Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2016/11/21 12:0 a.m.•24 views

Adobe ColdFusion OOXML XXE Information Disclosure (CVE-2016-4264)

An XML external entity XXE processing vulnerability has been reported in the Office Open XML OOXML parsing component of Adobe ColdFusion. The vulnerability is due to a lack of validation on user-supplied input when parsing OOXML documents. A remote attacker could exploit this vulnerability by...

6.4CVSS4.2AI score0.69044EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2016/11/20 12:0 a.m.•19 views

Pivotal Spring Security OAuth SpelView Code Execution (CVE-2016-4977)

A remote code execution vulnerability exists in Pivotal Spring Security OAuth. The vulnerability is caused when processing authorization requests using the whitelabel views and when the responsetype parameter value is executed as Spring SpEL. This enables a malicious user to trigger remote code...

6.5CVSS3.5AI score0.79176EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/11/14 12:0 a.m.•15 views

Trend Micro Smart Protection Server admin_notification.php Command Injection (CVE-2016-6267)

A remote code execution vulnerability exists in the adminnotification.php script of Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by providing crafted input to the...

6.5CVSS8.9AI score0.54872EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/11/10 12:0 a.m.•14 views

Microsoft Windows AHCACHE.SYS Denial of Service (MS16-110: CVE-2016-3369)

A denial of service vulnerability exists in the AHCACHE.SYS driver. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this issue by sending a specially crafted Portable Executable file to an affected server. Successful exploitation could allow an...

7.8CVSS7.1AI score0.12195EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/11/10 12:0 a.m.•11 views

Adobe Flash Player Security Bypass (APSB16-18: CVE-2016-4140)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insecure library loading while handling certain files. A remote attacker could exploit this issue by enticing a user to open a legitimate file that will insecurely load a specially crafted D...

9.3CVSS3AI score0.0381EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/09 12:0 a.m.•10 views

Adobe Flash Player Use After Free Code Execution (APSB16-08: CVE-2016-0999)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

10CVSS3.7AI score0.29839EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/11/09 12:0 a.m.•3 views

Adobe Flash Player Use After Free (APSB16-37: CVE-2016-7863)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

9.3CVSS4.5AI score0.07101EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/09 12:0 a.m.•7 views

XpoLog Center Remote Command Execution

A remote command execution vulnerability exists in XpoLog Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

6AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/09 12:0 a.m.•9 views

Adobe Flash Player Type Confusion (APSB16-37: CVE-2016-7865)

A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected...

9.3CVSS3.2AI score0.0724EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•4 views

Microsoft Browser Information Disclosure (MS16-142: CVE-2016-7227)

An information disclosure vulnerability exists in Internet Explorer. The vulnerability is due to the way Internet Explorer improperly handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website...

2.6CVSS5.4AI score0.11616EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•4 views

Microsoft Office Memory Corruption (MS16-133: CVE-2016-7236)

A use-after-free vulnerability exists in Microsoft Office. A remote attacker can exploit this issue by enticing a user to open a specially crafted .xlsb file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user...

9.3CVSS7.4AI score0.20717EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•4 views

Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7225)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to insufficient specification for a certain flag. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable...

3.6CVSS6.5AI score0.04105EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•7 views

Adobe Flash Player Use After Free Code Execution (APSB16-37: CVE-2016-7859)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

9.3CVSS3.7AI score0.07041EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•6 views

Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7224)

Multiple elevation of privilege vulnerabilities exist in the Windows VHDMP kernel driver. The vulnerability is due to the way driver fails to properly handle user access to certain files. An attacker can exploit this vulnerability by gaining access to the local system and executing a specially...

3.6CVSS6.5AI score0.04105EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•4 views

Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7201)

A remote code execution exists in Microsoft Edge. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that...

7.6CVSS3.2AI score0.79687EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•6 views

Microsoft Win32k Elevation of Privilege (MS16-135: CVE-2016-7246)

An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application...

7.2CVSS7.4AI score0.03019EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•3 views

Adobe Flash Player Use After Free (APSB16-37: CVE-2016-7864)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

9.3CVSS4.5AI score0.07041EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•10 views

Microsoft Office Information Disclosure (MS16-133: CVE-2016-7233)

An Out-of-bounds memory read vulnerability exists in Microsoft Word. The vulnerability is triggered by reading a malformed .doc file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user...

4.3CVSS6.6AI score0.22384EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•5 views

Microsoft Windows Win32k Information Disclosure (MS16-135: CVE-2016-7214)

An out-of-bounds read vulnerability was discovered within Microsoft Windows. The vulnerability is caused when Microsoft Windows improperly deals with one of its kernel components. Successful exploitation of this issue might lead to leakage of sensitive information from the kernel...

2.1CVSS5.6AI score0.03781EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•11 views

Microsoft Win32k Elevation of Privilege (MS16-135: CVE-2016-7215)

An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application...

7.2CVSS7.4AI score0.03019EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•2 views

Adobe Flash Player Type Confusion (APSB16-37: CVE-2016-7861)

A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected...

9.3CVSS3.2AI score0.07301EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•4 views

Adobe Flash Player Type Confusion (APSB16-37: CVE-2016-7860)

A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected...

9.3CVSS3.2AI score0.07301EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•4 views

Microsoft Office Memory Corruption (MS16-133: CVE-2016-7235)

A Out-of-bounds memory read vulnerability exists in Microsoft Office. The vulnerability is due to an error to an error in parsing a malformed DOC file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7AI score0.19641EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•12 views

Microsoft Edge Information Disclosure (MS16-129: CVE-2016-7204)

An information disclosure vulnerability has been reported in Microsoft Edge. The vulnerability is due to an error in the way that Microsoft Edge accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...

2.6CVSS4.8AI score0.11441EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•8 views

Microsoft Windows Open Type Font Information Disclosure (MS16-132: CVE-2016-7210)

An information disclosure vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way the Open Type Font OTF driver handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a specially crafted OTF fil...

4.3CVSS6.6AI score0.21122EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•15 views

Microsoft Windows Open Type Font Remote Code Execution (MS16-132: CVE-2016-7256)

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows font library improperly handles specially crafted embedded fonts. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafter OTF file...

9.3CVSS4.1AI score0.64835EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•7 views

Microsoft Windows Win32k Elevation of Privilege (MS16-135: CVE-2016-7255)

An elevation of privilege vulnerability exists in Microsoft Windows Win32k. A remote attacker can bypass a security check in win32k when Microsoft Windows improperly deals with one of its kernel components. A successful exploitation could allow an attacker to run arbitrary code with elevated...

7.2CVSS4.3AI score0.80968EPSS
Exploits24
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•7 views

Adobe Flash Player Use After Free Code Execution (APSB16-37: CVE-2016-7857)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

9.3CVSS3.7AI score0.07041EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•7 views

Microsoft Windows Animation Manager Memory Corruption (MS16-132: CVE-2016-7205)

A memory corruption vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way the Windows Animation Manager handles objects in memory. A remote attacker could exploit this vulnerability by enticing a target user to open a malicious webpage...

9.3CVSS8.2AI score0.21545EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•11 views

Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7203)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS3.5AI score0.64892EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•16 views

Microsoft Office Memory Corruption (MS16-133: CVE-2016-7213)

A use-after-free vulnerability exists in Microsoft Office. This vulnerability could be triggered by a corrupted Excel file. Successful exploitation of this issue could grant an attacker remote code execution...

9.3CVSS7.6AI score0.19282EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•9 views

Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3334)

A memory corruption vulnerability was discovered within the CLFS.SYS component of Microsoft Windows. It can be triggered by loading specially crafted .blf files. Successful exploitation of this issue might lead to local privilege escalation...

9.3CVSS7.5AI score0.06767EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•10 views

Adobe Flash Player Use After Free Code Execution (APSB16-37: CVE-2016-7858)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

9.3CVSS3.7AI score0.07041EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•9 views

Adobe Flash Player Use After Free Code Execution (APSB16-37: CVE-2016-7862)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

9.3CVSS3.7AI score0.07101EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•8 views

Microsoft Edge Memory Corruption (MS16-132: CVE-2016-7217)

A memory corruption vulnerability has been reported in Microsoft Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing the target user to open a specially crafted web page. Successful exploitation could lead to...

9.3CVSS8.8AI score0.21545EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•10 views

Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7200)

A memory corruption vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS3.5AI score0.8249EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•7 views

Microsoft Browser Memory Corruption (MS16-142: CVE-2016-7196)

A use-after-free vulnerability exists in Internet Explorer. The vulnerability is due to the way Internet Explorer accesses objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted website...

7.6CVSS7.1AI score0.14329EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•4 views

Microsoft Office Memory Corruption (MS16-133: CVE-2016-7228)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.28282EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•14 views

Microsoft Edge Scripting Engine Memory Corruption (MS16-129: CVE-2016-7242)

A type confusion vulnerability exists in Microsoft Edge. The vulnerability is due to the way JavaScript engine renders when handling objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS3.2AI score0.1628EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•11 views

Microsoft Windows Driver CLFS Elevation Of Privilege (MS16-134: CVE-2016-3332)

An elevation of privilege vulnerability has been reported in Microsoft Windows. The vulnerability is due to an malformed blf file, which could be abused by attackers to gain local privilege escalation. The attacker must entice the victim to run an executable file to exploit this vulnerability...

9.3CVSS7.5AI score0.06767EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•6 views

Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3333)

A memory corruption vulnerability was discovered within the CLFS.SYS component of Microsoft Windows. It can be triggered by loading specially crafted .blf files. Successful exploitation of this issue might lead to local privilege escalation...

9.3CVSS7.5AI score0.06767EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•15 views

Microsoft Office Memory Corruption (MS16-133: CVE-2016-7234)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.6AI score0.22285EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•4 views

Microsoft Office Memory Corruption (MS16-133: CVE-2016-7231)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted excel files. A remote attacker can exploit this issue by enticing a victim to open a specially...

9.3CVSS7.6AI score0.18664EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•11 views

Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3338)

A memory corruption vulnerability exists within the CLFS.SYS component of Microsoft Windows. It can be triggered by loading specially crafted .blf files. Successful exploitation of this issue might lead to local privilege escalation...

9.3CVSS7.5AI score0.06767EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•16 views

Microsoft Office Memory Corruption (MS16-133: CVE-2016-7230)

A remote code execution vulnerability exists in Microsoft PowerPoint. The vulnerability is due to a use-after-free error in Microsoft PowerPoint while handling a specially crafted PPT file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PPT...

9.3CVSS7.7AI score0.18419EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•9 views

Microsoft Windows File Manager Remote Code Execution (MS16-130: CVE-2016-7212)

An remote code execution vulnerability exists within Microsoft Windows. The vulnerability is due to an error in parsing a malformed JPG file. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted JPG file...

9.3CVSS7.9AI score0.69829EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•16 views

Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7226)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to insufficient specification for a certain flag. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable...

3.6CVSS6.5AI score0.04105EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•14 views

Microsoft Office Memory Corruption (MS16-133: CVE-2016-7232)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS7.6AI score0.24859EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•13 views

Microsoft Browser Memory Corruption (MS16-142: CVE-2016-7195)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to handling HTML classid attributes. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page. Successful exploitation could cause memo...

7.6CVSS8AI score0.16963EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/11/08 12:0 a.m.•8 views

Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3340)

A memory corruption vulnerability exists in Microsoft Windows. The vulnerability is due to incorrect calling of the functions AddLogContainer and CreateLogMarshallingArea using special parameters. Successful exploitation of this issue might lead to local privilege escalation...

9.3CVSS7.5AI score0.12625EPSS
Exploits0
Total number of security vulnerabilities13538