CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-3185 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us… | |||
| CVE-2012-3183 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us… | |||
| CVE-2012-3552 | medium | 5.9 | 5.9 | 14y ago | Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an applicatio… | |||
| CVE-2012-3375 | medium | — | 5.9 | 14y ago | The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service … | |||
| CVE-2012-2993 | medium | 5.9 | 5.9 | 14y ago | Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) … | |||
| CVE-2012-1683 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd. | |||
| CVE-2012-5583 | medium | — | 5.8 | 12y ago | phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle a… | |||
| CVE-2012-5662 | medium | — | 5.8 | 12y ago | x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |||
| CVE-2012-1100 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login … | |||
| CVE-2012-0062 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. | |||
| CVE-2012-0052 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered… | |||
| CVE-2012-4115 | medium | — | 5.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing… | |||
| CVE-2012-4117 | medium | — | 5.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic … | |||
| CVE-2012-4114 | medium | — | 5.8 | 13y ago | The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network o… | |||
| CVE-2012-4092 | medium | — | 5.8 | 13y ago | The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attacker… | |||
| CVE-2012-5338 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin acti… | |||
| CVE-2012-4074 | medium | — | 5.8 | 13y ago | The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obt… | |||
| CVE-2012-4073 | medium | — | 5.8 | 13y ago | The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or mod… | |||
| CVE-2012-6087 | medium | — | 5.8 | 13y ago | repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name i… | |||
| CVE-2012-6606 | medium | — | 5.8 | 13y ago | Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensiti… | |||
| CVE-2012-6399 | medium | — | 5.8 | 13y ago | Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl… | |||
| CVE-2012-5633 | medium | — | 5.8 | 13y ago | Improper Authentication in Apache CXF | |||
| CVE-2012-5770 | medium | — | 5.8 | 13y ago | The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spo… | |||
| CVE-2012-4842 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vec… | |||
| CVE-2012-6073 | medium | — | 5.8 | 13y ago | Jenkins affected by Open Redirect Vulnerability | |||
| CVE-2012-5647 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |||
| CVE-2012-3370 | medium | — | 5.8 | 14y ago | The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 re… | |||
| CVE-2012-0703 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites … | |||
| CVE-2012-6101 | medium | — | 5.8 | 14y ago | Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing at… | |||
| CVE-2012-0435 | medium | — | 5.8 | 14y ago | SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. | |||
| CVE-2012-6085 | medium | — | 5.8 | 14y ago | The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial o… | |||
| CVE-2012-4918 | medium | — | 5.8 | 14y ago | Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack. | |||
| CVE-2012-5769 | medium | — | 5.8 | 14y ago | IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (C… | |||
| CVE-2012-0741 | medium | — | 5.8 | 14y ago | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-mid… | |||
| CVE-2012-0738 | medium | — | 5.8 | 14y ago | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL serv… | |||
| CVE-2012-3482 | medium | — | 5.8 | 14y ago | Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NT… | |||
| CVE-2012-2549 | medium | — | 5.8 | 14y ago | The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked ce… | |||
| CVE-2012-4510 | medium | — | 5.8 | 14y ago | cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS … | |||
| CVE-2012-5825 | medium | — | 5.8 | 14y ago | Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to s… | |||
| CVE-2012-5824 | medium | — | 5.8 | 14y ago | Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle att… | |||
| CVE-2012-5823 | medium | — | 5.8 | 14y ago | Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |||
| CVE-2012-5820 | medium | — | 5.8 | 14y ago | The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, wh… | |||
| CVE-2012-5818 | medium | — | 5.8 | 14y ago | ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacke… | |||
| CVE-2012-5816 | medium | — | 5.8 | 14y ago | AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man… | |||
| CVE-2012-5815 | medium | — | 5.8 | 14y ago | The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-… | |||
| CVE-2012-5814 | medium | — | 5.8 | 14y ago | Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certif… | |||
| CVE-2012-5813 | medium | — | 5.8 | 14y ago | The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows … | |||
| CVE-2012-5812 | medium | — | 5.8 | 14y ago | The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the… | |||
| CVE-2012-5811 | medium | — | 5.8 | 14y ago | The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-… | |||
| CVE-2012-5809 | medium | — | 5.8 | 14y ago | The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whic… | |||
| CVE-2012-5808 | medium | — | 5.8 | 14y ago | The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in… | |||
| CVE-2012-5807 | medium | — | 5.8 | 14y ago | The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al… | |||
| CVE-2012-5806 | medium | — | 5.8 | 14y ago | The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which all… | |||
| CVE-2012-5805 | medium | — | 5.8 | 14y ago | The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allow… | |||
| CVE-2012-5804 | medium | — | 5.8 | 14y ago | The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-… | |||
| CVE-2012-5803 | medium | — | 5.8 | 14y ago | The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows ma… | |||
| CVE-2012-5802 | medium | — | 5.8 | 14y ago | The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-th… | |||
| CVE-2012-5801 | medium | — | 5.8 | 14y ago | The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-… | |||
| CVE-2012-5800 | medium | — | 5.8 | 14y ago | The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-th… | |||
| CVE-2012-5799 | medium | — | 5.8 | 14y ago | The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate… | |||
| CVE-2012-5798 | medium | — | 5.8 | 14y ago | The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which… | |||
| CVE-2012-5797 | medium | — | 5.8 | 14y ago | The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al… | |||
| CVE-2012-5796 | medium | — | 5.8 | 14y ago | The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man… | |||
| CVE-2012-5795 | medium | — | 5.8 | 14y ago | The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows… | |||
| CVE-2012-5794 | medium | — | 5.8 | 14y ago | The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows m… | |||
| CVE-2012-5793 | medium | — | 5.8 | 14y ago | The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows … | |||
| CVE-2012-5792 | medium | — | 5.8 | 14y ago | The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allow… | |||
| CVE-2012-5791 | medium | — | 5.8 | 14y ago | PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle atta… | |||
| CVE-2012-5790 | medium | — | 5.8 | 14y ago | PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which … | |||
| CVE-2012-5789 | medium | — | 5.8 | 14y ago | PayPal Payments Standard PHP Library before 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,… | |||
| CVE-2012-5788 | medium | — | 5.8 | 14y ago | The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl… | |||
| CVE-2012-5787 | medium | — | 5.8 | 14y ago | The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |||
| CVE-2012-5786 | medium | — | 5.8 | 14y ago | The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the s… | |||
| CVE-2012-5785 | medium | — | 5.8 | 14y ago | Apache Axis2 has Improper Input Validation | |||
| CVE-2012-5784 | medium | — | 5.8 | 14y ago | Man-in-the-middle attack in Apache Axis | |||
| CVE-2012-5783 | medium | — | 5.8 | 14y ago | Improper Certificate Validation in Apache Commons HttpClient | |||
| CVE-2012-5782 | medium | — | 5.8 | 14y ago | Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, w… | |||
| CVE-2012-5781 | medium | — | 5.8 | 14y ago | Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows… | |||
| CVE-2012-5780 | medium | — | 5.8 | 14y ago | The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |||
| CVE-2012-5170 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2012-4491 | medium | — | 5.8 | 14y ago | The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vec… | |||
| CVE-2012-4489 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites a… | |||
| CVE-2012-4516 | medium | — | 5.8 | 14y ago | librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm servi… | |||
| CVE-2012-4511 | medium | — | 5.8 | 14y ago | services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in… | |||
| CVE-2012-5069 | medium | — | 5.8 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to a… | |||
| CVE-2012-5356 | medium | — | 5.8 | 14y ago | The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly … | |||
| CVE-2012-5353 | medium | — | 5.8 | 14y ago | Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." | |||
| CVE-2012-5352 | medium | — | 5.8 | 14y ago | Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attac… | |||
| CVE-2012-4418 | medium | — | 5.8 | 14y ago | Apache Axis2 Vulnerable to XML Signature wrapping attack | |||
| CVE-2012-4824 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing at… | |||
| CVE-2012-5240 | medium | — | 5.8 | 14y ago | Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application cras… | |||
| CVE-2012-3314 | medium | — | 5.8 | 14y ago | IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted … | |||
| CVE-2012-5234 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. | |||
| CVE-2012-3493 | medium | — | 5.8 | 14y ago | The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or… | |||
| CVE-2012-2681 | medium | — | 5.8 | 14y ago | Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to g… | |||
| CVE-2012-2125 | medium | — | 5.8 | 14y ago | RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack. | |||
| CVE-2012-3540 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a … | |||
| CVE-2012-4672 | medium | — | 5.8 | 14y ago | Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | |||
| CVE-2012-4671 | medium | — | 5.8 | 14y ago | psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | |||
| CVE-2012-4669 | medium | — | 5.8 | 14y ago | M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses fo… |