Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2017/01/11 12:0 a.m.•2 views

Adobe Acrobat and Reader Heap Overflow (APSB17-01: CVE-2017-2949)

A heap overflow vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error while parsing a corrupted PDF file containing an XSL stylesheet. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

9.3CVSS4.5AI score0.2042EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/11 12:0 a.m.•3 views

Adobe Acrobat and Reader Heap Overflow (APSB17-01: CVE-2017-2966)

A heap overflow vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted TIFF file...

9.3CVSS3.5AI score0.10554EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/11 12:0 a.m.•3 views

Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2941)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF fi...

9.3CVSS8.5AI score0.0333EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/11 12:0 a.m.•5 views

Adobe Acrobat and Reader Buffer Overflow (APSB17-01: CVE-2017-2948)

A buffer overflow vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error while parsing a corrupted PDF file containing an XSL stylesheet. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

9.3CVSS8.7AI score0.07207EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/11 12:0 a.m.•3 views

Adobe Flash Player Heap Overflow (APSB17-02: CVE-2017-2934)

A Heap Overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS4.4AI score0.2991EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/01/11 12:0 a.m.•3 views

Adobe Flash Player Heap Overflow (APSB17-02: CVE-2017-2935)

A Heap Overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS4.4AI score0.2991EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/01/11 12:0 a.m.•3 views

Adobe Flash Player Heap Overflow (APSB17-02: CVE-2017-2933)

A heap overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted ATF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted ATF file...

9.3CVSS4.4AI score0.2991EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/01/10 12:0 a.m.•7 views

Microsoft Office Memory Corruption (MS17-002: CVE-2017-0003)

An Out-of-Bounds-Write vulnerability exists in Microsoft Word. The vulnerability is due to a failure of Office software to properly handle objects in memory. Successful exploitation of this issue could grant an attacker remote code execution...

9.3CVSS7.5AI score0.24693EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/10 12:0 a.m.•21 views

Microsoft LSASS Denial of Service (MS17-004: CVE-2017-0004)

A denial of service vulnerability exists in Windows. The vulnerability is due to the way the Local Security Authority Subsystem Service LSASS handles authentication requests. An attacker can successfully exploit this vulnerability which could cause a denial of service on the target system and cou...

7.8CVSS3.3AI score0.89569EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/10 12:0 a.m.•12 views

Network Time Protocol Windows Daemon getEndptFromIoCtx Denial of Service (CVE-2016-9312)

A denial of service vulnerability has been reported in the Windows port of Network Time Foundation's NTP Daemon. The vulnerability is due to insufficient error handling when receiving large UDP packets. A remote, unauthenticated attacker can exploit this vulnerability by sending a large UDP packe...

5CVSS6.3AI score0.31715EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/09 12:0 a.m.•9 views

Web Servers Malicious Upload Directory Traversal (CVE-2022-29596)

A directory traversal vulnerability exists in web servers. The vulnerability allows unauthorized users to upload malicious files to the server. A remote attacker can exploit this vulnerability by uploading an arbitrary, executable file and executing it under the context of SYSTEM...

7.5CVSS6.4AI score0.02063EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/01/09 12:0 a.m.•1 views

Suspicious Microsoft Office File Archive Mail Attachment

Many campaigns are known to use mail attachments containing double zipped files. A remote attacker could send e-mails including such files and convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/08 12:0 a.m.•27 views

OpenSSH sshd auth_passwd Denial of Service (CVE-2016-6515)

A denial of service vulnerability has been discovered in OpenSSH. The vulnerability is due to not limiting the password length during authentication of users in the authpasswd module. A remote, unauthenticated attacker could exploit this vulnerability by supplying a specially crafted password as...

7.8CVSS3.5AI score0.58568EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/01/08 12:0 a.m.•4 views

GraphicsMagick and ImageMagick popen() Command Execution (CVE-2016-5118)

A remote code execution vulnerability exists in ImageMagick and GraphicsMagick. The vulnerability is due to an error in the way the programs handle specially crafted files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file that could run arbitrary code i...

10CVSS4.1AI score0.49982EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/01/05 12:0 a.m.•1 views

OpenNMS RMI Java Object Deserialization

Vulnerability exists in OpenNMS RMI. This vulnerability is due to deserialization of untrusted data. A successful exploitation of this issue could allow an attacker to execute arbitrary code on the remote system...

5.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/04 12:0 a.m.•3 views

Trane comfort Link II DSS services handling remote code execution (CVE-2015-2868)

An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long request that can overflow a fixed size stack buffer, resulting in arbitrary code execution...

10CVSS9.8AI score0.06841EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/01/04 12:0 a.m.•12 views

ImageMagick SyncExifProfile Out Of Bounds Array Indexing (CVE-2016-7799)

A out-of-bounds array indexing vulnerability exists in ImageMagick. The vulnerability is due to improper handling of certain objects in memory. Successful exploitation could result in arbitrary code execution...

4.3CVSS3.1AI score0.03566EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/03 12:0 a.m.•1 views

Red5 Server Apache Commons Collections Insecure Deserialization

An insecure deserialization vulnerability has been reported in Red5 web server that is part of Apache OpenMeetings application. This vulnerability is due to the inclusion of the vulnerable version of Apache Commons Collections library in the classpath combined with insecure deserialization...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/01/01 12:0 a.m.•2 views

FreePBX Framework hotelwakeup Module Directory Traversal

A directory traversal vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the "hotelwakeup" module. A remote unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the page that could lead to arbitrary command...

5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/29 12:0 a.m.•7 views

Imagemagick Compressed TIFF File Conversion Remote Code Execution (CVE-2016-8707)

An out-of-bounds write vulnerability exists in ImageMagick's convert utility. The vulnerability is due to improper handling of TIFF image data when deflating an Adobe Deflate compressed TIFF image. A remote attacker could exploit this vulnerability by providing a specially crafted TIFF image to a...

6.8CVSS4.9AI score0.03653EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/12/28 12:0 a.m.•6 views

Vim modelines Remote Command Execution (CVE-2016-1248)

A remote code execution vulnerability exists in the modeline component of Vim due to insufficient input validation when parsing the filetype, syntax, and keymap options in modelines. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a file containing a...

6.8CVSS4.5AI score0.25314EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/12/27 12:0 a.m.•6 views

Microsoft Task Scheduler Elevation of Privilege (MS16-130: CVE-2016-7222)

An elevation of privilege vulnerability exists in the Windows Task Scheduler. A locally authenticated attacker can exploit this vulnerability by using Windows Task Scheduler to schedule a new task with a malicious UNC path...

7.2CVSS3.4AI score0.01278EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/27 12:0 a.m.•14 views

PHPMailer Mail From Remote Code Execution (CVE-2016-10033; CVE-2016-10045)

A remote code execution vulnerability exists in PHPMailer. The vulnerability is due to lack of email address validation. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.4AI score0.99714EPSS
Exploits59
Check Point Advisories
Check Point Advisories
•added 2016/12/27 12:0 a.m.•9 views

Microsoft Windows IME Elevation of Privilege (MS16-130: CVE-2016-7221)

An elevation of privilege vulnerability exists in Windows Input Method Editor IME. The vulnerability is due to the way Input Method Editor improperly handles DLL loading. A locally authenticated attacker can exploit this vulnerability by running a specially crafted application...

7.2CVSS4.2AI score0.02181EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/26 12:0 a.m.•3 views

SSL TLS_FALLBACK_SCSV Cipher Suite

This protection detects ssl client requests including TLSFALLBACKSCSV cipher suite...

2.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/26 12:0 a.m.•6 views

Mikrotik Router Remote Denial Of Service (CVE-2012-6050)

A vulnerability in the Winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service CPU consumption, read the router version, and possibly have additional impact via a request to download the router's DLLs or plugins...

6.4CVSS5.7AI score0.09414EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/12/25 12:0 a.m.•1 views

3CX Phone System VAD_Deploy.aspx Arbitrary File Upload

An arbitrary file upload vulnerability exists in 3CX VoIP Phone System Manager. The vulnerability is due to failure to restrict file uploads in VADDeploy.aspx. A remote unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the target server...

2.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/22 12:0 a.m.•1 views

WordPress WooCommerce Tax Rates Cross-Site Scripting

A cross-site scripting vulnerability exists in the WooCommerce WordPress plugin. This vulnerability is triggered when the WooCommerce tax rates setting incorrectly processes user-supplied data. A remote attacker may exploit this vulnerability by uploading a malicious .csv file into the applicatio...

2.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/20 12:0 a.m.•12 views

MikroTik RouterOS Admin Password Change (CVE-2015-2350)

A vulnerability exists in MicroTik RouterOS, allowing an attacker to force an end-user to carry out undesired actions on the web application where the user is currently authenticated...

6.8CVSS3.8AI score0.01151EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/12/20 12:0 a.m.•9 views

Google Chrome Blink ImageBitmap Integer Overflow (CVE-2016-5182)

A heap overflow vulnerability exists in Google Chrome Blink. The vulnerability is due to an integer overflow in a function while processing an HTML file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted HTML file, potentially leading...

6.8CVSS3.1AI score0.01282EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/19 12:0 a.m.•5 views

MikroTik RouterOS SNMP Security Bypass (CVE-2008-6976)

MikroTik RouterOS is prone to a security-bypass vulnerability because the software fails to sufficiently sanitize SNMP requests. Successfully exploiting this issue allows attackers to write to and change certain aspects of the Network Management System NMS. This may aid in further attacks. Versio...

6.4CVSS4.6AI score0.09178EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/12/18 12:0 a.m.•9 views

HPE Network Automation RPCServlet Insecure Deserialization (CVE-2016-8511)

An insecure deserialization vulnerability has been reported in the RPCServlet of HPE Network Automation. The vulnerability is due to the deserialization of untrusted data. A remote attacker can exploit this vulnerability sending a request with crafted serialized data to the exposed RPCServlet...

7.5CVSS3.5AI score0.15618EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/15 12:0 a.m.•12 views

Microsoft Bowser.sys Information Disclosure (MS16-135: CVE-2016-7218)

An information disclosure vulnerability exists in Microsoft Windows regarding bowser.sys . A local attacker could exploit this vulnerability by running a specially crafted malicious executable file. Successful exploitation of this vulnerability could lead to information disclosure...

1.9CVSS4.8AI score0.03457EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/14 12:0 a.m.•1 views

Dell SonicWALL Universal Management Suite ImagePreviewServlet SQL Injection

An SQL injection vulnerability exists in Dell SonicWALL Universal Management Suite. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of SYSTEM on the...

5.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/14 12:0 a.m.•2 views

Adobe Flash Player Memory Corruption (APSB16-39: CVE-2016-7874)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS4.7AI score0.04978EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/14 12:0 a.m.•3 views

Adobe Reader DC JPEG2000 Out-of-Bounds Read (CVE-2016-7854)

An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to improper handling of JPEG2000 images, and could be used to gain sensitive information that may help in further attacks. A remote attacker could exploit this vulnerability by enticing a user to open...

10CVSS1.6AI score0.03803EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•4 views

Adobe Flash Player Use After Free Code Execution (APSB16-39: CVE-2016-7892)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

9.3CVSS3.7AI score0.18786EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB16-39: CVE-2016-7871)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

6.8CVSS4.7AI score0.06723EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•5 views

Microsoft Browser Information Disclosure (MS16-145: CVE-2016-7206)

An information disclosure vulnerability exists in Microsoft Edge. The vulnerability is due to the way Microsoft Edge improperly handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...

4.3CVSS5.8AI score0.11612EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•11 views

Microsoft Windows Win32k Elevation of Privilege (MS16-151: CVE-2016-7260)

An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application...

7.2CVSS7.4AI score0.01561EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•6 views

Microsoft Edge Memory Corruption (MS16-145: CVE-2016-7286)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a memory corruption when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption...

7.6CVSS8AI score0.68884EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•11 views

Microsoft Office Information Disclosure (MS16-148: CVE-2016-7268)

An information disclosure vulnerability exists in Microsoft Office. The vulnerability is due to an out of bound memory read. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted file, which can lead to disclosure of sensitive information...

5.8CVSS6.3AI score0.22585EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•4 views

Microsoft Office Memory Corruption (MS16-148: CVE-2016-7289)

An Out-of-Bounds-Read vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this vulnerability by enticing a victim to open a specially...

9.3CVSS7.7AI score0.25146EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•5 views

Microsoft Edge Memory Corruption (MS16-145: CVE-2016-7296)

A memory corruption vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to...

7.6CVSS8AI score0.16709EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•5 views

Adobe Flash Player Use After Free Code Execution (APSB16-39: CVE-2016-7878)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

6.8CVSS3.7AI score0.07947EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB16-39: CVE-2016-7872)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

6.8CVSS3.7AI score0.07679EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•2 views

Adobe Flash Player Buffer Overflow (APSB16-39: CVE-2016-7867)

A buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

6.8CVSS5.3AI score0.10701EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•6 views

Microsoft Office Security Feature Bypass (MS16-148: CVE-2016-7267)

A security feature bypass exists in Microsoft Office. The vulnerability is due to an improper handling of an excel file. A remote attacker can exploit this vulnerability ,potentially leading to a security bypass...

4.3CVSS6.1AI score0.19414EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•6 views

Adobe Flash Player Use After Free Code Execution (APSB16-39: CVE-2016-7877)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

9.3CVSS3.7AI score0.05882EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/12/13 12:0 a.m.•4 views

Adobe Flash Player Integer Overflow Remote Code Execution (APSB16-39: CVE-2016-7875)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a design flaw that could lead to integer overflow. A remote attacker can exploit this vulnerability by enticing a victim to open specially crafted SWF files...

6.8CVSS4.9AI score0.08275EPSS
Exploits0
Total number of security vulnerabilities13538