Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5793 | 2 Harald Ponce De Leon, Oscommerce | 2 Authorize.net, Oscommerce | 2017-08-28 | 5.8 MEDIUM | N/A |
| The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5794 | 2 Moneybookers, Oscommerce | 2 Moneybookers, Oscommerce | 2017-08-28 | 5.8 MEDIUM | N/A |
| The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5795 | 2 Akunamachata, Oscommerce | 2 Paypal Express Module, Oscommerce | 2017-08-28 | 5.8 MEDIUM | N/A |
| The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5796 | 2 Oscommerce, Paypal | 2 Oscommerce, Paypal Pro | 2017-08-28 | 5.8 MEDIUM | N/A |
| The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5797 | 2 Brian Burton, Oscommerce | 2 Paypal Pro Payflow Module, Oscommerce | 2017-08-28 | 5.8 MEDIUM | N/A |
| The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5800 | 1 Prestashop | 2 Ebay Module, Prestashop | 2017-08-28 | 5.8 MEDIUM | N/A |
| The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5802 | 2 Paypal, Ubercart | 2 Paypal, Ubercart | 2017-08-28 | 5.8 MEDIUM | N/A |
| The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5803 | 2 Irata, Ubercart | 2 Authorize.net Module, Ubercart | 2017-08-28 | 5.8 MEDIUM | N/A |
| The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5804 | 2 Cybersource Module Project, Ubercart | 2 Cybersource, Ubercart | 2017-08-28 | 5.8 MEDIUM | N/A |
| The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5812 | 1 Acra | 1 Acra Library | 2017-08-28 | 5.8 MEDIUM | N/A |
| The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5813 | 1 Emorym | 1 Android Pusher | 2017-08-28 | 5.8 MEDIUM | N/A |
| The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5814 | 2 Github, Roderick Baier | 2 Gaug.es, Weberknecht | 2017-08-28 | 5.8 MEDIUM | N/A |
| Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5815 | 1 Rackspace | 1 Rackspace | 2017-08-28 | 5.8 MEDIUM | N/A |
| The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5816 | 1 Aol | 1 Aim | 2017-08-28 | 5.8 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5817 | 2 Amazon, Codehaus | 2 Ec2 Api Tools Java Library, Xfire | 2017-08-28 | 5.8 MEDIUM | N/A |
| Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5818 | 1 Elephantdrive | 1 Elephantdrive | 2017-08-28 | 5.8 MEDIUM | N/A |
| ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5819 | 1 Filesanywhere | 1 Filesanywhere | 2017-08-28 | 5.8 MEDIUM | N/A |
| FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5820 | 1 Google | 1 Admob | 2017-08-28 | 5.8 MEDIUM | N/A |
| The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2012-5821 | 1 Lynx | 1 Lynx | 2017-08-28 | 5.8 MEDIUM | N/A |
| Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function. | |||||
| CVE-2012-5822 | 1 Mozilla | 1 Zamboni | 2017-08-28 | 5.8 MEDIUM | N/A |
| The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python urllib2 library. | |||||