cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-24914,https://securityvulnerability.io/vulnerability/CVE-2024-24914,Alert: Injection Vulnerability Affecting Gaia Users through Special HTTP Requests,"This vulnerability allows authenticated users of the Check Point Gaia software to inject malicious code or commands into the system through the manipulation of global variables via specially crafted HTTP requests. Such exploitation could lead to unauthorized actions within the application, making it critical for users to apply the available security fix to safeguard their systems. For further details on mitigations, refer to the official support documentation.",Checkpoint,"Clusterxl, Multi-domain Security Management, Quantum Appliances, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Security Management",8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-07T11:25:53.238Z,0
CVE-2024-24919,https://securityvulnerability.io/vulnerability/CVE-2024-24919,Check Point Security Gateways Vulnerability Allows Remote Access Attacks,"A vulnerability exists within Check Point Security Gateways that could allow attackers to access sensitive information once the device is connected to the internet, specifically when the remote Access VPN or Mobile Access Software Blades are enabled. This could pose significant risks to network integrity and confidentiality, particularly if exploited by malicious actors. Check Point has released a security fix to address this issue, urging users to apply the update to safeguard their systems.",Checkpoint,"Check Point Quantum Gateway, Spark Gateway And Cloudguard Network",8.6,HIGH,0.963919997215271,true,2024-05-30T00:00:00.000Z,true,true,true,2024-05-29T11:27:00.000Z,true,true,true,2024-05-30T11:52:02.666Z,2024-05-28T18:22:19.401Z,110353
CVE-2023-28134,https://securityvulnerability.io/vulnerability/CVE-2023-28134,Local Privliege Escalation in Check Point Endpoint Security Remediation Service,"A local attacker can exploit this vulnerability to escalate privileges on affected installations of Check Point Harmony Endpoint and ZoneAlarm Extreme Security. The attacker must first gain the ability to execute low-privileged code on the target system, making it crucial to mitigate such weak points in system security.",Checkpoint,Harmony Endpoint.,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-11-12T23:15:00.000Z,0
CVE-2023-28130,https://securityvulnerability.io/vulnerability/CVE-2023-28130,Privilege Escalation Vulnerability in Check Point Gaia Portal,"A local user can exploit a vulnerability in the Check Point Gaia Portal's hostnames page, potentially leading to unauthorized privilege escalation. This weakness enables attackers to execute commands at elevated levels, compromising system integrity and security. Administrators are advised to review this issue promptly and apply necessary patches to mitigate risks associated with this flaw.",Checkpoint,"Quantum Appliances, Quantum Security Gateways",7.2,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2023-07-26T11:15:00.000Z,0
CVE-2023-28133,https://securityvulnerability.io/vulnerability/CVE-2023-28133,Local Privilege Escalation in Check Point Endpoint Security Client,"A local privilege escalation vulnerability exists in the Check Point Endpoint Security Client, specifically in version E87.30. This issue arises due to a crafted OpenSSL configuration file that can exploit the system, potentially allowing unauthorized users to gain elevated privileges. It is crucial for users of this product to review their configurations and apply necessary mitigations to safeguard their systems from potential exploitation.",Checkpoint,Harmony Endpoint.,7.8,HIGH,0.000590000010561198,false,,false,false,false,,,false,false,,2023-07-23T10:15:00.000Z,0
CVE-2022-23746,https://securityvulnerability.io/vulnerability/CVE-2022-23746,Brute-Force Vulnerability in Check Point's IPsec VPN and SSL Network Extender,"The IPsec VPN blade from Check Point features a portal intended for users to download and connect through the SSL Network Extender (SNX). When the portal is set up to utilize username and password authentication, it becomes susceptible to brute-force attacks, allowing malicious actors to systematically attempt various username and password combinations to gain unauthorized access.",Checkpoint,"Gateway & Management, Ipsec Vpn Blade Snx Portal.",7.5,HIGH,0.0019600000232458115,false,,false,false,false,,,false,false,,2022-11-30T00:00:00.000Z,0
CVE-2022-41604,https://securityvulnerability.io/vulnerability/CVE-2022-41604,Privilege Escalation in Check Point ZoneAlarm Extreme Security,"A local privilege escalation vulnerability exists in Check Point ZoneAlarm Extreme Security prior to version 15.8.211.19229. This vulnerability stems from inadequate permissions assigned to the %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates directory. It enables a local attacker to exploit a bypass in the self-protection driver, allowing the creation of a junction directory. Through this exploit, an attacker can move arbitrary files with the privileges of NT AUTHORITY\SYSTEM, potentially leading to unauthorized access and control over sensitive system resources.",Checkpoint,Zonealarm,8.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-09-27T02:17:14.000Z,0
CVE-2022-23745,https://securityvulnerability.io/vulnerability/CVE-2022-23745,Memory Corruption Vulnerability in Capsule Workspace Android App by GrapheneOS,"A potential memory corruption issue was identified in the Capsule Workspace Android app on GrapheneOS. This vulnerability could lead to application crashes, although it does not have the capability to expose sensitive information. Users should remain vigilant regarding app stability while using the affected version.",Checkpoint,Checkpoint Harmony Capsule Workspace,7.5,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2022-07-18T16:09:20.000Z,0
CVE-2022-23742,https://securityvulnerability.io/vulnerability/CVE-2022-23742,File Manipulation Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows contains a file manipulation vulnerability that impacts versions prior to E86.40. This flaw allows an attacker to manipulate forensic report files by replacing them with malicious content from directories with inadequate access restrictions. Exploiting this vulnerability could lead to further attacks on unpatched systems, particularly through established vulnerabilities like CVE-2020-0896 or by leveraging symbolic links.",Checkpoint,Check Point Endpoint Security Client For Windows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-05-12T19:23:18.000Z,0
CVE-2022-23743,https://securityvulnerability.io/vulnerability/CVE-2022-23743,Privilege Escalation Vulnerability in Check Point ZoneAlarm,"The vulnerability in Check Point ZoneAlarm allows local actors to escalate their privileges during the software upgrade process. This flaw is exacerbated by inadequate permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory, enabling attackers to execute arbitrary file writes. Consequently, attackers can gain elevated privileges, allowing them to execute code with local system rights, which can compromise the security of the affected system.",Checkpoint,Zonealarm.,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-05-11T00:00:00.000Z,0
CVE-2021-30360,https://securityvulnerability.io/vulnerability/CVE-2021-30360,Directory Access Vulnerability in Check Point Remote Access Client,"This vulnerability enables unauthorized users to access the installation repair directory of the Check Point Remote Access Client. As the Microsoft Installer permits regular users to execute repair operations, an attacker can exploit this by initiating a repair and placing a maliciously crafted executable file in the repair directory. This executable runs with the privileges assigned to the Check Point Remote Access Client, potentially allowing the attacker to execute arbitrary code and compromise the system's security.",Checkpoint,Check Point Remote Access Client,7.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2022-01-10T14:10:00.000Z,0
CVE-2021-30359,https://securityvulnerability.io/vulnerability/CVE-2021-30359,Privilege Escalation in Check Point Harmony Browse and SandBlast Agent for Browsers Installers,"A security issue exists in Check Point's Harmony Browse and SandBlast Agent for Browsers due to improper privilege handling during the installation process. The installers require administrative privileges for certain steps, yet the Microsoft Installer allows standard users to perform repairs on installations. This misconfiguration permits an attacker to exploit the installation process by triggering a repair operation using a malicious installer version prior to 90.08.7405, enabling the insertion of a specially crafted binary into the repair folder. When executed, this binary operates with elevated admin privileges, potentially compromising system integrity and security.",Checkpoint,Check Point Harmony Browse And Sandblast Agent For Browsers,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-10-22T13:32:54.000Z,0
CVE-2021-30358,https://securityvulnerability.io/vulnerability/CVE-2021-30358,Path Manipulation Vulnerability in Check Point Mobile Access Portal,"The vulnerability allows the Mobile Access Portal Native Applications to execute applications from unauthorized locations. This occurs when the administrator defines the application's path using environment variables, potentially leading to privileged actions or unauthorized access due to improper handling of application execution paths.",Checkpoint,Check Point Mobile Access Portal Agent,7.2,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2021-10-19T13:32:46.000Z,0
CVE-2021-30356,https://securityvulnerability.io/vulnerability/CVE-2021-30356,Denial of Service Vulnerability in Check Point Identity Agent,"A denial of service vulnerability exists in Check Point Identity Agent prior to version R81.018.0000, which may allow low privileged users to overwrite critical system files, potentially leading to service disruption or unauthorized access. It is imperative for users and IT teams to review their deployment of the affected versions and apply necessary updates to mitigate the risk associated with this vulnerability.",Checkpoint,Check Point Identity Agent,8.1,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2021-04-22T17:37:06.000Z,0
CVE-2020-6024,https://securityvulnerability.io/vulnerability/CVE-2020-6024,Local Privilege Escalation Vulnerability in Check Point SmartConsole,"A vulnerability exists in Check Point SmartConsole that allows for local privilege escalation. This issue arises when executables are run from a directory that provides write access to all authenticated users. If exploited, this vulnerability could allow low-privileged users to execute arbitrary code with elevated privileges, thereby compromising system integrity and security.",Checkpoint,Check Point Smartconsole,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-01-20T18:17:53.000Z,0
CVE-2020-6021,https://securityvulnerability.io/vulnerability/CVE-2020-6021,Directory Write Access Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Client for Windows prior to version E84.20 contains a vulnerability that permits unauthorized write access to the directory used for installation repairs. This flaw leverages the Microsoft Installer's permissions, allowing any regular user the capability to initiate a repair process. An attacker may exploit this by placing a maliciously crafted DLL in the repair directory, which subsequently runs with escalated privileges of the Endpoint Client. This could lead to unauthorized actions being performed on the system, potentially compromising sensitive information and overall system integrity.",Checkpoint,Check Point Endpoint Security Client For Windows,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-12-03T13:31:22.000Z,0
CVE-2020-6023,https://securityvulnerability.io/vulnerability/CVE-2020-6023,Privilege Escalation Vulnerability in Check Point ZoneAlarm,"A vulnerability in Check Point's ZoneAlarm software allows a local actor to escalate privileges when restoring files protected by the Anti-Ransomware feature. This issue affects all versions prior to 15.8.139.18543, potentially enabling unauthorized access to system resources and sensitive data. Users are encouraged to upgrade to the latest version to mitigate this risk.",Checkpoint,Check Point Zonealarm,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-10-27T13:52:57.000Z,0
CVE-2020-6012,https://securityvulnerability.io/vulnerability/CVE-2020-6012,Privilege Escalation Vulnerability in ZoneAlarm Anti-Ransomware Software,"ZoneAlarm Anti-Ransomware prior to version 1.0.713 has a vulnerability that enables a local attacker to escalate privileges. This occurs due to the software copying files from a low-privileged directory for reporting purposes. An attacker with timed access can replace these files with malicious content or use symbolic links. This situation can lead to exploitation, particularly on systems that have not been patched for other vulnerabilities like CVE-2020-0896.",Checkpoint,Zonealarm Anti-ransomware,7.4,HIGH,0.0014799999771639705,false,,false,false,false,,,false,false,,2020-08-04T13:35:42.000Z,0
CVE-2020-6013,https://securityvulnerability.io/vulnerability/CVE-2020-6013,Elevated Privilege Vulnerability in ZoneAlarm Firewall and Antivirus,"Certain versions of ZoneAlarm Firewall and Antivirus exhibit a vulnerability that allows an attacker with system access to manipulate file permissions and exploit existing weaknesses (specifically related to Windows vulnerabilities) to execute arbitrary code with elevated permissions on unpatched systems. This poses a significant risk to system integrity, necessitating timely updates and patches to mitigate potential security breaches.",Checkpoint,Check Point Zonealarm,8.8,HIGH,0.0011899999808520079,false,,false,false,false,,,false,false,,2020-07-06T17:54:48.000Z,0
CVE-2019-8462,https://securityvulnerability.io/vulnerability/CVE-2019-8462,Security Gateway Vulnerability in Check Point R80.30 by Check Point,"In rare circumstances, the Check Point R80.30 Security Gateway, prior to JHF Take 50, may experience a crash when set up with an enhanced logging configuration. This issue could potentially disrupt network security operations, necessitating immediate attention from system administrators to prevent service interruptions.",Checkpoint,Check Point Security Gateway,7.5,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2019-10-02T16:37:41.000Z,0
CVE-2019-8461,https://securityvulnerability.io/vulnerability/CVE-2019-8461,Privilege Escalation Vulnerability in Check Point Endpoint Security Client for Windows,"The Check Point Endpoint Security Initial Client for Windows before version E81.30 is vulnerable to a privilege escalation attack. The issue arises when the client attempts to load a dynamic-link library (DLL) from any designated PATH location on a system where the client is not pre-installed. By placing a specially crafted DLL with write permissions in an accessible PATH location, an attacker can exploit this design flaw to gain elevated privileges and potentially execute arbitrary code with elevated SYSTEM privileges.",Checkpoint,Check Point Endpoint Security Initial Client For Windows,7.8,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2019-08-29T20:41:54.000Z,0
CVE-2019-8455,https://securityvulnerability.io/vulnerability/CVE-2019-8455,File Permission Vulnerability in Check Point ZoneAlarm Software,"An identified flaw in Check Point's ZoneAlarm software creates a hard link from the log file to any file on the system, inadvertently altering that file's permissions. This allows all users to access files that would typically have restricted access. Local attackers can exploit this vulnerability to gain elevated privileges, potentially compromising sensitive information.",Checkpoint,Check Point Zonealarm,7.1,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-04-17T14:05:54.000Z,0
CVE-2008-0662,https://securityvulnerability.io/vulnerability/CVE-2008-0662,,"The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials.",Checkpoint,Vpn-1 Secureclient,7.8,HIGH,0.0012700000079348683,false,,false,false,false,,,false,false,,2008-02-08T02:00:00.000Z,0