Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•5 views

Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16384)

A buffer over-read vulnerability exists in the exif processing module for a PNG file during XPS conversion. The vulnerability is due to an invalid input leads to an incorrect memory buffer location. A remote attacker may exploit this vulnerability by enticing a target user to open a specially...

9.3CVSS4.9AI score0.06882EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•4 views

Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16374)

A buffer over-read vulnerability exists in the JPEG 2000 module. The vulnerability is due to an invalid JPEG 2000 input code stream leading to an invalid memory buffer location. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

9.3CVSS3.9AI score0.06882EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•4 views

Adobe Acrobat and Reader Heap Overflow (APSB17-36: CVE-2017-16383)

A heap buffer overflow vulnerability exists in Adobe Reader. The vulnerability is due to an error in Adobe Reader while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

9.3CVSS5AI score0.1065EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•3 views

Adobe Flash Player Use After Free (APSB17-33: CVE-2017-11225)

An Use After Free vulnerability exists in Adobe Flash Player. The vulnerability is due to the way Adobe Flash handles objects in memory. A remote attacker can exploit this vulnerability by sending a crafted file...

10CVSS2.1AI score0.06076EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•7 views

Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16404)

A Out-of-bounds Read vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to the computation that writes data past the end of the intended buffer. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code...

9.3CVSS4.7AI score0.0887EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•3 views

Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16399)

An Out-of-bounds vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the way of processing fpage files embedded within XPS document. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted XPS document...

9.3CVSS3.4AI score0.0672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•4 views

Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16365)

A buffer over-read vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...

9.3CVSS3.8AI score0.06882EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•5 views

Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16372)

A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...

9.3CVSS4.1AI score0.0672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•5 views

Microsoft Internet Explorer Memory Corruption (CVE-2017-11855)

A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Microsoft Internet Explorer handles objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...

7.6CVSS7.6AI score0.47913EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•7 views

Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16417)

A out-of-bounds write vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful...

9.3CVSS4AI score0.08512EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•4 views

Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16373)

A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...

9.3CVSS4.1AI score0.0672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•5 views

Adobe Acrobat and Reader Improper Validation of Array Index (APSB17-36: CVE-2017-16391)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while calculate an array index. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

9.3CVSS3.7AI score0.0672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•3 views

Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16360)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

9.3CVSS3AI score0.09362EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•4 views

Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16362)

A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

9.3CVSS5.1AI score0.0672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•6 views

Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16387)

An buffer over-read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to lack of bounds checking when handling specially crafted JEPG file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

9.3CVSS3AI score0.0672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•4 views

Adobe Acrobat and Reader Use After Free (APSB17-36: CVE-2017-16388)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

9.3CVSS3AI score0.09362EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•6 views

Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16371)

A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...

9.3CVSS4.1AI score0.0672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•3 views

Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16364)

A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...

9.3CVSS4.1AI score0.0672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•5 views

Adobe Acrobat and Reader Untrusted Pointer Dereference (APSB17-36: CVE-2017-16375)

A memory access vulnerability exists in Adobe Acrobat and Reader. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file. Successful exploitation would expose sensitive data from the target...

9.3CVSS4.1AI score0.0672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•3 views

Adobe Flash Player Use After Free (APSB17-33: CVE-2017-11215)

An use after free vulnerability have been reported in Adobe Flash Player. The vulnerability is due to the way Adobe Flash handles objects in memory. A remote attacker can exploit this vulnerability by sending a crafted file...

10CVSS1.9AI score0.06076EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•3 views

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-11840)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to the way the scripting engine handles objects in memory. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page...

7.6CVSS7.5AI score0.59642EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•4 views

Adobe Acrobat and Reader Buffer Over-read (APSB17-36: CVE-2017-16386)

A buffer over-read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to lack of bounds checking when XPS2PDF conversion engine handling specially crafted JEPG file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted XPS...

9.3CVSS4.1AI score0.06655EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•5 views

Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16418)

A out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted XML/XPS file...

9.3CVSS4AI score0.08512EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•6 views

Adobe Acrobat and Reader Security Bypass (APSB17-36: CVE-2017-16366)

A Security bypass vulnerability exists in Adobe Acrobat and Reader. The vulnerability is in the way Internet Explorer handles embedded pdf files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted file...

5CVSS2.9AI score0.05886EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•4 views

Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16420)

A out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an out of range pointer offset that is used to access internal data structure. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file. Successful...

9.3CVSS4AI score0.0672EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•3 views

Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11837)

A remote code execution vulnerability exists in Microsoft browsers. The vulnerability is in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the...

7.6CVSS7.7AI score0.08546EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•8 views

Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11843)

A Use-After-Free vulnerability exists in Microsoft browsers. The vulnerability is due to the way the scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user...

7.6CVSS7.2AI score0.08474EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•4 views

Adobe Acrobat and Reader Security Bypass (APSB17-36: CVE-2017-16361)

A Security Bypass vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted FDF/XFDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...

4.3CVSS4.7AI score0.05375EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/14 12:0 a.m.•4 views

Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16412)

An out-of-bounds read vulnerability exists in the XPS component of Adobe Acrobat. The vulnerability is due to improper handling of embedded JPEG images in an XPS document. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted XPS document...

9.3CVSS2.1AI score0.08512EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/12 12:0 a.m.•4 views

WordPress Userpro Plugin Authentication Bypass (CVE-2017-16562)

An authentication bypass vulnerability exists in WordPress Userpro Plugin. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

7.5CVSS8.9AI score0.27369EPSS
Exploits3
Check Point Advisories
Check Point Advisories
•added 2017/11/09 12:0 a.m.•3 views

Microsoft Windows Graphics Component Information Disclosure (CVE-2017-11816)

An information disclosure vulnerability exists in the GDI component of Microsoft Windows. The vulnerability is due to an out-of-bounds read error when processing a WMF file. A remote attacker can exploit this vulnerability by enticing a victim to open a maliciously crafted web page or document...

2.1CVSS6.7AI score0.19955EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/09 12:0 a.m.•1 views

EFS Software Easy File Sharing Web Server sendemail.ghp Stack Buffer Overflow

A buffer overflow vulnerability is found in a function responsible for processing HTTP POST requests in the sendemail.ghp endpoint of EFS Software Easy File Sharing Web Server. The vulnerability is due to a failure on part of the function to properly perform boundary checking on user input. A...

1.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/09 12:0 a.m.•5 views

Trend Micro OfficeScan Memory Corruption (CVE-2017-14089)

A memory corruption vulnerability exists in Trend Micro's OfficeScan. A remote unauthorized attacker may exploit this issue by accessing the OfficeScan server and targeting cgiShowClientAdm.exe to cause memory corruption issues...

7.5CVSS3.3AI score0.09779EPSS
Exploits5
Check Point Advisories
Check Point Advisories
•added 2017/11/09 12:0 a.m.•9 views

Pivotal Spring PATCH Request Remote Code Execution (CVE-2017-8046)

A remote code execution vulnerability exists in Pivotal Spring Data REST. The vulnerability is due to insufficient validation of user supplied input. A remote attacker can exploit this vulnerability to execute arbitrary code on the affected server...

7.5CVSS4.1AI score0.72782EPSS
Exploits8
Check Point Advisories
Check Point Advisories
•added 2017/11/07 12:0 a.m.•5 views

Brother Debut Embedded Httpd Unauthenticated Denial Of Service (CVE-2017-16249)

A denial of service vulnerability exists in Brother Debut embedded httpd server . A remote attacker can exploit this vulnerability by sending a specially crafted message to an affected system...

7.8CVSS2.2AI score0.59386EPSS
Exploits7
Check Point Advisories
Check Point Advisories
•added 2017/11/07 12:0 a.m.•3 views

Trend Micro InterScan Messaging Security modTMCSS Command Injection (CVE-2017-11391; CVE-2017-11394)

A command injection vulnerability exists in Trend Micro InterScan Messaging Security virtual appliance. The vulnerability is due to improper validation of request parameters within the modTMCSS Proxy functionality. A remote, authenticated attacker could exploit the vulnerability by sending a...

10CVSS3.5AI score0.66774EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2017/11/06 12:0 a.m.•2 views

FLIR Thermal Camera Remote Code Execution

A remote code execution vulnerability exists in FLIR Thermal cameras. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request...

5.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/06 12:0 a.m.•3 views

FLIR Thermal Camera Information Disclosure

An information disclosure vulnerability exists in FLIR Thermal cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...

4.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/06 12:0 a.m.•80 views

Hikvision IP Cameras Authentication Bypass (CVE-2017-7921)

An information disclosure vulnerability exists in Hikvision IP cameras. Successful exploitation of this vulnerability would allow remote attackers to gain access to sensitive information and gain unauthorized access into the affected system...

4.5AI score0.99998EPSS
Exploits11
Check Point Advisories
Check Point Advisories
•added 2017/11/06 12:0 a.m.•4 views

MVPower DVR Remote Code Execution

A remote code execution vulnerability exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request...

6.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/05 12:0 a.m.•4 views

Oracle Identity Manager Authentication Bypass (CVE-2017-10151)

An authentication weakness vulnerability exists in Oracle Identity Manager. The vulnerability is due to the presence of previously unknown default credentials. A remote attacker can exploit this vulnerability by authenticating to the system using the default credentials. Successful exploitation...

7.5CVSS4.1AI score0.03947EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/02 12:0 a.m.•1 views

Flexense DiskPulse Client Import Stack Buffer Overflow

A stack buffer overflow vulnerability exists in the client component of Disk Pulse Enterprise Server. The vulnerability is due to improper parsing of an XML file when performing import command or import profile action. A remote, unauthenticated attacker could exploit this vulnerability by enticin...

4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/02 12:0 a.m.•1 views

WordPress Core WPDB SQL Injection

An SQL injection exists in the WordPress Core. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

5.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/11/02 12:0 a.m.•4 views

ZKTeco ZKTime Web Cross Site Request Forgery (CVE-2017-13129)

A Cross Site Request Forgery vulnerability exists in ZKTime Web. The vulnerability is due to lack of protections mechanisms in place to block any kind of forged requests. unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system...

6CVSS2.5AI score0.01079EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2017/11/01 12:0 a.m.•11 views

Microsoft Windows Search Remote Code Execution (CVE-2017-11771)

A remote code execution vulnerability exists in the Windows Search service of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target system...

10CVSS9.2AI score0.64132EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/10/31 12:0 a.m.•1 views

Suspicious Metadata Mail Phishing Containing Attachment - ver2

Mail attachment containing a malicious downloader was observed as part of ransomware campaigns. A remote attacker could send spam e-mails including those downloaders and convince users to manually enable them. This would allow the malicious code to run and infect the target system...

4.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/10/31 12:0 a.m.•12 views

Microsoft Windows SMB Server SMBv1 Information Disclosure (CVE-2017-11815)

An information disclosure vulnerability exists in the SMB Server component of Microsoft Windows. The vulnerability is due to improper handling of SMBv1 requests. A remote, authenticated attacker could exploit the vulnerability by sending a crafted request to a target SMB server...

3.5CVSS6.4AI score0.13347EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/10/31 12:0 a.m.•2 views

Suspicious Hyperlink Mail Phishing Attempt - ver2

A common method for Phishing, used in malspam campaigns, is the use of hyperlinks inside such a seemingly valid entity, in order to direct the victim into a designated website controlled by the attacker or in order to make the user download malware such as Hancitor/Pony...

1.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2017/10/29 12:0 a.m.•11 views

Adobe ColdFusion RMI Registry Insecure Deserialization (CVE-2017-11284)

An insecure deserialization vulnerability exists in the Flex integration service of Adobe ColdFusion. The vulnerability is due to the lack of input validation on objects in the RMI Registry before deserializing them. A remote, unauthenticated attacker can exploit this vulnerability by sending...

7.5CVSS8.9AI score0.42721EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2017/10/29 12:0 a.m.•11 views

Cisco Prime Collaboration Provisioning logconfigtracer.jsp Arbitrary File Deletion (CVE-2017-6637)

An arbitrary file deletion vulnerability exists in Cisco Prime Collaboration Provisioning. The vulnerability is due to insufficient validation on user supplied paths before using them in file operations. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted reques...

4CVSS3.3AI score0.07844EPSS
Exploits0
Total number of security vulnerabilities13538