Lista CVE - 2014 / Aprile
Visualizzazione 401 - 500 di 665 CVE per Aprile 2014 (Pagina 5 di 7)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2014-0054 | 2014-04-17 | The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a... |
| CVE-2014-0071 | 2014-04-17 | PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections. |
| CVE-2014-0085 | 2014-04-17 | JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been... |
| CVE-2014-0111 | 2014-04-17 | Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user /... |
| CVE-2014-0984 | 2014-04-17 | The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, 710 patch 029, and earlier terminates validation of a Route Permission Table entry password upon encountering the first... |
| CVE-2014-1932 | 2014-04-17 | The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier... |
| CVE-2014-1933 | 2014-04-17 | The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which... |
| CVE-2014-2310 | 2014-04-17 | The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids... |
| CVE-2014-2469 | 2014-04-17 | Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors. |
| CVE-2014-2707 | 2014-04-17 | cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts... |
| CVE-2014-2879 | 2014-04-17 | Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to... |
| CVE-2014-2880 | 2014-04-17 | Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct... |
| CVE-2014-2391 | 2014-04-17 | The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used... |
| CVE-2014-2392 | 2014-04-17 | The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive... |
| CVE-2014-2393 | 2014-04-17 | Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is... |
| CVE-2012-0871 | 2014-04-18 | The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user... |
| CVE-2013-4289 | 2014-04-18 | Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow. |
| CVE-2013-4290 | 2014-04-18 | Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c. |
| CVE-2014-0150 | 2014-04-18 | Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers... |
| CVE-2014-2844 | 2014-04-18 | Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the... |
| CVE-2014-2856 | 2014-04-18 | Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to... |
| CVE-2012-6646 | 2014-04-18 | F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors. |
| CVE-2013-7369 | 2014-04-18 | SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for... |
| CVE-2013-4279 | 2014-04-18 | imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site. |
| CVE-2013-7195 | 2014-04-18 | PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication. |
| CVE-2013-7196 | 2014-04-18 | static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id]... |
| CVE-2014-2014 | 2014-04-18 | imapsync before 1.584, when running with the --tls option, attempts a cleartext login when a certificate verification failure occurs, which allows remote attackers to obtain credentials by sniffing the network. |
| CVE-2014-2286 | 2014-04-18 | main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause... |
| CVE-2014-2287 | 2014-04-18 | channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain... |
| CVE-2014-2288 | 2014-04-18 | The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS... |
| CVE-2014-2289 | 2014-04-18 | res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any... |
| CVE-2014-2522 | 2014-04-18 | curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's... |
| CVE-2014-2597 | 2014-04-18 | PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys,... |
| CVE-2013-6213 | 2014-04-19 | Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833. |
| CVE-2013-6214 | 2014-04-19 | Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042. |
| CVE-2014-0778 | 2014-04-19 | Progea Movicon SCADA Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2014-1974 | 2014-04-19 | Directory traversal vulnerability in the LYSESOFT AndExplorer application before 20140403 and AndExplorerPro application before 20140405 for Android allows attackers to overwrite or create arbitrary files via unspecified vectors. |
| CVE-2014-1983 | 2014-04-19 | Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors. |
| CVE-2014-1984 | 2014-04-19 | Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. |
| CVE-2014-1990 | 2014-04-19 | Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of... |
| CVE-2014-2731 | 2014-04-19 | Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or... |
| CVE-2014-2732 | 2014-04-19 | Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999... |
| CVE-2014-2733 | 2014-04-19 | Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80. |
| CVE-2013-6212 | 2014-04-19 | Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors. |
| CVE-2013-6215 | 2014-04-19 | Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977. |
| CVE-2013-6218 | 2014-04-19 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors. |
| CVE-2013-6219 | 2014-04-19 | Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors. |
| CVE-2014-2155 | 2014-04-19 | The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437. |
| CVE-2014-1517 | 2014-04-20 | The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for... |
| CVE-2014-2665 | 2014-04-20 | includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for... |
| CVE-2013-5948 | 2014-04-21 | The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in... |
| CVE-2013-6370 | 2014-04-21 | Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. |
| CVE-2013-6371 | 2014-04-21 | The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. |
| CVE-2013-6469 | 2014-04-21 | JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details... |
| CVE-2014-0173 | 2014-04-21 | The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before... |
| CVE-2014-1216 | 2014-04-21 | FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page. |
| CVE-2014-2269 | 2014-04-21 | modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters. |
| CVE-2014-2341 | 2014-04-21 | Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. |
| CVE-2014-2719 | 2014-04-21 | Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator user name and password by... |
| CVE-2014-2735 | 2014-04-21 | WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of... |
| CVE-2014-2925 | 2014-04-21 | Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the... |
| CVE-2013-5459 | 2014-04-21 | Unspecified vulnerability in IBM Rational Software Architect (RSA) Design Manager and Rational Rhapsody Design Manager 3.x through 3.0.1 and 4.x before 4.0.6 allows remote authenticated users to modify data by... |
| CVE-2014-0361 | 2014-04-21 | The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for... |
| CVE-2014-0932 | 2014-04-21 | Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script... |
| CVE-2014-2921 | 2014-04-21 | The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers... |
| CVE-2014-2922 | 2014-04-21 | The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which allows remote attackers to... |
| CVE-2013-1421 | 2014-04-22 | Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name... |
| CVE-2013-2105 | 2014-04-22 | The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html. |
| CVE-2013-2187 | 2014-04-22 | Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the... |
| CVE-2013-4116 | 2014-04-22 | lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking... |
| CVE-2013-4472 | 2014-04-22 | The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink... |
| CVE-2013-7338 | 2014-04-22 | Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip... |
| CVE-2014-1615 | 2014-04-22 | Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other... |
| CVE-2014-2654 | 2014-04-22 | Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3)... |
| CVE-2014-2659 | 2014-04-22 | Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2014-2737 | 2014-04-22 | SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter,... |
| CVE-2014-2890 | 2014-04-22 | Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.config.php when... |
| CVE-2014-2892 | 2014-04-22 | Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH)... |
| CVE-2014-2899 | 2014-04-22 | wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs... |
| CVE-2014-2900 | 2014-04-22 | wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. |
| CVE-2012-0360 | 2014-04-23 | Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376. |
| CVE-2012-1317 | 2014-04-23 | The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID... |
| CVE-2012-1366 | 2014-04-23 | Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via... |
| CVE-2012-3062 | 2014-04-23 | Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on... |
| CVE-2012-3918 | 2014-04-23 | Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain... |
| CVE-2012-4638 | 2014-04-23 | Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session, aka Bug ID CSCto00318. |
| CVE-2012-4651 | 2014-04-23 | Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote attackers to cause a denial of service (latency) via SYN packets that are not accompanied by SYN-ACK packets from the... |
| CVE-2012-4658 | 2014-04-23 | The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows remote attackers to cause a denial of service (webauth and HTTP service outage) via vectors that trigger incorrectly terminated HTTP sessions,... |
| CVE-2012-5014 | 2014-04-23 | Cisco IOS before 15.1(2)SY allows remote authenticated users to cause a denial of service (device crash) by establishing an SSH session from a client and then placing this client into... |
| CVE-2012-5017 | 2014-04-23 | Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause a denial of service (device reload) by establishing a VPN session and then sending malformed IKEv2 packets, aka Bug ID... |
| CVE-2012-5032 | 2014-04-23 | The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an... |
| CVE-2012-5036 | 2014-04-23 | Cisco IOS before 12.2(50)SY1 allows remote authenticated users to cause a denial of service (memory consumption) via a sequence of VTY management sessions (aka exec sessions), aka Bug ID CSCtn43662. |
| CVE-2012-5037 | 2014-04-23 | The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command... |
| CVE-2012-5039 | 2014-04-23 | The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003. |
| CVE-2012-5044 | 2014-04-23 | Cisco IOS before 15.3(1)T, when media flow-around is not used, allows remote attackers to cause a denial of service (media loops and stack memory corruption) via VoIP traffic, aka Bug... |
| CVE-2012-5422 | 2014-04-23 | Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devices allows remote authenticated users to cause a denial of service (spurious errors) via unknown vectors, aka Bug ID CSCub61009. |
| CVE-2012-5427 | 2014-04-23 | Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T allows remote authenticated users to cause a denial of service (input queue wedge) via a crafted series of RTCP... |
| CVE-2014-1295 | 2014-04-23 | Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the... |
| CVE-2014-1296 | 2014-04-23 | CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's... |
| CVE-2014-1314 | 2014-04-23 | WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via... |