Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2021/12/28 12:0 a.m.•9 views

Zoho ManageEngine ADManager Plus Arbitrary File Upload (CVE-2021-20130)

An unrestricted file upload vulnerability exists in ManageEngine ADManager Plus. The vulnerability is due to lack of validation of uploaded files in PasswordExpiryAction class...

6.5CVSS2.6AI score0.3162EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/28 12:0 a.m.•5 views

Apache ShenYu Admin Authentication Bypass (CVE-2021-37580)

A authentication bypass vulnerability exists in the Apache ShenYu Admin. The vulnerability is due to improper handling of the incoming HTTP requests...

7.5CVSS1.6AI score0.40058EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2021/12/28 12:0 a.m.•4 views

WordPress LearnPress Plugin Cross-Site Scripting (CVE-2021-39348)

A stored cross-site scripting vulnerability exists in LearnPress Plugin for WordPress. The vulnerability is due to insufficient sanitization of user-supplied data in Profile Settings page...

3.5CVSS1.6AI score0.05037EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/28 12:0 a.m.•7 views

WordPress Download Manager Plugin Cross-Site Scripting (CVE-2021-24773)

A stored cross-site scripting vulnerability exists in Download Manager Plugin for WordPress. The vulnerability is due to insufficient sanitization of user-supplied data in Attach File section...

3.5CVSS2.1AI score0.02774EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2021/12/27 12:0 a.m.•5 views

Schneider Electric Struxureware Data Center Expert Directory Traversal (CVE-2021-22794)

A directory traversal vulnerability exists in Schneider Electric Struxureware Data Center Expert. The vulnerability is due to improper validation of user-supplied input...

7.5CVSS3.5AI score0.02083EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/27 12:0 a.m.•12 views

Kaseya VSA Remote Code Execution (CVE-2021-30116)

A remote code execution vulnerability exists in Kaseya VSA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.9AI score0.85619EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/27 12:0 a.m.•13 views

VMware Spring Cloud Netflix Remote Code Execution (CVE-2021-22053)

A remote code execution vulnerability exists in VMware Spring Cloud Netflix. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.5CVSS5.7AI score0.12694EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/27 12:0 a.m.•5 views

Grafana Cross-site Scripting (CVE-2021-41174)

A cross-site scripting vulnerability exists in Grafana. The vulnerability is due to insufficient validation of user input in the URI path...

4.3CVSS2.2AI score0.84607EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/27 12:0 a.m.•3 views

Victure WR1200 WiFi Router Command Injection (CVE-2021-43283)

A command injection vulnerability exists in Victure WR1200 WiFi Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.8AI score0.05404EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/12/23 12:0 a.m.•12 views

Tenda AC-10U AC1200 Router Denial of Service (CVE-2020-22079)

A denial-of-service vulnerability exists in Tenda AC-10U AC1200 Router. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

7.5CVSS5.3AI score0.04004EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/23 12:0 a.m.•4 views

Ericsson Network Location Command Injection (CVE-2021-43339)

A command injection vulnerability exists in Ericsson Network Location. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

6.5CVSS5.6AI score0.09557EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/22 12:0 a.m.•7 views

Pulse Connect Secure Command Injection (CVE-2020-8243)

A command injection vulnerability exists in Pulse Connect Secure. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

6.5CVSS5.1AI score0.90759EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/22 12:0 a.m.•3 views

Advantech WebAccess HMI Designer Buffer Overflow (CVE-2021-33000)

A buffer overflow vulnerability exists in the project management file parsing component of Advantech WebAccess HMI Designer. The vulnerability is due to lack of proper validation while processing user supplied NMultistateLamp object data...

6.8CVSS7.6AI score0.01041EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/22 12:0 a.m.•7 views

Grafana Snapshot Feature Information Disclosure (CVE-2021-39226)

An information disclosure vulnerability exists in Grafana Snapshot Feature. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

6.8CVSS2.5AI score0.99888EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/22 12:0 a.m.•9 views

rConfig SQL Injection (CVE-2020-10546; CVE-2020-10547; CVE-2020-10548; CVE-2020-10549)

An SQL injection vulnerability exists in rConfig. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.4AI score0.8733EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2021/12/21 12:0 a.m.•3 views

WordPress Hide My WP Plugin SQL Injection (CVE-2021-36916)

An SQL injection vulnerability exists in WordPress Hide My WP Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS4.2AI score0.01802EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/21 12:0 a.m.•7 views

Hotel Druid SQL Injection (CVE-2021-37832)

An SQL injection vulnerability exists in Hotel Druid. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS4.6AI score0.04102EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/12/21 12:0 a.m.•5 views

WordPress WP Data Access Plugin SQL Injection (CVE-2021-24866)

An SQL injection vulnerability exists in WordPress WP Data Access plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.6AI score0.01575EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2021/12/21 12:0 a.m.•10 views

Zoho ManageEngine Network Configuration Manager SQL Injection (CVE-2021-41081)

An SQL injection vulnerability exists in Zoho ManageEngine Network Configuration Manager. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5AI score0.69173EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/21 12:0 a.m.•9 views

Apache Log4j Denial Of Service (CVE-2021-45105)

A denial of service vulnerability exists in Apache Log4. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...

4.3CVSS5.1AI score0.99999EPSS
Exploits20
Check Point Advisories
Check Point Advisories
•added 2021/12/21 12:0 a.m.•4 views

VINGA WR-N300U Router Command Injection (CVE-2021-43469)

A command injection vulnerability exists in VINGA WR-N300U Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

6.5CVSS6.3AI score0.02307EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/16 12:0 a.m.•7 views

Microsoft Exchange Server Security Feature Authentication Bypass (CVE-2021-31207)

An authentication bypass vulnerability exists in Microsoft Exchange Server. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

6.5CVSS5.8AI score0.99782EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2021/12/16 12:0 a.m.•13 views

Dnnsoftware DotNetNuke Remote Code Execution (CVE-2018-15811)

A Remote Code Execution vulnerability exists in Dnnsoftware DotNetNuke. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5CVSS6.1AI score0.74048EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2021/12/16 12:0 a.m.•22 views

Dolibarr Website Builder Remote Code Execution (CVE-2021-33816)

A remote code execution vulnerability exists in Dolibarr Website Builder module. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.5AI score0.03815EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/12/15 12:0 a.m.•8 views

WordPress Duplicate Post Plugin SQL Injection (CVE-2021-43408)

An SQL injection vulnerability exists in WordPress Duplicate Post Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

9CVSS4.9AI score0.09767EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/12/15 12:0 a.m.•8 views

Sourcecodester Online Event Booking and Reservation System SQL Injection (CVE-2021-42667)

An SQL injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.3AI score0.15806EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/12/14 12:0 a.m.•4 views

Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43207)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.6CVSS8.7AI score0.00632EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/14 12:0 a.m.•15 views

Microsoft Windows Installer Elevation of Privilege (CVE-2021-43883)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.6CVSS8.7AI score0.11963EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/14 12:0 a.m.•8 views

Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-43226)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.6CVSS8.7AI score0.03072EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/14 12:0 a.m.•5 views

Microsoft Remote Desktop Client Remote Code Execution (CVE-2021-43233)

A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.1CVSS9AI score0.02236EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/14 12:0 a.m.•4 views

Microsoft Windows Print Spooler Elevation of Privilege (CVE-2021-41333)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

4.6CVSS8.7AI score0.0105EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/13 12:0 a.m.•27 views

ExifTool Remote Code Execution (CVE-2021-22204)

A remote code execution vulnerability exists in ExifTool. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

6.8CVSS6AI score0.99981EPSS
Exploits39
Check Point Advisories
Check Point Advisories
•added 2021/12/12 12:0 a.m.•11 views

SAP NetWeaver Directory Traversal (CVE-2016-3976)

A directory traversal vulnerability exists in SAP NetWeaver. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

5CVSS5.3AI score0.46605EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2021/12/10 12:0 a.m.•46 views

Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)

A remote code execution vulnerability exists in Apache Log4j. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9.3CVSS5.4AI score0.99999EPSS
Exploits349
Check Point Advisories
Check Point Advisories
•added 2021/12/08 12:0 a.m.•11 views

Aerohive Networks HiveOS Remote Code Execution (CVE-2020-16152)

A remote code execution vulnerability exists in Aerohive Networks HiveOS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.1AI score0.35047EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2021/12/08 12:0 a.m.•36 views

TP-Link TL-WR840N Router Command Injection (CVE-2021-41653)

A command injection vulnerability exists in TP-Link TL-WR840N Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

10CVSS5.9AI score0.7747EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/08 12:0 a.m.•61 views

Grafana Directory Traversal (CVE-2021-43798)

A directory traversal vulnerability exists in Grafana. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...

5CVSS5.5AI score0.88849EPSS
Exploits44
Check Point Advisories
Check Point Advisories
•added 2021/12/07 12:0 a.m.•7 views

Zoho ManageEngine ServiceDesk Plus Remote Code Execution (CVE-2021-44077)

A remote code execution vulnerability exists in Zoho ManageEngine ServiceDesk Plus. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.8AI score0.93514EPSS
Exploits6
Check Point Advisories
Check Point Advisories
•added 2021/12/05 12:0 a.m.•1 views

Java Server Side Template Injection

A remote attacker can inject malicious commands into a template engine. Successful exploitation could result in the execution of arbitrary code in the affected web server...

4.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/05 12:0 a.m.•8 views

SolarWinds Serv-U Remote Code Execution (CVE-2021-35211)

A remote code execution vulnerability exists in SolarWinds Serv-U. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.5AI score0.9116EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2021/12/05 12:0 a.m.•7 views

Nagios XI Command Injection (CVE-2021-40345)

A command injection vulnerability exists in Nagios Xi. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.7AI score0.23044EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/12/02 12:0 a.m.•20 views

VMware ESXi Remote Code Execution (CVE-2020-3992)

A remote code execution vulnerability exists in VMware ESXi. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.9AI score0.83015EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2021/12/02 12:0 a.m.•15 views

Yealink Device Management Command Injection (CVE-2021-27561)

A command injection vulnerability exists in Yealink Device Management. The vulnerability is due to improper handling of a crafted HTTP request...

10CVSS1.7AI score0.82516EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/12/02 12:0 a.m.•5 views

Lodging Reservation Management System SQL Injection (CVE-2021-41511)

An SQL injection vulnerability exists in Lodging Reservation Management System. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system or bypass authentication...

7.5CVSS5.8AI score0.03235EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/11/30 12:0 a.m.•11 views

Unraid Remote Code Execution (CVE-2020-5847; CVE-2020-5849)

A remote code execution vulnerability exists in Unraid. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.6AI score0.95844EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2021/11/29 12:0 a.m.•6 views

VMWare Workspace Command Injection (CVE-2020-4006)

A command injection vulnerability exists in multiple VMWare products. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.8AI score0.23771EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/11/29 12:0 a.m.•4 views

CSZ CMS SQL Injection (CVE-2020-21250)

An SQL injection vulnerability exists in CSZ CMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

7.5CVSS5.3AI score0.01127EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2021/11/28 12:0 a.m.•8 views

SolarWinds Orion Platform Authentication Bypass (CVE-2020-10148)

An authentication bypass vulnerability exists in SolarWinds Orion API. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...

7.5CVSS9.1AI score0.9198EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2021/11/28 12:0 a.m.•6 views

Quest NetVault Backup Remote Code Execution (CVE-2017-17419)

A remote code execution vulnerability exists in Quest NetVault Backup. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS9.5AI score0.03933EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2021/11/28 12:0 a.m.•11 views

LibreNMS addhost Command Injection (CVE-2018-20434)

A command injection vulnerability exists in LibreNMS. This vulnerability is due to incorrect parsing of the community HTTP header. A remote attacker can exploit this vulnerability by sending a crafted HTTP request to the target server...

10CVSS9.2AI score0.71487EPSS
Exploits9
Total number of security vulnerabilities13538