Vulnerabilities > Checkpoint > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-11 | CVE-2021-30361 | OS Command Injection vulnerability in Checkpoint Gaia OS and Gaia Portal The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. | 6.7 |
| 2021-06-08 | CVE-2021-30357 | Information Exposure Through an Error Message vulnerability in Checkpoint SSL Network Extender SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have access. | 5.3 |
| 2021-03-25 | CVE-2021-3449 | NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. | 5.9 |
| 2020-11-05 | CVE-2020-6015 | Unspecified vulnerability in Checkpoint Endpoint Security E84.10 Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. | 5.5 |
| 2020-11-02 | CVE-2020-6014 | Untrusted Search Path vulnerability in Checkpoint Endpoint Security E80.96/E81.30 Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. | 6.5 |
| 2020-10-27 | CVE-2020-6022 | Unspecified vulnerability in Checkpoint Zonealarm Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware. | 5.5 |
| 2020-09-24 | CVE-2020-6020 | Improper Input Validation vulnerability in Checkpoint ICA Management Portal Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator. | 6.4 |
| 2019-06-20 | CVE-2019-8458 | Unspecified vulnerability in Checkpoint products Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. | 4.4 |
| 2019-04-17 | CVE-2019-8453 | Untrusted Search Path vulnerability in Checkpoint Zonealarm Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. | 5.5 |
| 2019-04-09 | CVE-2019-8456 | Unspecified vulnerability in Checkpoint Ipsec VPN R80.10/R80.20 Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server. | 5.9 |