cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23742,https://securityvulnerability.io/vulnerability/CVE-2022-23742,File Manipulation Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows contains a file manipulation vulnerability that impacts versions prior to E86.40. This flaw allows an attacker to manipulate forensic report files by replacing them with malicious content from directories with inadequate access restrictions. Exploiting this vulnerability could lead to further attacks on unpatched systems, particularly through established vulnerabilities like CVE-2020-0896 or by leveraging symbolic links.",Checkpoint,Check Point Endpoint Security Client For Windows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-12T19:23:18.000Z,0
CVE-2020-6021,https://securityvulnerability.io/vulnerability/CVE-2020-6021,Directory Write Access Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows prior to version E84.20 contains a vulnerability that permits unauthorized write access to the directory used for installation repairs. This flaw leverages the Microsoft Installer's permissions, allowing any regular user the capability to initiate a repair process. An attacker may exploit this by placing a maliciously crafted DLL in the repair directory, which subsequently runs with escalated privileges of the Endpoint Client. This could lead to unauthorized actions being performed on the system, potentially compromising sensitive information and overall system integrity.",Checkpoint,Check Point Endpoint Security Client For Windows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-12-03T13:31:22.000Z,0
CVE-2020-6014,https://securityvulnerability.io/vulnerability/CVE-2020-6014,Code Execution Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows, specifically versions prior to E83.20, contains a vulnerability where the system attempts to load a non-existent DLL during a Domain Name query. An attacker with administrator permissions can exploit this flaw to execute arbitrary code within a legitimate Check Point signed binary. This may potentially lead to client termination under specific circumstances, posing a serious risk to system integrity and security.",Checkpoint,Check Point Endpoint Security Client For Windows,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-10-30T14:22:05.000Z,0
CVE-2019-8461,https://securityvulnerability.io/vulnerability/CVE-2019-8461,Privilege Escalation Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Initial Client for Windows before version E81.30 is vulnerable to a privilege escalation attack. The issue arises when the client attempts to load a dynamic-link library (DLL) from any designated PATH location on a system where the client is not pre-installed. By placing a specially crafted DLL with write permissions in an accessible PATH location, an attacker can exploit this design flaw to gain elevated privileges and potentially execute arbitrary code with elevated SYSTEM privileges.",Checkpoint,Check Point Endpoint Security Initial Client For Windows,7.8,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2019-08-29T20:41:54.000Z,0