Checkpoint Zonealarm
14 CVEs affecting Checkpoint Zonealarm. Latest disclosed: 2022-09-27. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-41604 | High | 8.8 | 2022-09-27 | Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. This occurs because of weak permissions for the %PROGRA… |
CVE-2022-23743 | High | 7.8 | 2022-05-11 | Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in th… |
CVE-2020-6023 | High | 7.8 | 2020-10-27 | Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware. |
CVE-2019-8452 | High | 7.8 | 2019-04-22 | A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file… |
CVE-2018-8790 | High | 7.8 | 2019-03-01 | Check Point ZoneAlarm version 15.3.064.17729 and below expose a WCF service that can allow a local low privileged user to execute arbitrary code as SYSTEM. |
CVE-2019-8455 | High | 7.1 | 2019-04-17 | A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can a… |
CVE-2020-6022 | Medium | 5.5 | 2020-10-27 | Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to delete arbitrary files while restoring files in Anti-Ransomware. |
CVE-2019-8453 | Medium | 5.5 | 2019-04-17 | Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attac… |
CVE-2008-7025 | | 2009-08-21 | TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS m… | |
CVE-2008-7009 | | 2009-08-19 | Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or… | |
CVE-2007-4216 | | 2007-08-21 | vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in… | |
CVE-2007-2730 | | 2007-05-16 | Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the N… | |
CVE-2007-2174 | | 2007-04-24 | The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitra… | |
CVE-2005-2932 | | 2005-12-31 | Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions… |