Skip to main content
CVE-2012-5161 CRITICAL Act Now

The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Citrix RCE Xenapp
NVD
CVSS 2.0
9.3
EPSS
7.4%
CVE-2012-6298 CRITICAL Act Now

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identityminder
NVD
CVSS 2.0
10.0
EPSS
2.7%
CVE-2012-6299 CRITICAL Act Now

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Identityminder
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2012-5590 HIGH This Week

SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webmail Plus
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2012-4816 HIGH This Week

IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Rational Automation Framework
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2012-5951 HIGH This Week

Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Tivoli Netview
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-6314 MEDIUM This Month

Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xendesktop
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-4616 MEDIUM This Month

Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Data Protection Advisor
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2012-5625 MEDIUM PATCH This Month

OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Folsom Grizzly
NVD GitHub
CVSS 2.0
4.3
EPSS
1.1%
CVE-2012-0962 MEDIUM PATCH This Month

Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Ubuntu Aptdaemon Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-0958 MEDIUM This Month

content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Unity Firefox Extension
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5587 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Email
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5182 MEDIUM This Month

The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Loctouch
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5591 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Zeropoint
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5180 MEDIUM This Month

The Opera Mobile application before 12.1 and Opera Mini application before 7.5 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Opera Mini Opera Mobile
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-5584 MEDIUM PATCH This Month

The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Privilege Escalation Tableofcontents
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-5589 LOW PATCH Monitor

The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Multilink
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-5183 LOW Monitor

The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Loctouch
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2012-5588 LOW PATCH Monitor

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Privilege Escalation Email
NVD
CVSS 2.0
2.6
EPSS
0.2%
CVE-2012-5585 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Mixpanel
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2012-5586 LOW PATCH Monitor

The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

Privilege Escalation Services
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2012-5483 LOW Monitor

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Elastic Keystone
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-5179 LOW Monitor

The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Boat Browser Boat Browser Mini
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-0961 LOW PATCH Monitor

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ubuntu Advanced Package Tool Apt
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy