Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-23 | CVE-2014-0472 | Code Injection vulnerability in multiple products The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path." | 5.1 |
| 2014-04-23 | CVE-2014-1648 | Cross-Site Scripting vulnerability in Symantec Messaging Gateway Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter. | 4.3 |
| 2014-04-23 | CVE-2014-1322 | Information Exposure vulnerability in Apple mac OS X The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object. | 4.9 |
| 2014-04-23 | CVE-2014-1321 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.9/10.9.1/10.9.2 Power Management in Apple OS X 10.9.x through 10.9.2 allows physically proximate attackers to bypass an intended transition into the locked-screen state by touching (1) a key or (2) the trackpad during a lid-close action. | 3.3 |
| 2014-04-23 | CVE-2014-1320 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and Tvos IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object. | 4.9 |
| 2014-04-23 | CVE-2014-1319 | Buffer Errors vulnerability in Apple mac OS X 10.9/10.9.1/10.9.2 Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | 6.8 |
| 2014-04-23 | CVE-2014-1318 | Improper Input Validation vulnerability in Apple mac OS X The Intel Graphics Driver in Apple OS X through 10.9.2 does not properly validate a certain pointer, which allows attackers to execute arbitrary code via a crafted application. | 10.0 |
| 2014-04-23 | CVE-2014-1316 | Improper Input Validation vulnerability in Apple mac OS X Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol. | 5.0 |
| 2014-04-23 | CVE-2014-1315 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X 10.9/10.9.1/10.9.2 Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL. | 6.8 |
| 2014-04-23 | CVE-2014-1314 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. | 10.0 |