Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-09 | CVE-2016-3102 | 7PK - Security Features vulnerability in Jenkins Script Security The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. | 7.3 |
| 2017-02-07 | CVE-2016-3180 | 7PK - Security Features vulnerability in TOR Browser Launcher Project TOR Browser Launcher 0.2.3 Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. | 8.1 |
| 2017-02-01 | CVE-2016-8911 | 7PK - Security Features vulnerability in IBM Kenexa LMS on Cloud IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
| 2017-02-01 | CVE-2016-5949 | 7PK - Security Features vulnerability in IBM Kenexa Lcms Premier IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. | 4.3 |
| 2017-02-01 | CVE-2016-5898 | 7PK - Security Features vulnerability in IBM Jazz Reporting Service IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. | 4.3 |
| 2017-01-31 | CVE-2016-5117 | 7PK - Security Features vulnerability in Openntpd 6.0 OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. | 5.9 |
| 2017-01-30 | CVE-2015-7331 | 7PK - Security Features vulnerability in Puppetlabs Mcollective-Puppet-Agent The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. | 6.6 |
| 2017-01-30 | CVE-2015-7976 | 7PK - Security Features vulnerability in multiple products The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. | 4.3 |
| 2017-01-30 | CVE-2015-7973 | 7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | 6.5 |
| 2017-01-30 | CVE-2016-10185 | 7PK - Security Features vulnerability in Dlink Dwr-932B Firmware 02.02Eu An issue was discovered on the D-Link DWR-932B router. | 7.5 |