Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-07 | CVE-2016-1443 | 7PK - Security Features vulnerability in Cisco AMP Threat Grid Appliance The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample. | 8.1 |
| 2016-07-03 | CVE-2016-5702 | 7PK - Security Features vulnerability in PHPmyadmin 4.6.0/4.6.1/4.6.2 phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. | 3.7 |
| 2016-07-02 | CVE-2016-2867 | 7PK - Security Features vulnerability in IBM Infosphere Streams and Streams IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors. | 7.0 |
| 2016-06-30 | CVE-2016-5306 | 7PK - Security Features vulnerability in Symantec Endpoint Protection Manager 12.1.6 Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. | 5.3 |
| 2016-06-30 | CVE-2016-3650 | 7PK - Security Features vulnerability in Symantec Endpoint Protection Manager 12.1.6 Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. | 8.8 |
| 2016-06-30 | CVE-2016-3648 | 7PK - Security Features vulnerability in Symantec Endpoint Protection Manager 12.1.6 Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window. | 8.8 |
| 2016-06-30 | CVE-2016-4474 | 7PK - Security Features vulnerability in Redhat Openstack 7.0/8 The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors. | 8.8 |
| 2016-06-25 | CVE-2016-4824 | 7PK - Security Features vulnerability in Corega Cg-Wlr300Gnv-W Firmware and Cg-Wlr300Gnv Firmware The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. | 5.3 |
| 2016-06-23 | CVE-2016-1438 | 7PK - Security Features vulnerability in Cisco Asyncos 9.7.0125 Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | 7.5 |
| 2016-06-19 | CVE-2016-1862 | 7PK - Security Features vulnerability in Apple mac OS X Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860. | 3.3 |