Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-5091 | 7PK - Security Features vulnerability in Typo3 Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. | 8.1 |
| 2017-01-23 | CVE-2015-8857 | 7PK - Security Features vulnerability in Uglifyjs Project Uglifyjs The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. | 9.8 |
| 2017-01-19 | CVE-2016-5196 | 7PK - Security Features vulnerability in Google Chrome The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. | 8.8 |
| 2017-01-18 | CVE-2016-6497 | 7PK - Security Features vulnerability in Apache Groovy Ldap main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. | 7.5 |
| 2017-01-18 | CVE-2016-6271 | 7PK - Security Features vulnerability in Bzrtp Project Bzrtp 1.0.0/1.0.2/1.0.3 The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. | 7.5 |
| 2017-01-13 | CVE-2016-3128 | 7PK - Security Features vulnerability in Blackberry Enterprise Service A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES. | 8.2 |
| 2017-01-12 | CVE-2016-8398 | 7PK - Security Features vulnerability in Linux Kernel 3.18 Unauthenticated messages processed by the UE. | 9.8 |
| 2017-01-06 | CVE-2016-9885 | 7PK - Security Features vulnerability in Pivotal Software Gemfire for Pivotal Cloud Foundry An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. | 9.8 |
| 2017-01-06 | CVE-2016-9868 | 7PK - Security Features vulnerability in EMC Scaleio 2.0.1.0 An issue was discovered in EMC ScaleIO versions before 2.0.1.1. | 5.5 |
| 2016-12-29 | CVE-2016-5328 | 7PK - Security Features vulnerability in VMWare Tools VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | 5.5 |