Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-28 | CVE-2015-0127 | 7PK - Security Features vulnerability in IBM Leads IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks via a crafted web site. | 3.5 |
| 2015-06-26 | CVE-2015-1158 | 7PK - Security Features vulnerability in Cups The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. | 10.0 |
| 2015-06-24 | CVE-2015-3900 | 7PK - Security Features vulnerability in multiple products RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." | 5.0 |
| 2015-06-19 | CVE-2015-4640 | 7PK - Security Features vulnerability in Swiftkey SDK The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. | 2.9 |
| 2015-05-22 | CVE-2015-0746 | 7PK - Security Features vulnerability in Cisco Secure Access Control Server 5.5(0.46.2) The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. | 5.0 |
| 2015-05-13 | CVE-2015-1674 | 7PK - Security Features vulnerability in Microsoft products The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability." | 4.6 |
| 2015-04-14 | CVE-2015-2114 | 7PK - Security Features vulnerability in HP Support Solution Framework 11.51.0027 HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. | 6.8 |
| 2015-04-10 | CVE-2015-1130 | 7PK - Security Features vulnerability in Apple mac OS X The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | 7.2 |
| 2015-04-06 | CVE-2015-1601 | 7PK - Security Features vulnerability in Siemens Simatic Step 7 12/13/5.5 Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. | 6.8 |
| 2015-04-03 | CVE-2015-0994 | 7PK - Security Features vulnerability in Inductiveautomation Ignition 7.7.2 Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. | 4.0 |