Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-02-27 | CVE-2014-1264 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL. | 3.3 |
| 2014-02-27 | CVE-2014-1257 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. | 3.6 |
| 2014-02-26 | CVE-2014-0058 | Cryptographic Issues vulnerability in Redhat Jboss Enterprise Application Platform The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. | 1.9 |
| 2014-02-26 | CVE-2011-1749 | Improper Input Validation vulnerability in Linux-Nfs Nfs-Utils The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 3.3 |
| 2014-02-26 | CVE-2014-0853 | Cross-Site Scripting vulnerability in IBM Rational Focal Point Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-02-26 | CVE-2014-0843 | Cross-Site Scripting vulnerability in IBM Rational Focal Point Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file. | 3.5 |
| 2014-02-26 | CVE-2014-0840 | Cross-Site Scripting vulnerability in IBM Rational Focal Point Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-02-22 | CVE-2014-0861 | Cross-Site Scripting vulnerability in IBM Cognos Business Intelligence Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is not properly handled during use of the Back button. | 3.5 |
| 2014-02-22 | CVE-2013-6734 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Extreme Scale Client IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container. | 3.5 |
| 2014-02-20 | CVE-2014-1879 | Cross-Site Scripting vulnerability in PHPmyadmin Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. | 3.5 |