Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-5xuq-n3bu-1bbb
Summary
Security researcher Kent Howard reported an Apple issue
present in OS X 10.10 (Yosemite) where log files are created by the
CoreGraphics framework of OS X in the /tmp local
directory. These log files contain a record of all inputs into Mozilla programs
during their operation. In versions of OS X from versions 10.6 through 10.9, the
CoreGraphics had this logging ability but it was turned off by
default. In OS X 10.10, this logging was turned on by default for some
applications that use a custom memory allocator, such as jemalloc,
because of an initialization bug in the framework. This issue has been addressed
in Mozilla products by explicitly turning off the framework's logging of input
events. On vulnerable systems, this issue can result in private data such as
usernames, passwords, and other inputted data being saved to a log file on the
local system.
This issue does not affect OS X users prior to 10.10. Users on
OS X 10.10 should go to their /tmp folder and delete any files with
names beginning with "CGLog_" followed by the name of a Mozilla product, such as
"CGLog_firefox".
Aliases
0
alias CVE-2014-1595
Fixed_packages
0
url pkg:mozilla/Firefox@34.0.0
purl pkg:mozilla/Firefox@34.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@34.0.0
1
url pkg:mozilla/Firefox%20ESR@31.3.0
purl pkg:mozilla/Firefox%20ESR@31.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.3.0
2
url pkg:mozilla/Thunderbird@31.3.0
purl pkg:mozilla/Thunderbird@31.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.3.0
Affected_packages
References
0
reference_url http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
reference_id
reference_type
scores
url http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-1595
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24578
published_at 2026-04-24T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.24729
published_at 2026-04-01T12:55:00Z
2
value 0.00085
scoring_system epss
scoring_elements 0.24654
published_at 2026-04-18T12:55:00Z
3
value 0.00085
scoring_system epss
scoring_elements 0.24634
published_at 2026-04-21T12:55:00Z
4
value 0.00085
scoring_system epss
scoring_elements 0.24807
published_at 2026-04-02T12:55:00Z
5
value 0.00085
scoring_system epss
scoring_elements 0.24845
published_at 2026-04-04T12:55:00Z
6
value 0.00085
scoring_system epss
scoring_elements 0.24617
published_at 2026-04-07T12:55:00Z
7
value 0.00085
scoring_system epss
scoring_elements 0.24687
published_at 2026-04-08T12:55:00Z
8
value 0.00085
scoring_system epss
scoring_elements 0.24734
published_at 2026-04-09T12:55:00Z
9
value 0.00085
scoring_system epss
scoring_elements 0.24747
published_at 2026-04-11T12:55:00Z
10
value 0.00085
scoring_system epss
scoring_elements 0.24706
published_at 2026-04-12T12:55:00Z
11
value 0.00085
scoring_system epss
scoring_elements 0.24648
published_at 2026-04-13T12:55:00Z
12
value 0.00085
scoring_system epss
scoring_elements 0.24661
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-1595
2
reference_url https://bugzilla.mozilla.org/show_bug.cgi?id=1092855
reference_id
reference_type
scores
url https://bugzilla.mozilla.org/show_bug.cgi?id=1092855
3
reference_url http://support.apple.com/HT204244
reference_id
reference_type
scores
url http://support.apple.com/HT204244
4
reference_url http://www.mozilla.org/security/announce/2014/mfsa2014-90.html
reference_id
reference_type
scores
url http://www.mozilla.org/security/announce/2014/mfsa2014-90.html
5
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
6
reference_url http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/
reference_id
reference_type
scores
url http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595
reference_id CVE-2014-1595
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1595
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-1595
reference_id CVE-2014-1595
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2014-1595
16
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2014-90
reference_id mfsa2014-90
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2014-90
Weaknesses
0
cwe_id 199
name Information Management Errors
description Weaknesses in this category are related to improper handling of sensitive information.
Exploits
Severity_range_score2.1 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-5xuq-n3bu-1bbb