CVSS: 5.9EPSS: 13%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-6024
https://notcve.org/view.php?id=CVE-2020-6024
20 Jan 2021 — Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users. Check Point SmartConsole versión anterior a R80.10 Build 185, versión R80.20 Build 119, versión R80.30 anterior a Build 94, versión R80.40 anterior a Build 415 y la versión R81 anterior a Build 548 eran vulnerables a una po... • https://supportcontent.checkpoint.com/solutions?id=sk142952 • CWE-114: Process Control CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6021
https://notcve.org/view.php?id=CVE-2020-6021
03 Dec 2020 — Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges. Check Point Endpoint Security Client para Windows versiones anteriores a E84.20, permite un acceso de escritura al directorio desde el ... • https://supportcontent.checkpoint.com/solutions?id=sk170512 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6015
https://notcve.org/view.php?id=CVE-2020-6015
05 Nov 2020 — Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. Check Point Endpoint Security para Windows versiones anteriores a E84.10 puede alcanzar una denegación de servicio durante la instalación limpia del cliente, lo que impedirá el almacenamiento de archivos de registro de servicio en ubicaciones no estándar • https://supportcontent.checkpoint.com/solutions?id=sk170117 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6014
https://notcve.org/view.php?id=CVE-2020-6014
30 Oct 2020 — Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. Check Point Endpoint Security Client para Windows, con blades Anti-Bot o Threat Emulation instalados, antes ... • https://supportcontent.checkpoint.com/solutions?id=sk168081 • CWE-114: Process Control CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6023
https://notcve.org/view.php?id=CVE-2020-6023
27 Oct 2020 — Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware. Check Point ZoneAlarm versiones anteriores a 15.8.139.18543, permite a un actor local escalar privilegios mientras restaura archivos en Anti-Ransomware • https://www.zonealarm.com/software/extreme-security/release-history • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6022
https://notcve.org/view.php?id=CVE-2020-6022
27 Oct 2020 — Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware. Check Point ZoneAlarm versiones anteriores a 15.8.139.18543, permite a un actor local eliminar archivos arbitrarios mientras restaura archivos en Anti-Ransomware • https://www.zonealarm.com/software/extreme-security/release-history • CWE-275: Permission Issues •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2020-6020
https://notcve.org/view.php?id=CVE-2020-6020
24 Sep 2020 — Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator. Una administración web de Internal CA de Check Point Security Management anterior a HFA Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, puede ser manipulada para ejecutar comandos... • https://supportcontent.checkpoint.com/solutions?id=sk142952 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6012
https://notcve.org/view.php?id=CVE-2020-6012
04 Aug 2020 — ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. This allows an unprivileged user to enable escalation of privilege via local access. ZoneAlarm Anti-Ransomware versiones anteriores a 1.0.713, copia archivos para el reporte desde un directorio con pocos privilegios. Un atacante ... • https://danishcyberdefence.dk/blog/zonealarm-check-point • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6013 – Check Point ZoneAlarm Symlink Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-6013
02 Jul 2020 — ZoneAlarm Firewall and Antivirus products before version 15.8.109.18436 allow an attacker who already has access to the system to execute code at elevated privileges through a combination of file permission manipulation and exploitation of Windows CVE-2020-00896 on unpatched systems. Los productos ZoneAlarm Firewall y Antivirus anteriores a versión 15.8.109.18436, permiten a un atacante que ya posee acceso al sistema ejecutar código con privilegios elevados por medio de una combinación de manipulación de pe... • https://www.zonealarm.com/software/extreme-security/release-history • CWE-65: Windows Hard Link CWE-269: Improper Privilege Management •