Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5804 | 2 Cybersource Module Project, Ubercart | 2 Cybersource, Ubercart | 2017-08-29 | 5.8 MEDIUM | N/A |
| The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5793 | 2 Harald Ponce De Leon, Oscommerce | 2 Authorize.net, Oscommerce | 2017-08-29 | 5.8 MEDIUM | N/A |
| The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5792 | 2 Oscommerce, Sagepay | 2 Oscommerce, Sage Pay Direct Module | 2017-08-29 | 5.8 MEDIUM | N/A |
| The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5788 | 1 Paypal | 1 Ipn | 2017-08-29 | 5.8 MEDIUM | N/A |
| The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. | |||||
| CVE-2012-5170 | 1 Simon Brown | 1 Pebble | 2017-08-29 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2012-4858 | 1 Ibm | 1 Cognos Business Intelligence | 2017-08-29 | 9.3 HIGH | N/A |
| IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2012-4091 | 1 Cisco | 1 Nx-os | 2017-08-29 | 5.0 MEDIUM | N/A |
| The RIP service engine in Cisco NX-OS allows remote attackers to cause a denial of service (engine restart) via a malformed (1) RIPv4 or (2) RIPv6 message, aka Bug ID CSCtj73415. | |||||
| CVE-2012-6034 | 1 Xen | 1 Xen | 2017-08-29 | 4.4 MEDIUM | N/A |
| The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
| CVE-2012-6031 | 1 Xen | 1 Xen | 2017-08-29 | 4.7 MEDIUM | N/A |
| The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
| CVE-2012-6501 | 1 Hp | 1 Pki Activex Control | 2017-08-29 | 4.3 MEDIUM | N/A |
| The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) before 1.2.0.1 allows remote attackers to cause a denial of service (kill process) via the partial or full name of a process. | |||||
| CVE-2012-4655 | 1 Cisco | 1 Secure Desktop | 2017-08-29 | 9.3 HIGH | N/A |
| The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204. | |||||
| CVE-2012-5794 | 2 Moneybookers, Oscommerce | 2 Moneybookers, Oscommerce | 2017-08-29 | 5.8 MEDIUM | N/A |
| The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-4672 | 1 Apple | 1 Ichat Server | 2017-08-29 | 5.8 MEDIUM | N/A |
| Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. | |||||
| CVE-2012-5802 | 2 Paypal, Ubercart | 2 Paypal, Ubercart | 2017-08-29 | 5.8 MEDIUM | N/A |
| The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-6044 | 1 Mjsware | 1 M-player | 2017-08-29 | 4.3 MEDIUM | N/A |
| M-Player 0.4 allows remote attackers to cause a denial of service (crash) via a crafted MP3 file. | |||||
| CVE-2012-5785 | 1 Apache | 1 Axis2 | 2017-08-29 | 5.8 MEDIUM | N/A |
| Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5815 | 1 Rackspace | 1 Rackspace | 2017-08-29 | 5.8 MEDIUM | N/A |
| The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5356 | 1 Canonical | 1 Ubuntu Software Properties | 2017-08-29 | 5.8 MEDIUM | N/A |
| The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. | |||||
| CVE-2012-4999 | 1 Mercurycom | 2 Mr804, Mr804 Firmware | 2017-08-29 | 6.1 MEDIUM | N/A |
| Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (2) If-None-Match, or (3) If-Unmodified-Since. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4122 | 1 Cisco | 1 Nx-os | 2017-08-29 | 6.2 MEDIUM | N/A |
| The CLI parser in Cisco NX-OS allows local users to bypass intended access restrictions, and overwrite or create arbitrary files, via shell output redirection, aka Bug IDs CSCts56672 and CSCts56669. | |||||