cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-24912,https://securityvulnerability.io/vulnerability/CVE-2024-24912,Local Privilege Escalation Vulnerability Affects Harmony Endpoint Security Client for Windows,"A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system.",Checkpoint,Harmony Endpoint Security Client For Windows,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T13:22:48.486Z,0
CVE-2022-23744,https://securityvulnerability.io/vulnerability/CVE-2022-23744,Endpoint Protection Flaw in Check Point Software,"Check Point Endpoint versions prior to E86.50 contain a vulnerability that allows local administrators to manipulate the system registry. This manipulation can disable critical endpoint protection features, potentially exposing the system to greater risks. Organizations using affected versions should update as soon as possible to maintain the integrity of their endpoint security.",Checkpoint,Enterprise Endpoint Security Windows Clients.,2.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-07-07T15:51:44.000Z,0
CVE-2022-23742,https://securityvulnerability.io/vulnerability/CVE-2022-23742,File Manipulation Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows contains a file manipulation vulnerability that impacts versions prior to E86.40. This flaw allows an attacker to manipulate forensic report files by replacing them with malicious content from directories with inadequate access restrictions. Exploiting this vulnerability could lead to further attacks on unpatched systems, particularly through established vulnerabilities like CVE-2020-0896 or by leveraging symbolic links.",Checkpoint,Check Point Endpoint Security Client For Windows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-12T19:23:18.000Z,0
CVE-2020-6021,https://securityvulnerability.io/vulnerability/CVE-2020-6021,Directory Write Access Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows prior to version E84.20 contains a vulnerability that permits unauthorized write access to the directory used for installation repairs. This flaw leverages the Microsoft Installer's permissions, allowing any regular user the capability to initiate a repair process. An attacker may exploit this by placing a maliciously crafted DLL in the repair directory, which subsequently runs with escalated privileges of the Endpoint Client. This could lead to unauthorized actions being performed on the system, potentially compromising sensitive information and overall system integrity.",Checkpoint,Check Point Endpoint Security Client For Windows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-12-03T13:31:22.000Z,0
CVE-2020-6015,https://securityvulnerability.io/vulnerability/CVE-2020-6015,Denial of Service vulnerability in Check Point Endpoint Security for Windows,"A vulnerability exists in Check Point Endpoint Security for Windows prior to version E84.10 that may allow an attacker to initiate a denial of service condition. This can occur during a clean installation of the client, leading to the failure of service log files to be stored in their expected locations. Users of affected products should ensure they upgrade to the latest version to mitigate potential security risks.",Checkpoint,Check Point Endpoint Security For Windows,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-11-05T19:37:06.000Z,0
CVE-2020-6014,https://securityvulnerability.io/vulnerability/CVE-2020-6014,Code Execution Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows, specifically versions prior to E83.20, contains a vulnerability where the system attempts to load a non-existent DLL during a Domain Name query. An attacker with administrator permissions can exploit this flaw to execute arbitrary code within a legitimate Check Point signed binary. This may potentially lead to client termination under specific circumstances, posing a serious risk to system integrity and security.",Checkpoint,Check Point Endpoint Security Client For Windows,6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-10-30T14:22:05.000Z,0
CVE-2019-8461,https://securityvulnerability.io/vulnerability/CVE-2019-8461,Privilege Escalation Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Initial Client for Windows before version E81.30 is vulnerable to a privilege escalation attack. The issue arises when the client attempts to load a dynamic-link library (DLL) from any designated PATH location on a system where the client is not pre-installed. By placing a specially crafted DLL with write permissions in an accessible PATH location, an attacker can exploit this design flaw to gain elevated privileges and potentially execute arbitrary code with elevated SYSTEM privileges.",Checkpoint,Check Point Endpoint Security Initial Client For Windows,7.8,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2019-08-29T20:41:54.000Z,0
CVE-2013-7304,https://securityvulnerability.io/vulnerability/CVE-2013-7304,,"Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by presenting an arbitrary certificate during a session established by a client.",Checkpoint,Endpoint Security Mi Server R73,,,0.0009899999713525176,false,,false,false,false,,,false,false,,2014-01-22T19:00:00.000Z,0
CVE-2013-5635,https://securityvulnerability.io/vulnerability/CVE-2013-5635,,"Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.exe processes that are running simultaneously.",Checkpoint,Endpoint Security,,,0.000590000010561198,false,,false,false,false,,,false,false,,2013-11-30T11:00:00.000Z,0
CVE-2013-5636,https://securityvulnerability.io/vulnerability/CVE-2013-5636,,"Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses.",Checkpoint,Endpoint Security,,,0.000590000010561198,false,,false,false,false,,,false,false,,2013-11-30T11:00:00.000Z,0
CVE-2012-2753,https://securityvulnerability.io/vulnerability/CVE-2012-2753,,"Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory.",Checkpoint,"Remote Access Clients,Endpoint Security,Endpoint Connect,Endpoint Security Vpn",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2012-06-19T20:55:00.000Z,0