Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-22 | CVE-2016-0240 | 7PK - Security Features vulnerability in IBM Security Guardium Database Activity Monitor IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | 3.7 |
| 2016-10-13 | CVE-2016-6957 | 7PK - Security Features vulnerability in Adobe products Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | 9.8 |
| 2016-10-13 | CVE-2016-7959 | 7PK - Security Features vulnerability in Siemens Simatic Step 7 Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores pre-shared key data in TIA project files, which makes it easier for local users to obtain sensitive information by leveraging access to a file and conducting a brute-force attack. | 4.7 |
| 2016-10-06 | CVE-2016-1000009 | 7PK - Security Features vulnerability in Tp-Link TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. | 7.5 |
| 2016-10-05 | CVE-2014-5414 | 7PK - Security Features vulnerability in Beckhoff Embedded PC Images and Twincat Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 9.1 |
| 2016-10-03 | CVE-2016-7401 | 7PK - Security Features vulnerability in multiple products The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. | 7.5 |
| 2016-10-03 | CVE-2016-7031 | 7PK - Security Features vulnerability in multiple products The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | 7.5 |
| 2016-09-25 | CVE-2016-4751 | 7PK - Security Features vulnerability in Apple Safari The Safari Tabs component in Apple Safari before 10 allows remote attackers to spoof the address bar of a tab via a crafted web site. | 3.5 |
| 2016-09-25 | CVE-2016-4748 | 7PK - Security Features vulnerability in Apple mac OS X Perl in Apple OS X before 10.12 allows local users to bypass the taint-mode protection mechanism via a crafted environment variable. | 5.3 |
| 2016-09-22 | CVE-2016-6340 | 7PK - Security Features vulnerability in Redhat Quickstart Cloud Installer The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack. | 8.4 |