CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic. Rated low severity (CVSS 3.3). No vendor patch available.
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.