CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-24914
https://notcve.org/view.php?id=CVE-2024-24914
07 Nov 2024 — Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available. • https://support.checkpoint.com/results/sk/sk182743 • CWE-914: Improper Control of Dynamically-Identified Variables •
CVSS: 8.6EPSS: 94%CPEs: 16EXPL: 71CVE-2024-24919 – Check Point Quantum Security Gateways Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-24919
28 May 2024 — Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. Potencialmente, permitir que un atacante lea cierta información en Check Point Security Gateways una vez conectado a Internet y habilitado con VPN de acceso remoto o software Blades de acceso móvil. Hay disponible una solución de seguridad que mitiga esta... • https://packetstorm.news/files/id/178907 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30361
https://notcve.org/view.php?id=CVE-2021-30361
11 May 2022 — The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. Los Clientes GUI del Portal Gaia de Check Point permitían a administradores autenticados con permiso para la configuración de los Clientes GUI inyectar un comando que sería ejecutado en el Sistema Operativo Gaia • https://supportcontent.checkpoint.com/solutions?id=sk179128 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 15%CPEs: 205EXPL: 1CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
25 Mar 2021 — An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS c... • https://github.com/riptl/cve-2021-3449 • CWE-476: NULL Pointer Dereference •