CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8456
https://notcve.org/view.php?id=CVE-2019-8456
Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server. Check Point IKEv2 IPsec VPN versión hasta R80.30, en algunas condiciones menos comunes, puede permitir que un atacante con conocimiento de la configuración y configuración internas se conecte con éxito a un servidor VPN site-to-site. • https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk149892 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8790
https://notcve.org/view.php?id=CVE-2018-8790
Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. Check Point ZoneAlarm, en versiones 15.3.064.17729 y anteriores, expone un servicio WCF que puede permitir que un usuario local con pocos privilegios ejecute código arbitrario como SYSTEM. • http://www.securityfocus.com/bid/107254 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk142952 https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.062.17802 https://www.zonealarm.com/software/release-history/zafree.html#15.4.062.17802 • CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8951
https://notcve.org/view.php?id=CVE-2014-8951
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. Una vulnerabilidad sin especificar en Check Point Security Gateway R75, R76, R77, y R77.10, cuando el UserCheck está activado y (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, o (6) Anti-Virus blade está en uso, permite a atacantes remotos provocar una denegación de servicio (caída del proceso fwk0, volcado de memoria y reinicio) a través de una redirección a la página de UserCheck. • http://secunia.com/advisories/58487 http://www.securityfocus.com/bid/67993 https://exchange.xforce.ibmcloud.com/vulnerabilities/98761 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100505 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8950
https://notcve.org/view.php?id=CVE-2014-8950
Unspecified vulnerability in Check Point Security Gateway R77 and R77.10, when the (1) URL Filtering or (2) Identity Awareness blade is used, allows remote attackers to cause a denial of service (crash) via vectors involving an HTTPS request. Una vulnerabilidad sin especificar en Check Point Security Gateway R77 y R77.10, cuando se usa (1) URL Filtering o (2) Identify Awarenes, permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores que implican peticiones HTTPS. • http://secunia.com/advisories/58487 http://www.securityfocus.com/bid/67993 https://exchange.xforce.ibmcloud.com/vulnerabilities/98763 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98935 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2014-8952
https://notcve.org/view.php?id=CVE-2014-8952
Multiple unspecified vulnerabilities in Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, and R77.10, when the (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, or (8) Data Leak Prevention blade module is enabled, allow remote attackers to cause a denial of service ("stability issue") via an unspecified "traffic condition." Múltiples vulnerabilidades sin especificar en Check Point Security Gateway R75.40VS, R75.45, R75.46, R75.47, R76, R77, y R77.10, cuando los siguientes módulos están activados, (1) IPS blade, (2) IPsec Remote Access, (3) Mobile Access / SSL VPN blade, (4) SSL Network Extender, (5) Identify Awareness blade, (6) HTTPS Inspection, (7) UserCheck, o (8) Data Leak Prevention, permite a atacantes remotos causar una denegación de servicio (fallo de estabilidad) a través de una condición no especificada de tráfico. • http://secunia.com/advisories/58487 http://www.securityfocus.com/bid/67993 https://exchange.xforce.ibmcloud.com/vulnerabilities/98762 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100431 •