Skip to main content
CVE-2012-4934 LOW Monitor

TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Tomatocart
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2012-4500 LOW PATCH Monitor

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Announcements
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2012-4610 LOW Monitor

EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

VMware Authentication Bypass Avamar
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2012-2625 LOW Monitor

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Xen Unstable
NVD
CVSS 2.0
2.7
EPSS
0.3%
CVE-2012-4496 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Custom Pub
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2012-4492 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Shorten
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2012-4544 LOW Monitor

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy