Vulnerabilities > 7PK - Security Features
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-13 | CVE-2017-11818 | 7PK - Security Features vulnerability in Microsoft products The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability". | 4.4 |
| 2017-10-06 | CVE-2015-5246 | 7PK - Security Features vulnerability in Theforeman Foreman 1.9.0 The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. | 6.8 |
| 2017-10-03 | CVE-2015-7843 | 7PK - Security Features vulnerability in Huawei products The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack. | 4.0 |
| 2017-09-25 | CVE-2015-6592 | 7PK - Security Features vulnerability in Huawei Uap2105 Firmware Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. | 7.2 |
| 2017-09-19 | CVE-2015-7837 | 7PK - Security Features vulnerability in Redhat products The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. | 2.1 |
| 2017-09-12 | CVE-2014-9635 | 7PK - Security Features vulnerability in Jenkins Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | 5.0 |
| 2017-09-12 | CVE-2014-9634 | 7PK - Security Features vulnerability in Jenkins Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. | 5.0 |
| 2017-09-06 | CVE-2015-7225 | 7PK - Security Features vulnerability in Tinfoilsecurity Devise-Two-Factor Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step. | 3.5 |
| 2017-08-28 | CVE-2015-0233 | 7PK - Security Features vulnerability in Fedoraproject 389 Administration Server 1.1.37 Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. | 4.6 |
| 2017-08-22 | CVE-2015-6473 | 7PK - Security Features vulnerability in Wago 750-849 Firmware and 758-870 Firmware WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. | 10.0 |