CVSS: 8.6EPSS: 94%CPEs: 16EXPL: 47CVE-2024-24919 – Check Point Quantum Security Gateways Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. Potencialmente, permitir que un atacante lea cierta información en Check Point Security Gateways una vez conectado a Internet y habilitado con VPN de acceso remoto o software Blades de acceso móvil. Hay disponible una solución de seguridad que mitiga esta vulnerabilidad. Check Point Security Gateway suffers from an information disclosure vulnerability. • https://github.com/RevoltSecurities/CVE-2024-24919 https://github.com/seed1337/CVE-2024-24919-POC https://github.com/verylazytech/CVE-2024-24919 https://github.com/GoatSecurity/CVE-2024-24919 https://github.com/LucasKatashi/CVE-2024-24919 https://github.com/emanueldosreis/CVE-2024-24919 https://github.com/Rug4lo/CVE-2024-24919-Exploit https://github.com/zam89/CVE-2024-24919 https://github.com/GlobalsecureAcademy/CVE-2024-24919 https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30361
https://notcve.org/view.php?id=CVE-2021-30361
The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. Los Clientes GUI del Portal Gaia de Check Point permitían a administradores autenticados con permiso para la configuración de los Clientes GUI inyectar un comando que sería ejecutado en el Sistema Operativo Gaia • https://supportcontent.checkpoint.com/solutions?id=sk179128 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 205EXPL: 0CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 https://kb.pulse • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-8462
https://notcve.org/view.php?id=CVE-2019-8462
In a rare scenario, Check Point R80.30 Security Gateway before JHF Take 50 managed by Check Point R80.30 Management crashes with a unique configuration of enhanced logging. En un escenario extraño, Check Point R80.30 Security Gateway anterior a JHF Take 50 administrada por Check Point R80.30 Management, se bloquea con una configuración única de registro mejorado. • https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk153152 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk161812 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8951
https://notcve.org/view.php?id=CVE-2014-8951
Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, or (6) Anti-Virus blade is used, allows remote attackers to cause a denial of service (fwk0 process crash, core dump, and restart) via a redirect to the UserCheck page. Una vulnerabilidad sin especificar en Check Point Security Gateway R75, R76, R77, y R77.10, cuando el UserCheck está activado y (1) Application Control, (2) URL Filtering, (3) DLP, (4) Threat Emulation, (5) Anti-Bot, o (6) Anti-Virus blade está en uso, permite a atacantes remotos provocar una denegación de servicio (caída del proceso fwk0, volcado de memoria y reinicio) a través de una redirección a la página de UserCheck. • http://secunia.com/advisories/58487 http://www.securityfocus.com/bid/67993 https://exchange.xforce.ibmcloud.com/vulnerabilities/98761 https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100505 •