Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Endpoint Security Client
- Search Type: Search All
- Match: Exact
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-42854 |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients. Published: October 25, 2023; 3:15:10 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-26699 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients. Published: August 14, 2023; 7:15:10 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-28133 |
Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file Published: July 23, 2023; 6:15:09 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-23742 |
Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links. Published: May 12, 2022; 4:15:15 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-30965 |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to cause a denial of service to Endpoint Security clients. Published: August 24, 2021; 3:15:22 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2020-6021 |
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges. Published: December 03, 2020; 9:15:11 AM -0500 |
V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2020-6014 |
Check Point Endpoint Security Client for Windows, with Anti-Bot or Threat Emulation blades installed, before version E83.20, tries to load a non-existent DLL during a query for the Domain Name. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. Published: November 02, 2020; 4:15:34 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.4 MEDIUM |
CVE-2019-8463 |
A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations. Published: December 23, 2019; 2:15:12 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-8459 |
Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one. Published: June 20, 2019; 1:15:10 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-8458 |
Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. Published: June 20, 2019; 1:15:10 PM -0400 |
V3.1: 4.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-8454 |
A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system. Published: April 29, 2019; 12:29:01 PM -0400 |
V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2019-8452 |
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file. Published: April 22, 2019; 6:29:00 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |