Vulnerabilities > 7PK - Security Features

DATE CVE VULNERABILITY TITLE RISK
2018-05-31 CVE-2016-10552 7PK - Security Features vulnerability in Infragistics Igniteui
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.
5.8
2018-05-29 CVE-2015-9243 7PK - Security Features vulnerability in Hapijs Hapi
When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g.
network
hapijs CWE-254
4.3
2018-04-18 CVE-2016-10443 7PK - Security Features vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, packet replay may be possible.
network
high complexity
qualcomm CWE-254
4.0
2018-04-18 CVE-2014-10063 7PK - Security Features vulnerability in Qualcomm Mdm9625 Firmware and SD 800 Firmware
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device.
network
low complexity
qualcomm CWE-254
5.0
2018-04-05 CVE-2018-4863 7PK - Security Features vulnerability in Sophos Endpoint Protection 10.7
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
local
low complexity
sophos CWE-254
2.1
2018-03-21 CVE-2016-10717 7PK - Security Features vulnerability in Malwarebytes Anti-Malware 2.2.1
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites.
local
low complexity
malwarebytes CWE-254
4.6
2018-03-09 CVE-2016-0274 7PK - Security Features vulnerability in IBM Financial Transaction Manager
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site.
network
ibm CWE-254
3.5
2018-02-19 CVE-2016-9568 7PK - Security Features vulnerability in Carbonblack Carbon Black 5.1.1.60603
A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.
network
low complexity
carbonblack CWE-254
critical
10.0
2018-02-08 CVE-2011-4889 7PK - Security Features vulnerability in IBM Websphere Application Server
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password.
network
low complexity
ibm CWE-254
7.5
2018-02-03 CVE-2009-5144 7PK - Security Features vulnerability in MOD Gnutls Project MOD Gnutls
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.
network
low complexity
mod-gnutls-project CWE-254
5.0