Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-12 | CVE-2014-9634 | 7PK - Security Features vulnerability in Jenkins Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. | 5.3 |
| 2017-09-06 | CVE-2015-7225 | 7PK - Security Features vulnerability in Tinfoilsecurity Devise-Two-Factor Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step. | 5.3 |
| 2017-08-28 | CVE-2015-0233 | 7PK - Security Features vulnerability in Fedoraproject 389 Administration Server 1.1.37 Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. | 4.2 |
| 2017-08-22 | CVE-2015-6473 | 7PK - Security Features vulnerability in Wago 750-849 Firmware and 758-870 Firmware WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. | 9.8 |
| 2017-08-18 | CVE-2015-9065 | 7PK - Security Features vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. | 9.8 |
| 2017-08-09 | CVE-2015-6498 | 7PK - Security Features vulnerability in Alcatel-Lucent Home Device Manager 4.1.9/4.2.0/4.2.1 Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices. | 7.5 |
| 2017-07-21 | CVE-2015-3170 | 7PK - Security Features vulnerability in Selinux Project Selinux selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. | 5.5 |
| 2017-07-13 | CVE-2016-8964 | 7PK - Security Features vulnerability in IBM Bigfix Inventory and License Metric Tool IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 9.8 |
| 2017-07-03 | CVE-2016-3997 | 7PK - Security Features vulnerability in Netapp Clustered Data Ontap 8.3.1 NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | 7.5 |
| 2017-07-03 | CVE-2016-3400 | 7PK - Security Features vulnerability in Netapp Data Ontap 8.1/8.2 NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | 7.5 |