoft Server Message Block 1.0 SMBv1. The vulnerability is due to the way SMBv1 service handles certain requests. An attacker who successfully exploited the vulnerability could gain code execution on the target server...

9.3CVSS3.7AI score0.93307EPSS
Exploits47
Check Point Advisories
Check Point Advisories
•added 2017/03/14 12:0 a.m.•24 views

Microsoft Office Memory Corruption (MS17-014: CVE-2017-0019)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.6AI score0.16607EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/02/22 12:0 a.m.•23 views

Oracle OIT PDF Parser Code Execution (CVE-2017-3271)

An arbitrary write vulnerability exists in the PDF parser functionality of Oracle Outside In Technology SDK. A specially crafted PDF document can cause a parser confusion resulting in an arbitrary write vulnerability ultimately leading to code execution...

7.5CVSS4.8AI score0.02099EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/02/02 12:0 a.m.•23 views

Microsoft Windows SMB2 Tree Connect Response Denial of Service (MS17-012: CVE-2017-0016)

A denial of service vulnerability has been reported in Microsoft Windows SMB2. The vulnerability is due to insufficient sanitization over SMB2 Tree Connect response messages...

7.1CVSS2.8AI score0.2373EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/01/10 12:0 a.m.•23 views

Microsoft LSASS Denial of Service (MS17-004: CVE-2017-0004)

A denial of service vulnerability exists in Windows. The vulnerability is due to the way the Local Security Authority Subsystem Service LSASS handles authentication requests. An attacker can successfully exploit this vulnerability which could cause a denial of service on the target system and cou...

7.8CVSS3.3AI score0.89569EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•23 views

Microsoft Office OLE DLL Side Loading (MS16-148: CVE-2016-7275)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is caused due to an incorrect link to a dynamic-link library file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file which will lead to arbitrary code execution...

7.2CVSS8.2AI score0.01417EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•23 views

Microsoft Windows Installer Elevation of Privilege (MS16-149: CVE-2016-7292)

An elevation of privilege vulnerability exists in the Windows Installer. The vulnerability is due to the Windows Installer failing to properly sanitize input leading to an insecure library loading behavior. A attacker could run arbitrary code with elevated system privileges...

7.2CVSS5.1AI score0.01459EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/10/18 12:0 a.m.•23 views

PHP 7 Unserialization Exception Infinite Loop Denial of Service (CVE-2016-7478)

A Denial of Service vulnerability exists in PHP 7. A remote attacker can exploit this vulnerability by sending specially crafted input to the unserialize function...

5CVSS3.5AI score0.42401EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/10/11 12:0 a.m.•23 views

Microsoft Windows True Type Font Parsing Information Disclosure (MS16-120: CVE-2016-3209)

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the True Type Font TTF driver handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted EMF fil...

5CVSS5.2AI score0.53653EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/09/20 12:0 a.m.•23 views

MySQL Remote Code Execution (CVE-2016-6662; CVE-2016-6663; CVE-2016-6664)

A code execution vulnerability exists in MySQL database server. Successful exploitation could allow a remote attacker to shut down the database, modify its content, or execute arbitrary code on the affected servers...

10CVSS7.2AI score0.6773EPSS
Exploits21
Check Point Advisories
Check Point Advisories
•added 2016/09/13 12:0 a.m.•23 views

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3360)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.17235EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•23 views

Microsoft Office Memory Corruption (MS16-088: CVE-2016-3282)

A memory corruption vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.2AI score0.26291EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/07/12 12:0 a.m.•23 views

Microsoft Office Remote Code Execution (MS16-088: CVE-2016-3279)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to improper handling of objects in memory while parsing a specially crafted Office file. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted Office fil...

4.3CVSS6.2AI score0.16423EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/06/14 12:0 a.m.•23 views

Microsoft Edge Memory Corruption (MS16-068: CVE-2016-3199)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

9.3CVSS8.8AI score0.2659EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/31 12:0 a.m.•23 views

GnuTLS DistinguishedName Decoding Double Free - ver 2 (CVE-2015-6251)

A double-free vulnerability has been reported in GnuTLS. The vulnerability is due to an error within gnutlsx509dntostring while processing very long Distinguished Name values in X.509 certificates. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted certificate ...

5CVSS2.8AI score0.1903EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/05/10 12:0 a.m.•23 views

Microsoft Edge Memory Corruption (MS16-052: CVE-2016-0193)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS8.1AI score0.20081EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/04/12 12:0 a.m.•23 views

Microsoft Office Memory Corruption (MS16-042: CVE-2016-0139; CVE-2016-0140)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.8AI score0.19384EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/04/12 12:0 a.m.•23 views

Microsoft Windows Secondary Logon Denial of Service (MS16-046: CVE-2016-0135)

A remote denial of service vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way Windows handles memory blocks while using the LSARPC protocol. A remote attacker can exploit this issue by enticing the victim to open a specially crafted file...

7.2CVSS7.7AI score0.01577EPSS
Exploits0
Total number of security vulnerabilities5000