CVSS: 7.5EPSS: 0%CPEs: 252EXPL: 0CVE-2004-0079
https://notcve.org/view.php?id=CVE-2004-0079
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http&# • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 6%CPEs: 12EXPL: 0CVE-2004-0040
https://notcve.org/view.php?id=CVE-2004-0040
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet. Desbordamiento de búfer basado en la pila en Checkpoint VPN-1 Server 4.1 a 4.1 SP6 y Checkpoint SecuRemote/SecureClient 4.1 a 4.1 compilación 4200 pemite a atacantes remotos ejecutar código arbitrario mediante un paquete ISAKMP con un paquete de Petición de Certificado muy grande. • http://marc.info/?l=bugtraq&m=107604682227031&w=2 http://www.ciac.org/ciac/bulletins/o-073.shtml http://www.kb.cert.org/vuls/id/873334 http://www.osvdb.org/3821 http://www.osvdb.org/4432 http://www.securityfocus.com/bid/9582 http://xforce.iss.net/xforce/alerts/id/163 https://exchange.xforce.ibmcloud.com/vulnerabilities/14150 •
CVSS: 10.0EPSS: 89%CPEs: 1EXPL: 0CVE-2004-0039
https://notcve.org/view.php?id=CVE-2004-0039
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. Múltiples vulnerabilidades de cadena de formato en el componente HTTP Application Intelligence (IA) de Checkpoint Firewall-1 NG-AI R55 y R54, y Checkpoint Firewall-1 HTTP Security Server incluido con NG FP1, FP2, y FP3 permite a atacantes remotos ejecutar código arbitrario mediante peticiones HTTP que hacen que se utilicen especificadores de cadena de formato en un mensaje de error, como se ha demastrado usando el esquema de una URI. • http://marc.info/?l=bugtraq&m=107604682227031&w=2 http://www.checkpoint.com/techsupport/alerts/security_server.html http://www.ciac.org/ciac/bulletins/o-072.shtml http://www.kb.cert.org/vuls/id/790771 http://www.securityfocus.com/bid/9581 http://www.us-cert.gov/cas/techalerts/TA04-036A.html http://xforce.iss.net/xforce/alerts/id/162 https://exchange.xforce.ibmcloud.com/vulnerabilities/14149 •
CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 1CVE-2003-0757 – Check Point Firewall-1 4.x - SecuRemote Internal Interface Address Information Leakage
https://notcve.org/view.php?id=CVE-2003-0757
Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet. • https://www.exploit-db.com/exploits/23087 http://archives.neohapsis.com/archives/bugtraq/2003-09/0018.html •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2002-1623
https://notcve.org/view.php?id=CVE-2002-1623
The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote. • http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001223.html http://marc.info/?l=bugtraq&m=103124812629621&w=2 http://marc.info/?l=bugtraq&m=103176164729351&w=2 http://www.checkpoint.com/techsupport/alerts/ike.html http://www.kb.cert.org/vuls/id/886601 http://www.nta-monitor.com/news/checkpoint.htm http://www.securiteam.com/securitynews/5TP040U8AW.html http://www.securityfocus.com/archive/1/290202 http://www.securityfocus.com/bid/5607 https://exchang •