Skip to main content
CVE-2012-3432 LOW POC Monitor

The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
1.4%
CVE-2012-6064 LOW Monitor

Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Path Traversal CSRF Cms Made Simple
NVD
CVSS 2.0
3.5
EPSS
0.9%
CVE-2012-5557 LOW PATCH Monitor

The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified. Rated low severity (CVSS 3.6), this vulnerability is remotely exploitable.

Privilege Escalation User Readonly
NVD
CVSS 2.0
3.6
EPSS
0.2%
CVE-2012-5539 LOW PATCH Monitor

The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Privilege Escalation Organic Groups
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-5559 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Ctools
NVD
CVSS 2.0
2.6
EPSS
0.2%
CVE-2012-5553 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Om Maximenu
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2012-5545 LOW PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Sharethis
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2012-5538 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Filefield Sources
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2012-2934 LOW PATCH Monitor

Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service. Rated low severity (CVSS 1.9).

Denial Of Service Canonical Amd Xen
NVD
CVSS 2.0
1.9
EPSS
0.2%
CVE-2012-0218 LOW PATCH Monitor

Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection. Rated low severity (CVSS 1.9).

Denial Of Service Xen
NVD
CVSS 2.0
1.9
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy