CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2012-4493 Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better ... | N/A | NONE | — | 0 |
| CVE-2012-4497 Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permissio... | N/A | NONE | — | 0 |
| CVE-2012-5790 PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which a... | N/A | NONE | — | 0 |
| CVE-2012-4498 The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly ha... | N/A | NONE | — | 0 |
| CVE-2012-0025 Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of... | N/A | NONE | — | 0 |
| CVE-2012-3748 Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Java... | N/A | NONE | — | 0 |
| CVE-2012-3749 The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASL... | N/A | NONE | — | 0 |
| CVE-2012-3750 The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Pa... | N/A | NONE | — | 0 |
| CVE-2012-5787 The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl... | N/A | NONE | — | 0 |
| CVE-2012-4987 Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long path... | N/A | NONE | — | 0 |
| CVE-2012-5170 Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2012-3446 Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of... | 5.9 | MEDIUM | — | 0 |
| CVE-2012-5780 The Amazon merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl... | N/A | NONE | — | 0 |
| CVE-2012-5781 Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows ... | N/A | NONE | — | 0 |
| CVE-2012-5791 PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attac... | N/A | NONE | — | 0 |
| CVE-2012-5783 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's C... | N/A | NONE | — | 0 |
| CVE-2012-5784 Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, doe... | N/A | NONE | — | 0 |
| CVE-2012-5785 Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-... | N/A | NONE | — | 0 |
| CVE-2012-5786 The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 does not verify that the server hostname matches a domain name in the su... | N/A | NONE | — | 0 |
| CVE-2012-5788 The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle... | N/A | NONE | — | 0 |
| CVE-2012-5792 The Sage Pay Direct module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows... | N/A | NONE | — | 0 |
| CVE-2012-5793 The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows m... | N/A | NONE | — | 0 |
| CVE-2012-5794 The MoneyBookers module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows ma... | N/A | NONE | — | 0 |
| CVE-2012-5795 The PayPal Express module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows ... | N/A | NONE | — | 0 |
| CVE-2012-5796 The PayPal Pro module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-... | N/A | NONE | — | 0 |
| CVE-2012-5797 The PayPal Pro PayFlow module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which all... | N/A | NONE | — | 0 |
| CVE-2012-5800 The eBay module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the... | N/A | NONE | — | 0 |
| CVE-2012-5801 The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-t... | N/A | NONE | — | 0 |
| CVE-2012-5802 The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the... | N/A | NONE | — | 0 |
| CVE-2012-5803 The Authorize.Net module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man... | N/A | NONE | — | 0 |
| CVE-2012-5804 The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-i... | N/A | NONE | — | 0 |
| CVE-2012-5805 The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows... | N/A | NONE | — | 0 |
| CVE-2012-5806 The PayPal Payments Pro module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allo... | N/A | NONE | — | 0 |
| CVE-2012-5810 The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whic... | 5.9 | MEDIUM | — | 0 |
| CVE-2012-5811 The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-i... | N/A | NONE | — | 0 |
| CVE-2012-5812 The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-... | N/A | NONE | — | 0 |
| CVE-2012-5813 The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows m... | N/A | NONE | — | 0 |
| CVE-2012-5814 Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certifi... | N/A | NONE | — | 0 |
| CVE-2012-5815 The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-t... | N/A | NONE | — | 0 |
| CVE-2012-5816 AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-... | N/A | NONE | — | 0 |
| CVE-2012-5817 Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) ... | 7.4 | HIGH | — | 0 |
| CVE-2012-5818 ElephantDrive does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacker... | N/A | NONE | — | 0 |
| CVE-2012-5819 FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attacker... | 7.4 | HIGH | — | 0 |
| CVE-2012-5820 The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whi... | N/A | NONE | — | 0 |
| CVE-2012-5821 Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to i... | 5.9 | MEDIUM | — | 0 |
| CVE-2012-5822 The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-... | 7.4 | HIGH | — | 0 |
| CVE-2012-5824 Trillian 5.1.0.19 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle atta... | N/A | NONE | — | 0 |
| CVE-2012-5825 Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to sp... | N/A | NONE | — | 0 |
| CVE-2011-5236 Moneris eSelectPlus 2.03 PHP API does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-... | N/A | NONE | — | 0 |
| CVE-2011-5237 PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle att... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.