Vulnerabilities > 7PK - Security Features

DATE CVE VULNERABILITY TITLE RISK
2019-08-28 CVE-2019-10059 7PK - Security Features vulnerability in Lexmark products
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.
network
low complexity
lexmark CWE-254
5.0
2019-08-26 CVE-2016-10933 7PK - Security Features vulnerability in Portaudio Project Portaudio 0.7.0
An issue was discovered in the portaudio crate through 0.7.0 for Rust.
4.3
2019-08-26 CVE-2016-10932 7PK - Security Features vulnerability in Hyper
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows.
network
hyper CWE-254
5.8
2019-08-20 CVE-2015-9331 7PK - Security Features vulnerability in Soflyy WP ALL Import
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
network
low complexity
soflyy CWE-254
5.0
2019-08-20 CVE-2015-9318 7PK - Security Features vulnerability in Getawesomesupport Awesome Support
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.
network
low complexity
getawesomesupport CWE-254
5.0
2019-08-18 CVE-2019-15149 7PK - Security Features vulnerability in Networkgenomics Mitogen
** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child.
6.8
2019-08-16 CVE-2016-10894 7PK - Security Features vulnerability in multiple products
xtrlock through 2.10 does not block multitouch events.
local
low complexity
xtrlock-project debian CWE-254
2.1
2019-08-07 CVE-2019-10380 7PK - Security Features vulnerability in Jenkins Simple Travis Pipeline Runner 1.0
Jenkins Simple Travis Pipeline Runner Plugin 1.0 and earlier specifies unsafe values in its custom Script Security whitelist, allowing attackers able to execute Script Security protected scripts to execute arbitrary code.
network
low complexity
jenkins CWE-254
6.5
2019-08-05 CVE-2019-11270 7PK - Security Features vulnerability in Pivotal Software products
Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.
network
low complexity
pivotal-software CWE-254
5.0
2019-08-05 CVE-2017-18480 7PK - Security Features vulnerability in Cpanel
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
network
low complexity
cpanel CWE-254
4.0