Skip to main content
CVE-2012-5589 LOW PATCH Monitor

The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Multilink
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2012-5183 LOW Monitor

The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Google Loctouch
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2012-5588 LOW PATCH Monitor

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Privilege Escalation Email
NVD
CVSS 2.0
2.6
EPSS
0.2%
CVE-2012-5585 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Mixpanel
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2012-5586 LOW PATCH Monitor

The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

Privilege Escalation Services
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2012-5483 LOW Monitor

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Elastic Keystone
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-5179 LOW Monitor

The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Boat Browser Boat Browser Mini
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-0961 LOW PATCH Monitor

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ubuntu Advanced Package Tool Apt
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy