CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24915 – SmartConsole Sensitive Credential Exposure via Memory Dump
https://notcve.org/view.php?id=CVE-2024-24915
29 Jun 2025 — Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them. • https://support.checkpoint.com/results/sk/sk183545 • CWE-316: Cleartext Storage of Sensitive Information in Memory •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24916 – DLL-HiJacking
https://notcve.org/view.php?id=CVE-2024-24916
19 Jun 2025 — Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin). • https://support.checkpoint.com/results/sk/sk183342 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52888 – Stored-XSS
https://notcve.org/view.php?id=CVE-2024-52888
27 Apr 2025 — For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. • https://support.checkpoint.com/results/sk/sk183055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52887 – Self-XSS
https://notcve.org/view.php?id=CVE-2024-52887
27 Apr 2025 — Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. • https://support.checkpoint.com/results/sk/sk183054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 8%CPEs: 6EXPL: 1CVE-2008-1397
https://notcve.org/view.php?id=CVE-2008-1397
20 Mar 2008 — Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. Check Point VPN-1 Power/UTM, con NGX R60 hasta R65 y el software NG AI R55, permite a usuarios remot... • http://puresecurity.com.au/index.php?action=fullnews&id=5 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 9%CPEs: 8EXPL: 0CVE-2005-3673
https://notcve.org/view.php?id=CVE-2005-3673
18 Nov 2005 — The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. • http://jvn.jp/niscc/NISCC-273756/index.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2005-0114 – iDEFENSE Security Advisory 2005-02-11.t
https://notcve.org/view.php?id=CVE-2005-0114
11 Feb 2005 — vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer. Local exploitation of an invalid pointer dereference vulnerability in Zone Labs LLC's ZoneAlarm pe... • http://download.zonelabs.com/bin/free/securityAlert/19.html •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2002-0428
https://notcve.org/view.php?id=CVE-2002-0428
11 Jun 2002 — Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file. • http://online.securityfocus.com/archive/1/260662 •