Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-19 | CVE-2016-1860 | 7PK - Security Features vulnerability in Apple mac OS X Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862. | 3.3 |
| 2016-06-17 | CVE-2016-5363 | 7PK - Security Features vulnerability in Openstack Neutron The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. | 8.2 |
| 2016-06-17 | CVE-2016-5362 | 7PK - Security Features vulnerability in Openstack Neutron The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | 8.2 |
| 2016-06-17 | CVE-2015-8914 | 7PK - Security Features vulnerability in Openstack Neutron The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | 9.1 |
| 2016-06-16 | CVE-2016-3198 | 7PK - Security Features vulnerability in Microsoft Edge Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass." | 6.5 |
| 2016-06-13 | CVE-2016-2833 | 7PK - Security Features vulnerability in multiple products Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet. | 6.1 |
| 2016-06-10 | CVE-2016-3085 | 7PK - Security Features vulnerability in Apache Cloudstack Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | 6.5 |
| 2016-06-01 | CVE-2016-4500 | 7PK - Security Features vulnerability in Moxa Uc-7408 Lx-Plus and Uc-7408 Lx-Plus Firmware Moxa UC-7408 LX-Plus devices allow remote authenticated users to write to the firmware, and consequently render a device unusable, by leveraging root access. | 5.8 |
| 2016-05-30 | CVE-2016-0907 | 7PK - Security Features vulnerability in EMC Isilon Onefs and Isilonsd Edge Onefs EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115. | 5.9 |
| 2016-05-16 | CVE-2015-3412 | 7PK - Security Features vulnerability in multiple products PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension. | 5.3 |