Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2015/01/28 12:0 a.m.•5 views

Adobe Flash Player Memory Corruption (APSB15-03: CVE-2015-0310: CVE-2015-0311)

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an unknown error that enables mitigating memory randomization algorithms in Flash. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack cou...

10CVSS3.2AI score0.8582EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/01/28 12:0 a.m.•2 views

Adobe Flash Player Memory Corruption (APSB15-01: CVE-2015-0306)

A memory corruption vulnerability has been identified in Adobe Flash Player and Air. The vulnerability is due to an error in the player that fails to properly validate input of dll files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

10CVSS3.5AI score0.06135EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/28 12:0 a.m.•29 views

GNU C Library gethostbyname Buffer Overflow (CVE-2015-0235)

A buffer overflow vulnerability, known as GHOST Vulnerability, exists in GNU C Library function. A remote attacker can exploit this vulnerability by providing crafted input to an application that uses this vulnerable function. Successful exploitation could result in code execution in the context ...

10CVSS4.5AI score0.94859EPSS
Exploits29
Check Point Advisories
Check Point Advisories
•added 2015/01/28 12:0 a.m.•8 views

Zenoss Core Version Check Remote Code Execution (CVE-2014-6261)

A remote code execution vulnerability exists in the Zenoss Core Application. The vulnerability is due to unpickling of potentially unsafe Python pickle serialized object when checking for software updates from the Zenoss home server. A remote attacker can exploit this vulnerability. Successful...

9.3CVSS3.9AI score0.19683EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/27 12:0 a.m.•3 views

Adobe Flash Player Out of Bounds Memory Corruption (APSB15-01: CVE-2015-0307)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an out-of-bounds memory read while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

8.5CVSS3.1AI score0.0527EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/27 12:0 a.m.•3 views

OpenSSL TLS Missing SRP Extension Denial of Service (CVE-2014-5139)

A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an issue while parsing Server Hello messages with a specific cipher suite and extension. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to a target...

4.3CVSS3.5AI score0.19997EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/27 12:0 a.m.•4 views

Adobe Flash Use After Free Code Execution (APSB15-01: CVE-2015-0308)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS4.1AI score0.0723EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/26 12:0 a.m.•3 views

Adobe Flash Player Buffer Overflow (APSB15-01: CVE-2015-0304)

A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.2AI score0.08742EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/26 12:0 a.m.•7 views

Adobe Flash Player Action Script Evasion (CVE-2015-0310; CVE-2015-0311)

Flash files can contain malicious Action Script code to exploit vulnerabilities in Adobe Flash Player. Certain evasion tools can use evasion techniques in order to circumvent inspection by security software. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

10CVSS2.2AI score0.8582EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/01/26 12:0 a.m.•24 views

TCPDUMP ISAKMP Payload Handling DoS (CVE-2004-0183)

Tcpdump parses and displays, and optionally records packets received on a network interface matching a user provided filter. Two vulnerabilities exist in the Tcpdump ISAKMP payload handling module, which can be exploited to cause a DoS Denial of Service by sending packets with specially crafted...

1.8AI score0.05622EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/25 12:0 a.m.•2 views

Adobe Flash Player Use After Free Code Execution (APSB14-24: CVE-2014-8438)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted mp4 files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted file...

10CVSS3.4AI score0.09927EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/22 12:0 a.m.•3 views

Adobe Flash Player Privilege Escalation (APSB15-01: CVE-2015-0302)

A Privilege Escalation vulnerability has been reported in Adobe Flash Player. The vulnerability exists because the isKeyDown method in Flash Player fails to validate if the window in which the swf is loaded has the focus. When loaded, the swf can listen to keystrokes across the system...

5CVSS3.3AI score0.0487EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/22 12:0 a.m.•3 views

Adobe Flash Player Type Confusion (APSB14-24: CVE-2014-0590)

A type confusion vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an...

10CVSS3.1AI score0.05519EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/21 12:0 a.m.•3 views

Adobe Reader and Acrobat Memory Corruption (APSB14-28: CVE-2014-8447)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

10CVSS6.4AI score0.08948EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/21 12:0 a.m.•7 views

Browserify Node.js Remote Code Execution (CVE-2014-7192)

A remote code execution was discovered in Browserify Node.js. An unauthenticated attacker may use this vulnerability to execute code on the vulnerable server...

10CVSS3.7AI score0.13441EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/01/21 12:0 a.m.•13 views

XChat Bounds Checking Buffer Overflow (CVE-2011-5129)

A buffer overflow vulnerability exists in XChat. Successful exploitation of this vulnerability will cause a crash, and may allow injection and execution of arbitrary code. The vulnerability is due to insufficient bounds checking. A remote attacker could exploit this vulnerability by sending a...

5CVSS4AI score0.07696EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/01/20 12:0 a.m.•7 views

ManageEngine Desktop Central MSP StatusUpdateServlet fileName Directory Traversal (CVE-2014-9404)

A directory traversal vulnerability exists in ManageEngine Desktop Central MSP. The vulnerability is due to lack of authentication and insufficient input validation of the filename parameter sent to the StatusUpdateServlet page when processing HTTPS requests...

6.7AI score
Exploits11
Check Point Advisories
Check Point Advisories
•added 2015/01/20 12:0 a.m.•18 views

ManageEngine Multiple Products File Attachment Directory Traversal (CVE-2014-5301)

A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer, SupportCenter and IT360. The vulnerability is due to insufficient input validation of the "module" parameter sent in HTTP requests to the server. A remote authenticated attacker can upload or delete...

9CVSS2.3AI score0.78378EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2015/01/19 12:0 a.m.•2 views

PDF Containing Suspicious File Info Fields

PDF files are susceptible to various remote code execution vulnerabilities. Although various security products provide coverage against many such vulnerabilities, attackers could potentially bypass security products inspection by using PDF files that contain a suspicious File Info Fields...

4.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/19 12:0 a.m.•3 views

OpenSSL DTLS dtls1_buffer_record Denial of Service (CVE-2015-0206)

A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to memory exhaustion when parsing specially crafted DTLS packets. Successful exploitation will result in high memory consumption and lead to a denial of service condition...

5CVSS4.1AI score0.59319EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/19 12:0 a.m.•5 views

Adobe Flash Player Memory Corruption (APSB15-01: CVE-2015-0303)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.05908EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/19 12:0 a.m.•15 views

Samsung SmartViewer CNC_Ctrl ActiveX Control Buffer Overflow (CVE-2012-4333; CVE-2014-9265)

A stack buffer overflow vulnerability exists in Samsung SmartViewer. The vulnerability is due to improper validation of a parameter provided to the BackupToAvi method of the CNCCtrl ActiveX Control. A remote, unauthenticated attacker can exploit this vulnerability by enticing the target user to...

10CVSS4.8AI score0.60447EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2015/01/19 12:0 a.m.•4 views

Microsoft Office Files Containing Malicious Downloader

Microsoft Office files might contain a malicious downloader. A remote attacker could send spam e-mails including those downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system...

3.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/19 12:0 a.m.•28 views

Git Client Path Validation Command Execution (CVE-2014-9390)

A command execution vulnerability exists in the Git client. The vulnerability is due to insufficient validation of allowed check-in paths. A remote attacker could exploit this vulnerability by enticing a user to checkout a crafted git repository, or by checking-in maliciously crafted commits to a...

7.5CVSS2.7AI score0.63178EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/01/16 12:0 a.m.•12 views

ManageEngine Multiple Products WsDiscoveryServlet Directory Traversal (CVE-2014-5302)

A directory traversal vulnerability exists in ManageEngine ServiceDesk Plus, AssetExplorer and IT360. The vulnerability is due to lack of authentication and insufficient input validation on the "computerName" parameter sent in HTTP requests to the WsDiscoveryServlet. A remote unauthenticated...

9CVSS1.9AI score0.1073EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2015/01/15 12:0 a.m.•5 views

Adobe Acrobat and Reader Time of Check Time of Use Race Condition (APSB14-28: CVE-2014-9150)

A time-of-check time-of-use race condition vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a special...

6.4CVSS6.3AI score0.02267EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/15 12:0 a.m.•4 views

HTML Containing Malicious VBScript Encoding

Certain VBScript obfuscation schemes can be used to circumvent security software. These methods could allow attackers to execute arbitrary code on the target machine...

3.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/14 12:0 a.m.•3 views

NTP Daemon Configure Buffer Overflow (CVE-2014-9295)

The NTP daemon implements the Network Time Protocol NTP which sets and maintains the system time-of-day in synchronism with Internet standard time servers. A buffer overflow vulnerability has been reported in the NTPD NTP daemon. The vulnerability is due to insufficient checks on the input size. ...

7.5CVSS4.9AI score0.7809EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/01/14 12:0 a.m.•1 views

OpenSSL DTLS dtls1_get_record Segmentation Fault Denial of Service (CVE-2014-3571)

A vulnerability has been detected in the way OpenSSL handles DTLS messages. A carefully crafted DTLS message can cause a segmentation fault in OpenSSL which could lead to a Denial Of Service attack...

5CVSS2.3AI score0.22964EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/14 12:0 a.m.•24 views

Advantech ADAMView Conditional Bitmap Remote Code Execution (CVE-2014-8386)

A stack-buffer overflow has been reported in Advantech ADAMView. The vulnerability is due to insufficient validation of conditional bitmaps from a file...

7.5CVSS3.8AI score0.05921EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2015/01/14 12:0 a.m.•5 views

Adobe Acrobat and Reader Buffer Overflow (APSB14-28: CVE-2014-9159)

A buffer overflow vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS6.6AI score0.09712EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•4 views

Microsoft Windows NLA Security Feature Bypass (MS15-005; CVE-2015-0006)

A security feature bypass vulnerability has been reported in the Network Location Awareness NLA service. The vulnerability is caused when the NLA service fails to properly validate if a domain-connected machine is connected to the domain or to an untrusted network. A remote attacker can exploit...

6.1CVSS6.3AI score0.11613EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•3 views

Adobe Acrobat and Reader Memory Corruption (APSB14-28: CVE-2014-8461)

A memory corruption vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS6.5AI score0.08948EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•5 views

Microsoft Network Policy Server RADIUS Denial of Service (MS15-007; CVE-2015-0015)

A denial of service vulnerability exists in the Network Policy Server NPS. The vulnerability is due to the way the NPS handles username strings. A remote attacker can exploit this issue by sending a specially crafted username string to the NPS...

7.8CVSS6.1AI score0.78735EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•37 views

Microsoft Windows Directory Traversal Elevation of Privilege (MS15-004; CVE-2015-0016)

An elevation of privilege vulnerability exists in Windows Components. The vulnerability is caused when Windows fails to properly sanitize file paths. An attacker can exploit this vulnerability by tricking a user into downloading a specially crafted application...

9.3CVSS6AI score0.7594EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•11 views

Microsoft Windows Telnet Service Buffer Overflow (MS15-002; CVE-2015-0014)

A buffer overflow vulnerability exists in Windows Telnet service. The vulnerability is due to improper validation of memory location. An attacker could exploit this vulnerability by sending specially crafted telnet packets to a Windows server...

10CVSS6.5AI score0.96893EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•4 views

Web Browsers Malicious Hidden iFrame Redirection

A compromised site may use an obfuscated hidden iFrame code in order to redirect traffic to a malicious website. The client would then be vulnerable to possible automatic download of malware...

3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•12 views

Adobe Acrobat and Reader Memory Corruption (APSB14-28: CVE-2014-8458)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS6.4AI score0.08948EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•11 views

Novell eDirectory IMONITOR Cross-Site Scripting (CVE-2014-5212)

A cross-site scripting vulnerability exists in Novell eDirectory IMONITOR. The vulnerability is due to an input validation error while parsing the rdn parameter. A remote attacker could exploit this vulnerability to execute arbitrary script or HTML code in the user's browser session...

4.3CVSS4AI score0.02EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•8 views

Adobe Acrobat and Reader Memory Corruption (APSB14-28: CVE-2014-8459)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

10CVSS6.6AI score0.08948EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•12 views

Microsoft Application Compatibility Infrastructure Elevation of Privilege (MS15-001; CVE-2015-0002)

A privilege escalation vulnerability exists in Microsoft Windows Application Compatibility Cache. The vulnerability is due to a lack of validation of administrator privileges while running a specially crafted application. An authenticated attacker can exploit this issue by sending a specially...

7.2CVSS7.1AI score0.13802EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2015/01/13 12:0 a.m.•8 views

Adobe Reader and Acrobat Information Disclosure (APSB14-28: CVE-2014-8452)

An Information Disclosure vulnerability has been reported in Adobe Reader. The vulnerability is due to an improper handling of XML external entities. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...

5CVSS6.1AI score0.17456EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/12 12:0 a.m.•14 views

ManageEngine Desktop Central Dcpluginservelet Policy Bypass (CVE-2014-7862)

A policy bypass vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to lack of authentication and insufficient input validation of the parameters sent to the Dcpluginservelet page when processing HTTPS requests...

7.5CVSS2.2AI score0.81048EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2015/01/12 12:0 a.m.•7 views

OpenSSL ssl23_get_client_hello Function Denial of Service (CVE-2014-3569)

A denial of service vulnerability exists in the OpenSSL library compiled with no-ssl3. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted handshake to the target application and cause it to terminate...

5CVSS3AI score0.20646EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/12 12:0 a.m.•10 views

Adobe Reader Javascript API Information Disclosure (APSB14-28: CVE-2014-8451)

An Information Disclosure vulnerability has been reported in Adobe Reader. The vulnerability is due to an improper implementation of a Javascript API. A remote attacker can exploit this issue by enticing a victim to open a specially crafted PDF file...

5CVSS6AI score0.094EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/12 12:0 a.m.•7 views

Honeywell OPOS Suite Multiple ActiveX Controls Open Method Stack Buffer Overflow (CVE-2014-8269)

A buffer overflow vulnerability has been reported in Honeywell OPOS Suite. The vulnerability is due to improper bounds checking while processing the Open method calls within the HWOPOSScale.ocx ActiveX control and the HWOPOSSCANNER.ocx ActiveX control. An attacker can exploit this vulnerability b...

7.5CVSS6.7AI score0.04747EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/11 12:0 a.m.•3 views

Lexmark MarkVision Enterprise GfdFileUploadServlet Directory Traversal (CVE-2014-8741)

A directory traversal vulnerability exists in Lexmark MarkVision Enterprise. The vulnerability is due to an input validation issue when processing user supplied data used for writing files to the system by the GfdFileUploadServlet servlet. A remote unauthenticated attacker could exploit this...

10CVSS3.4AI score0.77198EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2015/01/11 12:0 a.m.•1 views

Morfeus Security Scanner

Morfeus is a vulnerability scanning product. Remote attackers can use Morfeus to detect vulnerabilities on a target server...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/11 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB14-27: CVE-2014-8443)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error while loading specially crafted SWF files. A remote attacker can exploit this issue by enticing the victim to open a specially crafted SWF file...

10CVSS3.5AI score0.04701EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2015/01/11 12:0 a.m.•3 views

Adobe Acrobat And Reader Use-After-Free (APSB14-28: CVE-2014-8455)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

10CVSS6.1AI score0.08454EPSS
Exploits0
Total number of security vulnerabilities13538