Vulnerabilities > Checkpoint

DATE CVE VULNERABILITY TITLE RISK
2021-06-08 CVE-2021-30357 Information Exposure Through AN Error Message vulnerability in Checkpoint SSL Network Extender
SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access.
network
low complexity
checkpoint CWE-209
5.0
2021-04-22 CVE-2021-30356 Unspecified vulnerability in Checkpoint Identity Agent
A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.
network
low complexity
checkpoint
5.5
2021-03-25 CVE-2021-3449 Null Pointer Dereference vulnerability in multiple products
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client.
4.3
2021-01-20 CVE-2020-6024 Improper Privilege Management vulnerability in Checkpoint Smartconsole
Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.
local
low complexity
checkpoint CWE-269
4.6
2020-12-03 CVE-2020-6021 Uncontrolled Search Path Element vulnerability in Checkpoint Endpoint Security E80.96/E83.20/E84.10
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place.
4.4
2020-11-05 CVE-2020-6015 Unspecified vulnerability in Checkpoint Endpoint Security E84.10
Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations.
local
low complexity
checkpoint
2.1
2020-11-02 CVE-2020-6014 Untrusted Search Path vulnerability in Checkpoint Endpoint Security E80.96
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name.
4.4
2020-10-27 CVE-2020-6023 Unspecified vulnerability in Checkpoint Zonealarm
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.
local
low complexity
checkpoint
4.6
2020-10-27 CVE-2020-6022 Unspecified vulnerability in Checkpoint Zonealarm
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware.
local
low complexity
checkpoint
3.6
2020-09-24 CVE-2020-6020 Improper Input Validation vulnerability in Checkpoint ICA Management Portal R80.20/R80.30/R80.40
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.
low complexity
checkpoint CWE-20
7.4