Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-23 | CVE-2016-5132 | 7PK - Security Features vulnerability in Google Chrome The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. | 8.8 |
| 2016-07-23 | CVE-2016-5128 | 7PK - Security Features vulnerability in Google Chrome objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 8.8 |
| 2016-07-22 | CVE-2016-4603 | 7PK - Security Features vulnerability in Apple Iphone OS Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. | 4.3 |
| 2016-07-15 | CVE-2016-1452 | 7PK - Security Features vulnerability in Cisco ASR 5000 and ASR 5000 Software Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. | 6.5 |
| 2016-07-13 | CVE-2016-3287 | 7PK - Security Features vulnerability in Microsoft products Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka "Secure Boot Security Feature Bypass." | 4.4 |
| 2016-07-13 | CVE-2016-3279 | 7PK - Security Features vulnerability in Microsoft products Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability." | 5.5 |
| 2016-07-13 | CVE-2016-3238 | 7PK - Security Features vulnerability in Microsoft products The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows man-in-the-middle attackers to execute arbitrary code by providing a crafted print driver during printer installation, aka "Windows Print Spooler Remote Code Execution Vulnerability." | 8.1 |
| 2016-07-11 | CVE-2016-3752 | 7PK - Security Features vulnerability in Google Android 6.0/6.0.1 internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423. | 7.8 |
| 2016-07-11 | CVE-2014-9793 | 7PK - Security Features vulnerability in Google Android platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567. | 7.8 |
| 2016-07-08 | CVE-2016-0287 | 7PK - Security Features vulnerability in IBM I Access 7.1 IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. | 7.8 |