Vulnerabilities (CVE)

Filtered by vendor Checkpoint Subscribe
Filtered by product Quantum Security Gateway Firmware
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-24919 1 Checkpoint 5 Cloudguard Network Security, Quantum Security Gateway, Quantum Security Gateway Firmware and 2 more 2024-11-21 N/A 8.6 HIGH
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
CVE-2021-3449 12 Checkpoint, Debian, Fedoraproject and 9 more 167 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 164 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).