CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8790
https://notcve.org/view.php?id=CVE-2018-8790
01 Mar 2019 — Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. Check Point ZoneAlarm, en versiones 15.3.064.17729 y anteriores, expone un servicio WCF que puede permitir que un usuario local con pocos privilegios ejecute código arbitrario como SYSTEM. • http://www.securityfocus.com/bid/107254 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8950
https://notcve.org/view.php?id=CVE-2014-8950
16 Nov 2014 — Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. Una vulnerabilidad sin especificar en Check Point Security Gateway R77 y R77.10, cuando se usa (1) URL Filtering o (2) Identify Awarenes, permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores que implican peticiones HTTPS. • http://secunia.com/advisories/58487 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8951
https://notcve.org/view.php?id=CVE-2014-8951
16 Nov 2014 — Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. Una vulnerabilidad sin especificar en Check Point Security Gateway R75, R76, R77, y R77.10, cuando el UserCheck está activado y (1) App... • http://secunia.com/advisories/58487 •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2014-8952
https://notcve.org/view.php?id=CVE-2014-8952
16 Nov 2014 — Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition." Múltiples vulnerabilidades sin especificar en... • http://secunia.com/advisories/58487 •
CVSS: 10.0EPSS: 88%CPEs: 345EXPL: 23CVE-2014-7169 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-7169
25 Sep 2014 — GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a ... • https://packetstorm.news/files/id/128650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 10.0EPSS: 94%CPEs: 345EXPL: 135CVE-2014-6271 – GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-6271
24 Sep 2014 — GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." N... • https://packetstorm.news/files/id/181111 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-7350
https://notcve.org/view.php?id=CVE-2013-7350
01 Apr 2014 — Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact and attack vectors related to "important security fixes." Múltiples vulnerabilidades no especificadas en Check Point Security Gateway 80 R71.x anterior a R71.45 (730159141) y R75.20.x anterior a R75.20.4 y aplicaciones 600 y 1100 R75.20.x anterior a R75.20.42 tienen impacto desconocido y vectores de ataq... • http://osvdb.org/102745 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1672
https://notcve.org/view.php?id=CVE-2014-1672
26 Jan 2014 — Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restrictions. Check Point R75.47 Security Gateway y Management Server no fuerzan apropiadamente Anti-Spoofing cuando la tabla de rutas es modificada y la se ejecuta la acción "Get Interfaces with Topology", lo cual permite a atacantes sortear restricciones de acceso. • https://exchange.xforce.ibmcloud.com/vulnerabilities/90976 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2014-1673 – Check Point Session Authentication Agent 4.1 Missing Authentication
https://notcve.org/view.php?id=CVE-2014-1673
26 Jan 2014 — Check Point Session Authentication Agent allows remote attackers to obtain sensitive information (user credentials) via unspecified vectors. Check Point Session Authentication Agent permite a atacantes remotos obtener información sensible (credenciales de usuario) a través de vectores no especificados. • https://packetstorm.news/files/id/124967 •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2013-7311
https://notcve.org/view.php?id=CVE-2013-7311
23 Jan 2014 — The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149. La implementación OSPF en Check Point Gaia OS R75.X y R76 e IPSO OS 6.2 R75.X y R7... • http://www.kb.cert.org/vuls/id/229804 •