CVEs from 2012
Total
5,199
critical
critical 963
high
high 747
medium
medium 2,885
low
low 530
% Critical
18.5%
% with KEV
0.4%
% with exploit
16.7%
Top vendors
Top products
- chrome 7,005
- safari 6,451
- itunes 4,416
- firefox 4,272
- seamonkey 3,619
- opera_browser 3,599
- mysql 2,827
- thunderbird 2,165
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-2612 | medium | — | 6.0 | 14y ago | The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon cras… | |||
| CVE-2012-2514 | medium | — | 6.0 | 14y ago | The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon … | |||
| CVE-2012-2513 | medium | — | 6.0 | 14y ago | The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) … | |||
| CVE-2012-2512 | medium | — | 6.0 | 14y ago | The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon … | |||
| CVE-2012-2511 | medium | — | 6.0 | 14y ago | The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon cr… | |||
| CVE-2012-2336 | medium | — | 6.0 | 14y ago | sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which al… | |||
| CVE-2012-2329 | medium | — | 6.0 | 14y ago | Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in t… | |||
| CVE-2012-0733 | medium | — | 6.0 | 14y ago | IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a sessio… | |||
| CVE-2012-0730 | medium | — | 6.0 | 14y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requ… | |||
| CVE-2012-0729 | medium | — | 6.0 | 14y ago | Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and… | |||
| CVE-2012-0407 | medium | — | 6.0 | 14y ago | Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value… | |||
| CVE-2012-2215 | medium | — | 6.0 | 14y ago | Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. | |||
| CVE-2012-0221 | medium | — | 6.0 | 14y ago | The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspeci… | |||
| CVE-2012-1670 | medium | — | 6.0 | 14y ago | admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action. | |||
| CVE-2012-1843 | medium | — | 6.0 | 14y ago | Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library… | |||
| CVE-2012-1466 | medium | — | 6.0 | 14y ago | The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in… | |||
| CVE-2012-1464 | medium | — | 6.0 | 14y ago | Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to ac… | |||
| CVE-2012-1790 | medium | — | 6.0 | 14y ago | Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php. | |||
| CVE-2012-0292 | medium | — | 6.0 | 14y ago | The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution … | |||
| CVE-2012-0996 | medium | — | 6.0 | 15y ago | Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/in… | |||
| CVE-2012-1235 | medium | — | 6.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: t… | |||
| CVE-2012-0241 | medium | — | 6.0 | 15y ago | Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. | |||
| CVE-2012-0235 | medium | — | 6.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2012-1221 | medium | — | 6.0 | 15y ago | Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command. | |||
| CVE-2012-0994 | medium | — | 6.0 | 15y ago | SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList para… | |||
| CVE-2012-1196 | medium | — | 6.0 | 15y ago | Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot… | |||
| CVE-2012-1009 | medium | — | 6.0 | 15y ago | NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. | |||
| CVE-2012-0789 | medium | — | 6.0 | 15y ago | Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not prop… | |||
| CVE-2012-0788 | medium | — | 6.0 | 15y ago | The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted applica… | |||
| CVE-2012-1057 | medium | — | 6.0 | 15y ago | Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers … | |||
| CVE-2012-0829 | medium | — | 6.0 | 15y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site sc… | |||
| CVE-2012-0840 | medium | — | 6.0 | 15y ago | tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependen… | |||
| CVE-2012-1031 | medium | — | 6.0 | 15y ago | Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit M… | |||
| CVE-2012-1008 | medium | — | 6.0 | 15y ago | OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. | |||
| CVE-2012-1025 | medium | — | 6.0 | 15y ago | Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||
| CVE-2012-1024 | medium | — | 6.0 | 15y ago | Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||
| CVE-2012-0981 | medium | — | 6.0 | 15y ago | Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these det… | |||
| CVE-2012-0937 | medium | — | 6.0 | 15y ago | wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attacker… | |||
| CVE-2012-0902 | medium | — | 6.0 | 15y ago | AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader. | |||
| CVE-2012-0896 | medium | — | 6.0 | 15y ago | Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. | |||
| CVE-2012-0781 | medium | — | 6.0 | 15y ago | The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to… | |||
| CVE-2012-6702 | medium | 5.9 | 5.9 | 10y ago | Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors in… | |||
| CVE-2012-0957 | medium | — | 5.9 | 14y ago | The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with… | |||
| CVE-2012-5821 | medium | 5.9 | 5.9 | 14y ago | Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to … | |||
| CVE-2012-5810 | medium | 5.9 | 5.9 | 14y ago | The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whi… | |||
| CVE-2012-3446 | medium | 5.9 | 5.9 | 14y ago | Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field o… | |||
| CVE-2012-3186 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us… | |||
| CVE-2012-3185 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us… | |||
| CVE-2012-3183 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us… | |||
| CVE-2012-3552 | medium | 5.9 | 5.9 | 14y ago | Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an applicatio… | |||
| CVE-2012-3375 | medium | — | 5.9 | 14y ago | The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service … | |||
| CVE-2012-2993 | medium | 5.9 | 5.9 | 14y ago | Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) … | |||
| CVE-2012-1683 | medium | — | 5.9 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd. | |||
| CVE-2012-5583 | medium | — | 5.8 | 12y ago | phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle a… | |||
| CVE-2012-5662 | medium | — | 5.8 | 12y ago | x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |||
| CVE-2012-1100 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login … | |||
| CVE-2012-0062 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. | |||
| CVE-2012-0052 | medium | — | 5.8 | 13y ago | Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered… | |||
| CVE-2012-4115 | medium | — | 5.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing… | |||
| CVE-2012-4117 | medium | — | 5.8 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic … | |||
| CVE-2012-4114 | medium | — | 5.8 | 13y ago | The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network o… | |||
| CVE-2012-4092 | medium | — | 5.8 | 13y ago | The management interface in the Central Software component in Cisco Unified Computing System (UCS) does not properly validate the identity of vCenter consoles, which allows man-in-the-middle attacker… | |||
| CVE-2012-5338 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin acti… | |||
| CVE-2012-4074 | medium | — | 5.8 | 13y ago | The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obt… | |||
| CVE-2012-4073 | medium | — | 5.8 | 13y ago | The KVM subsystem in the client in Cisco Unified Computing System (UCS) does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or mod… | |||
| CVE-2012-6087 | medium | — | 5.8 | 13y ago | repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name i… | |||
| CVE-2012-6606 | medium | — | 5.8 | 13y ago | Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof portal servers and obtain sensiti… | |||
| CVE-2012-6399 | medium | — | 5.8 | 13y ago | Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl… | |||
| CVE-2012-5633 | medium | — | 5.8 | 13y ago | Improper Authentication in Apache CXF | |||
| CVE-2012-5770 | medium | — | 5.8 | 13y ago | The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spo… | |||
| CVE-2012-4842 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vec… | |||
| CVE-2012-6073 | medium | — | 5.8 | 13y ago | Jenkins affected by Open Redirect Vulnerability | |||
| CVE-2012-5647 | medium | — | 5.8 | 13y ago | Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |||
| CVE-2012-3370 | medium | — | 5.8 | 14y ago | The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 re… | |||
| CVE-2012-0703 | medium | — | 5.8 | 14y ago | Open redirect vulnerability in Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to redirect users to arbitrary web sites … | |||
| CVE-2012-6101 | medium | — | 5.8 | 14y ago | Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing at… | |||
| CVE-2012-0435 | medium | — | 5.8 | 14y ago | SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984. | |||
| CVE-2012-6085 | medium | — | 5.8 | 14y ago | The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial o… | |||
| CVE-2012-4918 | medium | — | 5.8 | 14y ago | Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack. | |||
| CVE-2012-5769 | medium | — | 5.8 | 14y ago | IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (C… | |||
| CVE-2012-0741 | medium | — | 5.8 | 14y ago | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-mid… | |||
| CVE-2012-0738 | medium | — | 5.8 | 14y ago | IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL serv… | |||
| CVE-2012-3482 | medium | — | 5.8 | 14y ago | Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NT… | |||
| CVE-2012-2549 | medium | — | 5.8 | 14y ago | The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked ce… | |||
| CVE-2012-4510 | medium | — | 5.8 | 14y ago | cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS … | |||
| CVE-2012-5825 | medium | — | 5.8 | 14y ago | Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to s… | |||
| CVE-2012-5824 | medium | — | 5.8 | 14y ago | Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle att… | |||
| CVE-2012-5823 | medium | — | 5.8 | 14y ago | Open Source Classifieds does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd… | |||
| CVE-2012-5820 | medium | — | 5.8 | 14y ago | The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, wh… | |||
| CVE-2012-5818 | medium | — | 5.8 | 14y ago | ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacke… | |||
| CVE-2012-5816 | medium | — | 5.8 | 14y ago | AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man… | |||
| CVE-2012-5815 | medium | — | 5.8 | 14y ago | The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-… | |||
| CVE-2012-5814 | medium | — | 5.8 | 14y ago | Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certif… | |||
| CVE-2012-5813 | medium | — | 5.8 | 14y ago | The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows … | |||
| CVE-2012-5812 | medium | — | 5.8 | 14y ago | The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the… | |||
| CVE-2012-5811 | medium | — | 5.8 | 14y ago | The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-… | |||
| CVE-2012-5809 | medium | — | 5.8 | 14y ago | The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whic… | |||
| CVE-2012-5808 | medium | — | 5.8 | 14y ago | The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in… | |||
| CVE-2012-5807 | medium | — | 5.8 | 14y ago | The Authorize.Net eCheck module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al… | |||
| CVE-2012-5806 | medium | — | 5.8 | 14y ago | The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which all… |